Level Date and Time Source Event ID Task Category Information 2018-01-23 12:18:25 ESENT 916 General svchost (1620,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 12:03:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-23 12:03:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-23 12:03:07 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9F9.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFEEC.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF49.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFA7.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_208207f3 Analysis symbol: Rechecking for solution: 0 Report Id: a25473dc-3015-4a7a-8642-f351eccefce9 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-23 12:03:04 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-23 12:03:04 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-23 12:01:08 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-23 12:00:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-23 12:00:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-23 11:45:31 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB63.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE111.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE18D.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE1FB.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_2641e9ab Analysis symbol: Rechecking for solution: 0 Report Id: 6ed40036-3c9b-4083-86c2-8a629a558665 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-23 11:45:27 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-23 11:45:27 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-23 11:39:00 ESENT 916 General svchost (5380,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 11:25:59 Microsoft-Windows-RestartManager 10001 None Ending session 2 started ‎2018‎-‎01‎-‎23T10:25:52.018897900Z. Information 2018-01-23 11:25:52 Microsoft-Windows-RestartManager 10000 None Starting session 2 - ‎2018‎-‎01‎-‎23T10:25:52.018897900Z. Information 2018-01-23 11:25:32 TV Server 0 None Service started successfully. Information 2018-01-23 11:25:19 TV Server 0 None Service stopped successfully. Information 2018-01-23 11:25:18 TV Server 0 None Service started successfully. Information 2018-01-23 11:25:09 TV Server 0 None Service stopped successfully. Information 2018-01-23 11:11:10 Windows Error Reporting 1001 None "Fault bucket 129595456064, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: System.Windows.Forms P5: 4.7.2556.0 P6: 59b8360c P7: d16 P8: 17 P9: System.InvalidOperationException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5ED7.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7000.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER702C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER709B.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SetupTv.exe_18cbf367353c471fe2e72549821d891a843e94e9_acb3f77f_279e781c Analysis symbol: Rechecking for solution: 0 Report Id: cbf64fc5-572e-4650-879d-0e56661a583a Report Status: 268435456 Hashed bucket: 7dfb8a62212e65bfc05de97a32da4be5" Error 2018-01-23 11:11:03 Application Error 1000 (100) "Faulting application name: SetupTv.exe, version: 1.18.0.0, time stamp: 0x59d9d5c3 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0xb1c Faulting application start time: 0x01d39432439e67f9 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: cbf64fc5-572e-4650-879d-0e56661a583a Faulting package full name: Faulting package-relative application ID: " Error 2018-01-23 11:11:03 .NET Runtime 1026 None Application: SetupTv.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.InvalidOperationException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at System.Windows.Forms.Control.Invoke(System.Delegate) at SetupTv.Sections.Helpers.ChannelListViewHandler.FillListViewChannels(System.Object) at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart(System.Object) Information 2018-01-23 11:09:27 ESENT 916 General svchost (1620,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 11:06:25 TV Server 0 None Service started successfully. Information 2018-01-23 10:58:55 ESENT 916 General MicrosoftEdge (9164,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-23 10:56:44 SideBySide 33 None "Activation context generation failed for ""D:\Downlods\TweakUIPowertoySetup_ia64.exe"". Dependent Assembly Microsoft.Windows.Common-Controls,language=""*"",processorArchitecture=""ia64"",publicKeyToken=""6595b64144ccf1df"",type=""win32"",version=""6.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-23 10:55:31 ESENT 916 General DllHost (8096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:55:23 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-23 10:54:36 ESENT 916 General taskhostw (7852,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:54:33 ESENT 916 General svchost (3936,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:54:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-23 10:54:25 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-23 10:54:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-23 10:54:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-23 10:54:23 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-23 10:54:23 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-23 10:53:41 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-23 10:53:41 ESENT 916 General svchost (5380,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:53:41 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 27 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 5292 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2712 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1620 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1620 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1620 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 1620 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 5428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 1620 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 5292 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-23 10:53:41 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-23 10:53:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-23 10:53:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-23 10:53:40 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Error 2018-01-23 10:52:38 SideBySide 33 None "Activation context generation failed for ""D:\Downlods\TweakUIPowertoySetup_ia64.exe"". Dependent Assembly Microsoft.Windows.Common-Controls,language=""*"",processorArchitecture=""ia64"",publicKeyToken=""6595b64144ccf1df"",type=""win32"",version=""6.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Error 2018-01-23 10:51:25 SideBySide 33 None "Activation context generation failed for ""D:\Downlods\TweakUIPowertoySetup_ia64.exe"". Dependent Assembly Microsoft.Windows.Common-Controls,language=""*"",processorArchitecture=""ia64"",publicKeyToken=""6595b64144ccf1df"",type=""win32"",version=""6.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-23 10:44:03 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:03Z. Reason: RulesEngine. Information 2018-01-23 10:41:09 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-23 10:41:09 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:09Z. Reason: RulesEngine. Information 2018-01-23 10:40:39 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-23 10:40:39 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 237586)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-23 10:40:38 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-23 10:40:35 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-23 10:40:33 ESENT 916 General svchost (8688,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:39:32 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-23 10:38:51 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-23 10:38:51 ESENT 326 General "SearchIndexer (5808,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F9:0050:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.002005 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.021861 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:57, WS:188K # 0K, PF:144K # 0K, P:144K) [4] 0.000552 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.011813 -0.001529 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:86, WS:344K # 0K, PF:664K # 0K, P:664K) [8] 0.001170 -0.000672 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 24K, PF:256K # 132K, P:256K) [9] 0.000738 -0.000503 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:12, WS:44K # 44K, PF:100K # 100K, P:100K) [10] 0.000030 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-23 10:38:50 ESENT 105 General "SearchIndexer (5808,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002624 +J(0) +M(C:0K, Fs:180, WS:700K # 700K, PF:5476K # 5476K, P:5476K) [2] 0.000837 +J(0) +M(C:10240K, Fs:142, WS:568K # 568K, PF:384K # 384K, P:384K) [3] 0.000091 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000227 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005575 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.005116 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.007060 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.005437 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000140 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000599 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-23 10:38:50 ESENT 916 General SearchIndexer (5808,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:38:50 ESENT 102 General SearchIndexer (5808,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-23 10:38:47 ESENT 916 General svchost (5420,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:38:45 ESENT 916 General taskhostw (3824,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:38:38 ESENT 916 General svchost (5380,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:38:35 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:35 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:35 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:35 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:35 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:35 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:35 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 99076326 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:34 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:34 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:34 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:34 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:34 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:33 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:33 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:33 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:33 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:33 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-23 10:38:33 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:38:31 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-23 10:38:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-23 10:38:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-23 10:38:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-23 10:38:25 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-23 10:38:22 ESENT 916 General svchost (3936,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:38:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-23 10:38:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-23 10:38:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-23 10:38:14 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-23 10:38:10 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-23 10:38:08 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-23 10:38:07 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-23 10:38:08 ESENT 916 General svchost (1620,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:38:06 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-23 10:38:05 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-23 10:38:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-23 10:37:33 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-23 10:37:33 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:37:33 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-23 10:37:30 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-23 10:37:30 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 7296 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 1700 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 4428 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-23 10:37:30 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-23 10:37:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-23 10:37:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-23 10:37:13 ESENT 916 General svchost (8008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:37:13 ESENT 916 General DllHost (5844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:33:05 TV Server 0 None Service stopped successfully. Information 2018-01-23 10:32:00 ESENT 916 General svchost (3780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:30:26 ESENT 916 General DllHost (5844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:19:15 ESENT 916 General svchost (1696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 10:16:59 TV Server 0 None Service started successfully. Information 2018-01-23 10:16:26 TV Server 0 None Service stopped successfully. Information 2018-01-23 10:09:07 ESENT 916 General MicrosoftEdge (2432,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 09:48:59 ESENT 916 General svchost (7356,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 09:41:42 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-23 09:34:22 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:22Z. Reason: RulesEngine. Information 2018-01-23 09:31:46 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-23 09:31:16 ESENT 916 General svchost (1696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 09:31:00 ESENT 916 General taskhostw (6584,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 09:30:57 ESENT 916 General svchost (3660,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 09:30:49 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-23 09:30:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-23 09:30:47 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-23 09:30:46 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-23 09:30:45 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-23 09:30:45 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-23 09:30:43 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-23 09:30:41 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-23 00:50:17 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-23 00:50:16 ESENT 916 General svchost (3780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 00:50:15 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8996 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8996 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8996 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-23 00:50:15 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 46 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 692 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 1700 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 1696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 5964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 1696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3728 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2040 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2704 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-23 00:50:15 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-23 00:50:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-23 00:50:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-23 00:50:08 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-23 00:50:04 ESENT 916 General svchost (1176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 00:50:03 ESENT 916 General DllHost (9008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-23 00:50:00 Application Error 1000 (100) "Faulting application name: SetupTv.exe, version: 1.18.0.0, time stamp: 0x59d9d5c3 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0xb70 Faulting application start time: 0x01d393daf858d4e9 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: d5a0a640-c631-4c9c-9389-afe275a9231b Faulting package full name: Faulting package-relative application ID: " Error 2018-01-23 00:49:59 .NET Runtime 1026 None Application: SetupTv.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.InvalidOperationException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at System.Windows.Forms.Control.Invoke(System.Delegate) at SetupTv.Sections.Helpers.ChannelListViewHandler.FillListViewChannels(System.Object) at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart(System.Object) Information 2018-01-23 00:47:00 ESENT 916 General svchost (3780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 00:42:46 Windows Error Reporting 1001 None "Fault bucket 129595456064, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: System.Windows.Forms P5: 4.7.2556.0 P6: 59b8360c P7: d16 P8: 17 P9: System.InvalidOperationException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B1A.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D7B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D98.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E16.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SetupTv.exe_18cbf367353c471fe2e72549821d891a843e94e9_acb3f77f_23d4450a Analysis symbol: Rechecking for solution: 0 Report Id: 3e9bd90a-1aa3-44be-9bdc-94128d50c4fc Report Status: 268435456 Hashed bucket: 7dfb8a62212e65bfc05de97a32da4be5" Error 2018-01-23 00:42:39 Application Error 1000 (100) "Faulting application name: SetupTv.exe, version: 1.18.0.0, time stamp: 0x59d9d5c3 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x1ef4 Faulting application start time: 0x01d393da047b1358 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 3e9bd90a-1aa3-44be-9bdc-94128d50c4fc Faulting package full name: Faulting package-relative application ID: " Error 2018-01-23 00:42:39 .NET Runtime 1026 None Application: SetupTv.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.InvalidOperationException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at System.Windows.Forms.Control.Invoke(System.Delegate) at SetupTv.Sections.Helpers.ChannelListViewHandler.FillListViewChannels(System.Object) at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart(System.Object) Information 2018-01-23 00:37:16 TV Server 0 None Service started successfully. Information 2018-01-23 00:32:47 TV Server 0 None Service stopped successfully. Information 2018-01-23 00:23:28 ESENT 916 General MicrosoftEdge (7204,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 00:14:32 TV Server 0 None Service started successfully. Information 2018-01-23 00:12:35 ESENT 916 General svchost (1696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-23 00:06:27 TV Server 0 None Service stopped successfully. Information 2018-01-22 23:58:20 TV Server 0 None Service started successfully. Information 2018-01-22 23:58:08 TV Server 0 None Service stopped successfully. Information 2018-01-22 23:51:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:47Z. Reason: RulesEngine. Information 2018-01-22 23:49:11 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 23:49:11 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:11Z. Reason: RulesEngine. Information 2018-01-22 23:48:41 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238238)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 23:48:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 23:48:39 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 23:48:36 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 23:48:35 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 23:47:03 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 23:46:44 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 23:46:43 ESENT 326 General "SearchIndexer (7716,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F8:00D4:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.003877 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.024076 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:124K # 0K, PF:148K # 0K, P:148K) [4] 0.000550 +J(0) [5] - [6] - [7] 0.048543 -0.001643 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001201 -0.000691 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 136K, P:260K) [9] 0.000901 -0.000586 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 23:46:43 ESENT 105 General "SearchIndexer (7716,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002698 +J(0) +M(C:0K, Fs:226, WS:892K # 892K, PF:4988K # 4988K, P:4988K) [2] 0.000713 +J(0) +M(C:10240K, Fs:108, WS:432K # 432K, PF:880K # 880K, P:880K) [3] 0.000072 +J(0) +M(C:0K, Fs:10, WS:36K # 36K, PF:68K # 68K, P:68K) [4] 0.000255 +J(0) +M(C:0K, Fs:45, WS:176K # 176K, PF:224K # 224K, P:224K) [5] 0.007658 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:20K # 20K, P:20K) [6] 0.005106 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.019109 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.012228 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000109 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000606 +J(0) +M(C:0K, Fs:4, WS:8K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 23:46:43 ESENT 916 General SearchIndexer (7716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:46:43 ESENT 102 General SearchIndexer (7716,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 23:46:40 ESENT 916 General taskhostw (5844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:46:34 TV Server 0 None Service started successfully. Information 2018-01-22 23:46:22 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 23:46:22 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 23:46:20 ESENT 916 General svchost (3660,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:46:20 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 23:46:19 ESENT 916 General svchost (3700,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:46:17 ESENT 916 General svchost (3780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:46:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 23:46:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 23:46:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 23:46:04 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 23:46:04 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:04 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:03 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:03 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:03 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:03 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:03 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96716095 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:03 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:03 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 23:46:02 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:46:02 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 23:45:57 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 23:45:55 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 23:45:54 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 23:45:55 ESENT 916 General svchost (1696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:45:53 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-22 23:45:51 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 23:45:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 23:45:21 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-22 23:45:20 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:45:20 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:45:20 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 23:45:18 TV Server 0 None Service has been successfully shut down. Information 2018-01-22 23:45:17 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-22 23:45:17 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 29 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 8336 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 5052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2440 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2652 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-22 23:45:17 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 23:45:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-22 23:45:16 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-22 23:43:19 TV Server 0 None Service started successfully. Information 2018-01-22 23:22:27 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎22T22:22:17.301490800Z. Information 2018-01-22 23:22:27 MsiInstaller 1042 None Ending a Windows Installer transaction: d:\7c01bd87a02f15bc020ff769ce\vc_red.msi. Client Process Id: 6524. Information 2018-01-22 23:22:27 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148. Product Version: 9.0.30729.4148. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2018-01-22 23:22:27 MsiInstaller 11707 None Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 -- Installation completed successfully. Information 2018-01-22 23:22:17 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎22T22:22:17.301490800Z. Information 2018-01-22 23:22:16 MsiInstaller 1040 None Beginning a Windows Installer transaction: d:\7c01bd87a02f15bc020ff769ce\vc_red.msi. Client Process Id: 6524. Information 2018-01-22 23:16:22 ESENT 916 General DllHost (9156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-22 23:15:41 SideBySide 33 None "Activation context generation failed for ""D:\Downlods\TweakUIPowertoySetup_ia64.exe"". Dependent Assembly Microsoft.Windows.Common-Controls,language=""*"",processorArchitecture=""ia64"",publicKeyToken=""6595b64144ccf1df"",type=""win32"",version=""6.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Error 2018-01-22 23:14:24 SideBySide 33 None "Activation context generation failed for ""D:\Downlods\TweakUIPowertoySetup_ia64.exe"". Dependent Assembly Microsoft.Windows.Common-Controls,language=""*"",processorArchitecture=""ia64"",publicKeyToken=""6595b64144ccf1df"",type=""win32"",version=""6.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-22 23:12:50 ESENT 916 General MicrosoftEdge (4628,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:08:32 TV Server 0 None Service started successfully. Information 2018-01-22 23:04:00 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-22 23:03:39 TV Server 0 None Service stopped successfully. Information 2018-01-22 23:03:26 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:26Z. Reason: RulesEngine. Information 2018-01-22 23:02:08 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14. Information 2018-01-22 23:02:08 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14. Information 2018-01-22 23:02:07 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 23:02:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:07Z. Reason: RulesEngine. Information 2018-01-22 23:01:37 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 23:01:36 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238285)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 23:01:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 23:01:28 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 23:01:24 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14. Information 2018-01-22 23:01:07 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 23:00:55 ESENT 916 General svchost (3024,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:00:48 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 23:00:42 VSS 8220 None Ran out of time while deleting files. Operation: OnPostSnapshot event PostSnapshot Event Context: Execution Context: Shadow Copy Optimization Writer Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {54f45e76-5af7-48e8-8886-f8a10661f3e4} Information 2018-01-22 23:00:40 ESENT 916 General svchost (6604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:00:28 ESENT 916 General taskhostw (3340,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:00:20 ESENT 916 General svchost (5076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 23:00:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-22 23:00:13 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 23:00:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-22 23:00:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 23:00:09 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 23:00:08 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 23:00:07 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 23:00:07 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 22:59:22 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-22 22:59:23 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 22:59:22 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:59:20 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 19 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 708 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3928 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 1908 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-22 22:59:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-22 22:59:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-22 22:59:15 System Restore 8194 None Successfully created restore point (Process = c:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update). Information 2018-01-22 22:59:14 ESENT 916 General svchost (3024,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:59:12 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-22 22:58:53 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 22:58:25 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 22:58:23 ESENT 326 General "SearchIndexer (7868,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F8:0087:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001144 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.048250 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.000564 +J(0) [5] - [6] - [7] 0.059135 -0.003124 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:108K # 0K, PF:512K # 0K, P:512K) [8] 0.001294 -0.000688 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.001704 -0.001370 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000049 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000119 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 22:58:23 ESENT 105 General "SearchIndexer (7868,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 000002F8:0079:0000 - 000002F8:0085:0000 - 00000000:0000:0000 - 000002F8:0085:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.028752 +J(0) +M(C:0K, Fs:265, WS:1032K # 1032K, PF:5572K # 5572K, P:5572K) [2] 0.000933 +J(0) +M(C:10240K, Fs:139, WS:552K # 552K, PF:388K # 388K, P:388K) [3] 0.000074 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000278 +J(0) +M(C:0K, Fs:28, WS:116K # 116K, PF:232K # 232K, P:232K) [5] 0.006341 +J(0) +M(C:0K, Fs:53, WS:212K # 212K, PF:28K # 28K, P:28K) [6] 0.005760 +J(0) +M(C:0K, Fs:41, WS:156K # 156K, PF:20K # 20K, P:20K) [7] 0.017015 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] 0.109930 -0.030748 (12) CM +J(CM:12, PgRf:50, Rd:0/12, Dy:9/67, Lg:526948/2833) +M(C:0K, Fs:1310, WS:1776K # 1776K, PF:1604K # 1604K, P:1604K) [9] - [10] 0.002064 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000110 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.140161 -0.000001 (9) CM +J(CM:9, PgRf:0, Rd:0/9, Dy:0/0, Lg:0/0) +M(C:0K, Fs:39, WS:12K # 0K, PF:4K # 0K, P:4K) [13] 0.173404 -0.001176 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:312, WS:-1156K # 0K, PF:-1196K # 0K, P:-1196K) [14] 0.000033 +J(0) [15] 0.000046 +J(0) [16] 0.000556 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 22:58:23 ESENT 302 Logging/Recovery SearchIndexer (7868,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-22 22:58:23 ESENT 301 Logging/Recovery "SearchIndexer (7868,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2018-01-22 22:58:23 ESENT 300 Logging/Recovery SearchIndexer (7868,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-22 22:58:23 ESENT 916 General SearchIndexer (7868,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:58:23 ESENT 102 General SearchIndexer (7868,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 22:58:18 TV Server 0 None Service started successfully. Information 2018-01-22 22:58:17 ESENT 916 General taskhostw (3748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:58:09 ESENT 916 General svchost (5076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:58:07 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:58:07 ESENT 916 General svchost (3024,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:58:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:58:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:58:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:58:03 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 22:57:57 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:57 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:57 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:57 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:56 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:56 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:56 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96714367 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:56 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:56 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:56 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:56 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: The log sequence numbers 96712894 and 96712894 in ibdata files do not match the log sequence number 96714367 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:55 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 22:57:55 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:57:52 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 22:57:43 ESENT 916 General taskhostw (3748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:57:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 22:57:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 22:57:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 22:57:40 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:57:38 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 22:57:36 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 22:57:35 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:57:33 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 22:57:31 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 22:57:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 22:52:20 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 22:52:20 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:20Z. Reason: RulesEngine. Information 2018-01-22 22:51:50 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 22:51:49 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238295)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 22:51:49 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 22:51:46 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 22:51:44 ESENT 916 General svchost (7800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:50:23 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 22:50:02 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 22:50:01 ESENT 326 General "SearchIndexer (7768,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F8:007A:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.004002 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.032532 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000553 +J(0) [5] - [6] - [7] 0.072193 -0.001722 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001331 -0.000807 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.000972 -0.000611 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:12, WS:44K # 16K, PF:100K # 100K, P:100K) [10] 0.000040 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000114 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 22:50:00 ESENT 105 General "SearchIndexer (7768,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.005730 +J(0) +M(C:0K, Fs:218, WS:856K # 856K, PF:5472K # 5472K, P:5472K) [2] 0.000729 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:384K # 384K, P:384K) [3] 0.000158 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000309 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:232K # 232K, P:232K) [5] 0.006005 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.004908 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004649 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.005399 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000039 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [15] 0.000122 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000641 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 22:50:00 ESENT 916 General SearchIndexer (7768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:50:00 ESENT 102 General SearchIndexer (7768,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 22:49:56 ESENT 916 General taskhostw (2592,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:49:51 TV Server 0 None Service started successfully. Information 2018-01-22 22:49:37 ESENT 916 General svchost (4596,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:49:34 ESENT 916 General svchost (4636,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:49:33 ESENT 916 General svchost (3360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:49:32 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:49:32 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:49:32 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:49:32 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 22:49:25 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:25 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:24 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:24 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:24 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:24 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:24 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96712894 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:24 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:24 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:23 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 22:49:23 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:49:22 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 22:49:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 22:49:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 22:49:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 22:49:14 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:49:08 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 22:49:07 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 22:49:08 ESENT 916 General svchost (2052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:49:07 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 22:49:04 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 22:49:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 22:48:34 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-22 22:48:34 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:48:34 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:48:34 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:48:34 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:48:31 TV Server 0 None Service has been successfully shut down. Information 2018-01-22 22:48:30 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:48:30 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-22 22:48:30 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 9676 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3496 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 9624 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-22 22:48:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-22 22:48:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-22 22:47:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 22:47:08 ESENT 916 General svchost (6360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-22 22:43:46 SideBySide 33 None "Activation context generation failed for ""D:\Downlods\TweakUIPowertoySetup_ia64.exe"". Dependent Assembly Microsoft.Windows.Common-Controls,language=""*"",processorArchitecture=""ia64"",publicKeyToken=""6595b64144ccf1df"",type=""win32"",version=""6.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-22 22:39:47 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 22:39:41 ESENT 916 General MicrosoftEdge (5148,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:39:26 ESENT 916 General svchost (416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:39:26 ESENT 916 General DllHost (1012,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:39:02 ESENT 916 General taskhostw (9416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:38:56 ESENT 916 General svchost (3936,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:38:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-22 22:38:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:38:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-22 22:38:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 22:38:47 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 22:38:47 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 22:38:47 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 22:38:47 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 22:38:06 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 22:38:05 ESENT 916 General svchost (2864,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:38:05 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-22 22:38:04 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 37 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 700 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 3660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 6352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3476 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2620 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-22 22:38:05 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:38:04 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-22 22:38:04 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-22 22:37:59 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-22 22:37:41 ESENT 916 General MicrosoftEdge (5712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-22 22:37:18 SideBySide 33 None "Activation context generation failed for ""D:\Downlods\TweakUIPowertoySetup_ia64.exe"". Dependent Assembly Microsoft.Windows.Common-Controls,language=""*"",processorArchitecture=""ia64"",publicKeyToken=""6595b64144ccf1df"",type=""win32"",version=""6.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-22 22:29:54 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 22:29:54 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:54Z. Reason: RulesEngine. Information 2018-01-22 22:29:12 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 22:29:12 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238318)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 22:29:10 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 22:29:07 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 22:27:43 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Error 2018-01-22 22:27:07 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1300 Start Time: 01d393c7a776c29f Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: a276b899-9825-4adf-b2d3-f07ba57ccb51 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2018-01-22 22:27:07 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DE.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER50C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_1ecd1a68 Analysis symbol: Rechecking for solution: 0 Report Id: a276b899-9825-4adf-b2d3-f07ba57ccb51 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Information 2018-01-22 22:27:00 TV Server 0 None Service started successfully. Error 2018-01-22 22:26:56 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2018-01-22 22:26:52 ESENT 916 General svchost (6360,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:26:50 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 22:26:45 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:45 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 ESENT 326 General "SearchIndexer (6296,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F8:003B:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001330 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.034680 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:15, WS:28K # 0K, PF:20K # 0K, P:20K) [4] 0.000538 +J(0) [5] - [6] - [7] 0.148302 -0.001595 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 0K, PF:1256K # 0K, P:1256K) [8] 0.001171 -0.000690 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000870 -0.000567 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000038 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 22:26:44 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96712322 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 ESENT 105 General "SearchIndexer (6296,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 000002F8:001C:0000 - 000002F8:0039:0000 - 00000000:0000:0000 - 000002F8:0039:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.014045 +J(0) +M(C:0K, Fs:174, WS:680K # 680K, PF:4976K # 4976K, P:4976K) [2] 0.001626 +J(0) +M(C:10240K, Fs:104, WS:416K # 416K, PF:384K # 384K, P:384K) [3] 0.000103 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000298 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:224K # 224K, P:224K) [5] 0.006365 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.006251 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.005047 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1028K # 1028K, P:1028K) [8] 0.349178 -0.010576 (12) CM +J(CM:12, PgRf:266, Rd:0/12, Dy:11/550, Lg:223011/1270) +M(C:0K, Fs:1047, WS:2380K # 2380K, PF:2152K # 2152K, P:2152K) [9] - [10] 0.002551 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000191 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.128751 -0.000004 (11) CM +J(CM:11, PgRf:0, Rd:0/11, Dy:0/0, Lg:0/0) +M(C:0K, Fs:48, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.131458 -0.005475 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:307, WS:-1176K # 0K, PF:-1188K # 0K, P:-1188K) [14] 0.000032 +J(0) [15] 0.000046 +J(0) [16] 0.000574 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 22:26:44 ESENT 302 Logging/Recovery SearchIndexer (6296,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-22 22:26:44 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:44 ESENT 301 Logging/Recovery "SearchIndexer (6296,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2018-01-22 22:26:44 ESENT 300 Logging/Recovery SearchIndexer (6296,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-22 22:26:43 ESENT 916 General SearchIndexer (6296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:26:43 ESENT 102 General SearchIndexer (6296,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: The log sequence numbers 96709865 and 96709865 in ibdata files do not match the log sequence number 96712322 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:43 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:42 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:42 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 22:26:42 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:26:41 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 22:26:32 ESENT 916 General svchost (2864,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:26:30 ESENT 916 General taskhostw (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:26:28 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 22:26:27 ESENT 916 General svchost (3936,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:26:18 ESENT 916 General taskhostw (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:26:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 22:26:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 22:26:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 22:26:15 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:26:13 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 22:26:10 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 22:26:09 ESENT 916 General svchost (2072,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:26:08 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 22:26:05 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 22:26:06 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 22:16:06 ESENT 916 General DllHost (7868,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:13:49 TV Server 0 None Service started successfully. Information 2018-01-22 22:13:12 TV Server 0 None Service stopped successfully. Information 2018-01-22 22:06:22 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-22 22:05:39 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:39Z. Reason: RulesEngine. Information 2018-01-22 22:03:57 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 22:03:57 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:57Z. Reason: RulesEngine. Information 2018-01-22 22:03:27 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 22:03:27 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238343)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 22:03:26 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 22:03:25 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 22:02:02 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 22:01:45 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 22:01:44 ESENT 326 General "SearchIndexer (7412,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F8:001D:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001473 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.019968 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:15, WS:28K # 0K, PF:20K # 0K, P:20K) [4] 0.000571 +J(0) [5] - [6] - [7] 0.040657 -0.001577 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:104K # 0K, PF:512K # 0K, P:512K) [8] 0.001221 -0.000719 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:62, WS:244K # 0K, PF:228K # 0K, P:228K) [9] 0.001135 -0.000637 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000045 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000325 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000010 +J(0) [13] 0.000001 +J(0) [14] 0.000023 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 22:01:44 ESENT 105 General "SearchIndexer (7412,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 000002F8:000D:0000 - 000002F8:001B:0000 - 00000000:0000:0000 - 000002F8:001B:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.004832 +J(0) +M(C:0K, Fs:221, WS:868K # 868K, PF:5476K # 5476K, P:5476K) [2] 0.000911 +J(0) +M(C:10240K, Fs:103, WS:408K # 408K, PF:388K # 388K, P:388K) [3] 0.000072 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000223 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.005839 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004789 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.005275 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1028K # 1028K, P:1028K) [8] 0.074144 -0.009073 (9) CM +J(CM:9, PgRf:60, Rd:0/9, Dy:7/95, Lg:52754/221) +M(C:0K, Fs:627, WS:1656K # 1656K, PF:1488K # 1488K, P:1488K) [9] - [10] 0.002307 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000593 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.063173 -0.000006 (7) CM +J(CM:7, PgRf:0, Rd:0/7, Dy:0/0, Lg:0/0) +M(C:0K, Fs:35, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.139374 -0.009900 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-1084K # 0K, PF:-1108K # 0K, P:-1108K) [14] 0.000034 +J(0) [15] 0.000051 +J(0) [16] 0.000577 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 22:01:44 ESENT 302 Logging/Recovery SearchIndexer (7412,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-22 22:01:44 ESENT 301 Logging/Recovery "SearchIndexer (7412,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2018-01-22 22:01:44 ESENT 300 Logging/Recovery SearchIndexer (7412,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-22 22:01:44 ESENT 916 General SearchIndexer (7412,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:01:44 ESENT 102 General SearchIndexer (7412,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 22:01:40 ESENT 916 General taskhostw (5688,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:01:38 TV Server 0 None Service started successfully. Information 2018-01-22 22:01:23 ESENT 916 General svchost (3540,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:01:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:01:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:01:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 22:01:23 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 22:01:21 ESENT 916 General svchost (3492,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:01:20 ESENT 916 General taskhostw (5688,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:01:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 22:01:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 22:01:14 ESENT 916 General svchost (3516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:01:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 22:01:10 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 22:01:05 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:05 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:04 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:04 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:04 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:04 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:04 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96710586 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:04 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:04 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: The log sequence numbers 96709865 and 96709865 in ibdata files do not match the log sequence number 96710586 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:03 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 22:01:02 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 22:01:02 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 22:00:58 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 22:00:57 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 22:00:55 ESENT 916 General svchost (2100,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 22:00:53 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 22:00:51 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 22:00:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 21:57:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:01Z. Reason: RulesEngine. Information 2018-01-22 21:54:19 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 21:54:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:19Z. Reason: RulesEngine. Information 2018-01-22 21:53:49 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 21:53:49 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238353)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 21:53:48 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 21:53:46 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 21:52:22 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 21:52:00 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 21:51:59 ESENT 326 General "SearchIndexer (7284,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F8:000E:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.002937 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.020826 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000520 +J(0) [5] - [6] - [7] 0.038931 -0.001617 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:50, WS:200K # 0K, PF:640K # 0K, P:640K) [8] 0.001448 -0.000923 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 108K, P:256K) [9] 0.000935 -0.000604 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 21:51:59 ESENT 105 General "SearchIndexer (7284,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002308 +J(0) +M(C:0K, Fs:187, WS:732K # 732K, PF:4984K # 4984K, P:4984K) [2] 0.000706 +J(0) +M(C:10240K, Fs:109, WS:432K # 432K, PF:880K # 880K, P:880K) [3] 0.000081 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:68K # 68K, P:68K) [4] 0.000248 +J(0) +M(C:0K, Fs:47, WS:184K # 184K, PF:224K # 224K, P:224K) [5] 0.005984 +J(0) +M(C:0K, Fs:60, WS:240K # 240K, PF:32K # 32K, P:32K) [6] 0.009210 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.004998 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.005297 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000127 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000600 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 21:51:59 ESENT 916 General SearchIndexer (7284,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:51:59 ESENT 102 General SearchIndexer (7284,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 21:51:57 ESENT 916 General taskhostw (3952,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:51:55 TV Server 0 None Service started successfully. Information 2018-01-22 21:51:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:51:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:51:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:51:39 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 21:51:38 ESENT 916 General svchost (3756,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:51:34 ESENT 916 General svchost (3820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:51:34 ESENT 916 General svchost (3264,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:51:23 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:23 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:23 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96709865 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:22 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:21 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:21 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:21 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:21 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:21 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:21 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 21:51:21 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:51:21 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 21:51:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 21:51:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 21:51:19 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 21:51:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 21:51:13 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 21:51:12 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 21:51:13 ESENT 916 General svchost (2112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:51:13 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 21:51:10 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 21:51:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 21:50:40 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-22 21:50:38 TV Server 0 None Service has been successfully shut down. Information 2018-01-22 21:50:36 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 40 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-22 21:50:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 21:50:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-22 21:50:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-22 21:48:04 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-22 21:47:10 ESENT 916 General svchost (4008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:45:26 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-22 21:45:07 ESENT 326 General "svchost (8080,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000008:0002:0268 Internal Timing Sequence: [1] 0.000012 +J(0) [2] 0.001733 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.029385 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K) [4] 0.002516 +J(0) [5] - [6] - [7] 0.001626 -0.000795 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:17, WS:68K # 40K, PF:56K # 32K, P:56K) [8] 0.002041 -0.001514 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 112K, PF:196K # 192K, P:196K) [9] 0.001196 -0.000862 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000051 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000122 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 21:45:07 ESENT 105 General "svchost (8080,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000007:000B:0000 - 00000007:000E:0000 - 00000000:0000:0000 - 00000007:000E:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.002601 +J(0) +M(C:0K, Fs:129, WS:512K # 512K, PF:2868K # 2868K, P:2868K) [2] 0.000718 +J(0) +M(C:8K, Fs:92, WS:364K # 364K, PF:304K # 304K, P:304K) [3] 0.000032 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:612K # 612K, P:612K) [4] 0.000298 +J(0) +M(C:0K, Fs:33, WS:120K # 120K, PF:160K # 160K, P:160K) [5] 0.011473 +J(0) +M(C:0K, Fs:53, WS:212K # 212K, PF:24K # 24K, P:24K) [6] 0.006342 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.010509 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.049175 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52728/32) +M(C:0K, Fs:150, WS:312K # 312K, PF:224K # 228K, P:224K) [9] - [10] 0.001473 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000060 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002752 +J(0) +M(C:0K, Fs:8, WS:32K # 0K, PF:56K # 0K, P:56K) [13] 0.112260 -0.001461 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4713/4) +M(C:0K, Fs:77, WS:180K # 232K, PF:164K # 224K, P:164K) [14] 0.000040 +J(0) [15] 0.000086 +J(0) [16] 0.001795 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 21:45:07 ESENT 302 Logging/Recovery svchost (8080,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-22 21:45:06 ESENT 301 Logging/Recovery "svchost (8080,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-22 21:45:06 ESENT 300 Logging/Recovery svchost (8080,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-22 21:45:06 ESENT 916 General svchost (8080,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:45:06 ESENT 102 General svchost (8080,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Error 2018-01-22 21:39:37 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-22 21:39:21 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=f2dde7c79755435382e72b3913&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Information 2018-01-22 21:39:21 ESENT 916 General svchost (4028,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-22 21:38:41 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7146b95c-91af-49d9-b440-1ffc4f986269}" Information 2018-01-22 21:33:46 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-22 21:31:21 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 21:31:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:21Z. Reason: RulesEngine. Information 2018-01-22 21:30:17 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 21:30:17 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238377)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 21:30:16 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 21:30:13 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 21:28:48 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 21:28:26 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 21:28:24 ESENT 326 General "SearchIndexer (7584,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000002F7:00DE:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001170 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.063569 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:18, WS:40K # 0K, PF:20K # 0K, P:20K) [4] 0.000499 +J(0) [5] - [6] - [7] 0.159877 -0.001736 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:25, WS:96K # 0K, PF:544K # 0K, P:544K) [8] 0.001130 -0.000595 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:61, WS:244K # 0K, PF:224K # 0K, P:224K) [9] 0.001681 -0.001365 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [10] 0.000049 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000119 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 21:28:24 ESENT 105 General "SearchIndexer (7584,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 000002F6:0001:0000 - 000002F7:0001:0000 - 000002F7:00DC:0000 - 000002F7:00DC:0000 (00000000:0000:0000) Internal Timing Sequence: [1] 0.020371 +J(0) +M(C:0K, Fs:236, WS:924K # 924K, PF:5484K # 5484K, P:5484K) [2] 0.000903 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000087 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000248 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.005930 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.059027 +J(0) +M(C:0K, Fs:75, WS:296K # 296K, PF:36K # 36K, P:36K) [7] 0.031963 +J(0) +M(C:0K, Fs:277, WS:1108K # 1108K, PF:1024K # 1024K, P:1024K) [8] 0.202064 -0.002566 (36) CM +J(CM:36, PgRf:131, Rd:71/36, Dy:0/0, Lg:1016692/326) +M(C:0K, Fs:715, WS:2700K # 2700K, PF:3772K # 3772K, P:3772K) + 1 lgens [9] 0.081810 -0.001053 (43) CM +J(CM:43, PgRf:1045, Rd:9/43, Dy:14/1583, Lg:887337/1973) +M(C:0K, Fs:403, WS:1580K # 1580K, PF:384K # 384K, P:384K) [10] 0.002135 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000338 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.064595 -0.000005 (14) CM +J(CM:14, PgRf:0, Rd:0/14, Dy:0/0, Lg:0/0) +M(C:0K, Fs:118, WS:24K # 0K, PF:8K # 0K, P:8K) [13] 0.224139 -0.002683 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:314, WS:-3428K # 0K, PF:-3504K # 0K, P:-3504K) [14] 0.000030 +J(0) [15] 0.000049 +J(0) [16] 0.000560 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 21:28:24 ESENT 302 Logging/Recovery SearchIndexer (7584,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-22 21:28:24 ESENT 301 Logging/Recovery "SearchIndexer (7584,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.115511 -0.002566 (36) CM +J(CM:36, PgRf:131, Rd:71/36, Dy:0/0, Lg:1016692/326) +M(C:0K, Fs:420, WS:1600K # 1600K, PF:2768K # 2764K, P:2768K)." Information 2018-01-22 21:28:23 ESENT 301 Logging/Recovery "SearchIndexer (7584,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb002F6.jtx. Previous Log Processing Stats: " Information 2018-01-22 21:28:23 ESENT 300 Logging/Recovery SearchIndexer (7584,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-22 21:28:23 ESENT 916 General SearchIndexer (7584,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:28:23 ESENT 102 General SearchIndexer (7584,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 21:28:19 TV Server 0 None Service started successfully. Information 2018-01-22 21:28:17 ESENT 916 General taskhostw (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:28:04 ESENT 916 General svchost (3380,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:28:03 ESENT 916 General svchost (4028,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:28:02 ESENT 916 General svchost (4008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:28:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:28:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:28:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:28:02 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 21:27:52 ESENT 916 General taskhostw (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:27:49 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:49 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:48 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:48 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:48 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:48 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:48 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96709374 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:48 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:48 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: The log sequence numbers 96708157 and 96708157 in ibdata files do not match the log sequence number 96709374 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:47 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:46 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:46 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:46 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:46 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:46 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 21:27:46 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:27:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 21:27:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 21:27:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 21:27:43 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 21:27:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 21:27:40 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 21:27:39 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 21:27:37 ESENT 916 General svchost (2136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:27:35 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 21:27:33 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 21:27:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 21:27:33 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-22 21:20:17 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:17Z. Reason: RulesEngine. Information 2018-01-22 21:19:05 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-22 21:19:04 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:56Z. Reason: RulesEngine. Information 2018-01-22 21:18:24 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-22 21:18:24 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 238388)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-22 21:18:23 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-22 21:18:21 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-22 21:18:18 ESENT 916 General svchost (8088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:17:01 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 21:16:43 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-22 21:16:42 ESENT 326 General "SearchIndexer (7580,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000281:00B6:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.010391 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.035171 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000751 +J(0) [5] - [6] - [7] 0.035431 -0.001783 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:204K # 0K, PF:640K # 0K, P:640K) [8] 0.001177 -0.000645 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 108K, P:260K) [9] 0.000837 -0.000531 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000040 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 21:16:42 ESENT 105 General "SearchIndexer (7580,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002707 +J(0) +M(C:0K, Fs:177, WS:688K # 688K, PF:5472K # 5472K, P:5472K) [2] 0.000861 +J(0) +M(C:10240K, Fs:143, WS:572K # 572K, PF:388K # 388K, P:388K) [3] 0.000072 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000240 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:228K # 228K, P:228K) [5] 0.005959 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005065 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:32K # 32K, P:32K) [7] 0.016259 +J(0) +M(C:0K, Fs:342, WS:1368K # 1368K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.005134 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-996K # 20K, PF:-1020K # 16K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000131 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000700 +J(0) +M(C:0K, Fs:4, WS:8K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 21:16:42 ESENT 916 General SearchIndexer (7580,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:16:42 ESENT 102 General SearchIndexer (7580,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 21:16:38 ESENT 916 General taskhostw (5600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:16:32 TV Server 0 None Service started successfully. Information 2018-01-22 21:16:20 ESENT 916 General svchost (3420,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:16:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:16:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:16:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 21:16:18 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-22 21:16:17 ESENT 916 General svchost (3188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:16:16 ESENT 916 General svchost (3452,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:16:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-22 21:16:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-22 21:16:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 21:16:05 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 21:16:02 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:02 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:01 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:01 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:01 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:01 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:01 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 96708157 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:01 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:01 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:16:00 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-22 21:16:00 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:15:59 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 21:15:54 ESENT 916 General svchost (2156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:15:53 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-22 21:15:52 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-22 21:15:53 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-22 21:15:50 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-22 21:15:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-22 21:15:22 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-22 21:15:21 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:15:21 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:15:21 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:15:21 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-22 21:15:18 TV Server 0 None Service has been successfully shut down. Information 2018-01-22 21:15:17 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 5448 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 9380 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children " Information 2018-01-22 21:15:18 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 21:15:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-22 21:15:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-22 21:15:11 ESENT 916 General svchost (668,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:15:11 ESENT 916 General DllHost (9524,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:15:05 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 21:14:20 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Windows\Temp\AvgSetup\bbd76caa-31b3-47ce-9ff1-9918f159f9df\install\zen\zen_x64.msi. Client Process Id: 696. Information 2018-01-22 21:14:20 MsiInstaller 1033 None Windows Installer installed the product. Product Name: AVG. Product Version: 1.231.3. Product Language: 1033. Manufacturer: AVG Technologies. Installation success or error status: 0. Information 2018-01-22 21:14:20 MsiInstaller 11707 None SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Installation completed successfully. Information 2018-01-22 21:12:14 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Windows\Temp\AvgSetup\bbd76caa-31b3-47ce-9ff1-9918f159f9df\install\zen\zen_x64.msi. Client Process Id: 696. Information 2018-01-22 20:18:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 20:14:44 ESENT 326 General "Video.UI (9732,D,50) {442CC8DA-7E56-43B2-82D6-2538E33BF4E2}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0055:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001025 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.077830 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:28K # 0K, PF:24K # 0K, P:24K) [4] 0.004663 +J(0) [5] - [6] - [7] 0.015905 -0.015132 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:7, WS:28K # 0K, PF:128K # 0K, P:128K) [8] 0.008000 -0.000036 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 0K, PF:208K # 0K, P:208K) [9] 0.002783 -0.000026 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:8K # 0K, P:8K) [10] 0.000037 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000104 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000015 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-22 20:14:44 ESENT 105 General "Video.UI (9732,D,0) {442CC8DA-7E56-43B2-82D6-2538E33BF4E2}: The database engine started a new instance (0). (Time=3 seconds) Additional Data: lgposV2[] = 00000001:0001:0000 - 00000001:0053:0000 - 00000000:0000:0000 - 00000001:0053:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.204966 +J(0) +M(C:0K, Fs:191, WS:728K # 728K, PF:2828K # 2876K, P:2828K) [2] 0.000685 +J(0) +M(C:16K, Fs:84, WS:336K # 336K, PF:272K # 224K, P:272K) [3] 0.006887 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000353 +J(0) +M(C:112K, Fs:31, WS:124K # 124K, PF:160K # 160K, P:160K) [5] 0.196957 +J(0) +M(C:0K, Fs:121, WS:484K # 484K, PF:44K # 44K, P:44K) [6] 0.057519 +J(0) +M(C:0K, Fs:290, WS:1148K # 1148K, PF:144K # 144K, P:144K) [7] 0.126396 +J(0) +M(C:0K, Fs:708, WS:2828K # 2828K, PF:2300K # 2300K, P:2300K) [8] 0.395422 -0.175167 (134) CM +J(CM:134, PgRf:2093, Rd:0/134, Dy:61/2659, Lg:332177/4792) +M(C:240K, Fs:1165, WS:3464K # 3464K, PF:2116K # 2116K, P:2116K) [9] - [10] 0.004539 +J(0) +M(C:0K, Fs:1, WS:-2040K # 0K, PF:-2044K # 0K, P:-2044K) [11] 0.000105 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.639697 -0.000016 (41) CM +J(CM:41, PgRf:0, Rd:0/41, Dy:0/0, Lg:0/0) +M(C:152K, Fs:205, WS:512K # 0K, PF:0K # 0K, P:0K) [13] 1.922695 +J(CM:0, PgRf:2, Rd:0/0, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:678, WS:-92K # 440K, PF:-572K # 0K, P:-572K) [14] 0.000038 +J(0) [15] 0.000027 +J(0) [16] 0.002816 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-22 20:14:44 ESENT 302 Logging/Recovery Video.UI (9732,U,0) {442CC8DA-7E56-43B2-82D6-2538E33BF4E2}: The database engine has successfully completed recovery steps. Information 2018-01-22 20:14:42 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 20:14:41 ESENT 301 Logging/Recovery "Video.UI (9732,R,0) {442CC8DA-7E56-43B2-82D6-2538E33BF4E2}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-22 20:14:41 ESENT 300 Logging/Recovery Video.UI (9732,R,0) {442CC8DA-7E56-43B2-82D6-2538E33BF4E2}: The database engine is initiating recovery steps. Information 2018-01-22 20:14:41 ESENT 916 General Video.UI (9732,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 20:14:41 ESENT 102 General Video.UI (9732,P,0) {442CC8DA-7E56-43B2-82D6-2538E33BF4E2}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-22 20:14:40 ESENT 916 General svchost (7124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 20:12:30 ESENT 916 General svchost (2172,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 20:09:17 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 20:09:17 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 19:17:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 19:14:39 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 18:16:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 18:12:42 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 17:15:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 17:14:42 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 16:14:40 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 16:14:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 16:07:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 16:07:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-22 15:14:40 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 15:13:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 14:14:43 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 14:12:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 13:14:39 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 13:11:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 12:12:31 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 12:10:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 11:31:50 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:50Z. Reason: RulesEngine. Information 2018-01-22 11:30:54 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 11:14:23 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 11:09:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 10:57:09 ESENT 916 General svchost (2452,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 10:14:41 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 10:08:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 09:14:42 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 09:07:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 08:13:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:51Z. Reason: RulesEngine. Information 2018-01-22 08:10:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:00Z. Reason: RulesEngine. Information 2018-01-22 08:09:12 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-22 08:09:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-22 08:09:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 08:09:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 08:09:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 08:09:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 08:09:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 08:09:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-22 08:06:54 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-22 08:06:09 ESENT 916 General taskhostw (6360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 08:06:06 ESENT 916 General svchost (3396,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-22 08:05:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-22 08:05:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-22 08:05:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-22 08:05:55 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-22 08:05:55 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 08:05:53 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-22 08:05:53 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-22 08:05:52 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-21 22:29:39 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-21 22:29:38 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3560 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3560 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3560 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-21 22:29:38 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 39 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 680 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 7944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2196 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2196 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2196 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2196 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 5020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2196 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-21 22:29:38 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 22:29:38 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-21 22:29:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-21 22:29:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-21 22:29:25 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-21 22:29:22 ESENT 916 General svchost (1640,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 22:23:35 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 22:17:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 21:23:35 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 21:16:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 20:24:25 ESENT 325 General "Video.UI (9312,D,0) {C8490CE0-9460-40D4-862A-39F3E691173A}: The database engine created a new database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Additional Data: lgposCreate = 00000001:0001:0268 Internal Timing Sequence: [1] 0.000344 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:8K # 0K, P:8K) [2] 0.001132 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [3] 0.028544 +J(0) +M(C:0K, Fs:22, WS:80K # 0K, PF:40K # 0K, P:40K) [4] 0.003017 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] 0.000412 +J(CM:0, PgRf:3, Rd:0/0, Dy:3/6, Lg:122/4) +M(C:0K, Fs:35, WS:140K # 0K, PF:176K # 0K, P:176K) [6] 0.006574 +J(CM:0, PgRf:209, Rd:0/0, Dy:12/408, Lg:24454/447) +M(C:0K, Fs:67, WS:260K # 0K, PF:324K # 0K, P:324K) [7] 0.000757 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [8] 0.000008 +J(0) [9] 0.064268 +J(CM:15, PgRf:0, Rd:0/15, Dy:0/0, Lg:0/0) +M(C:0K, Fs:242, WS:832K # 0K, PF:216K # 0K, P:216K) [10] 0.019210 +J(CM:0, PgRf:346, Rd:0/0, Dy:7/93, Lg:12509/128) +M(C:0K, Fs:31, WS:100K # 0K, PF:84K # 0K, P:84K) [11] 0.000005 +J(0)." Information 2018-01-21 20:24:25 ESENT 637 General "Video.UI (9312,D,0) {C8490CE0-9460-40D4-862A-39F3E691173A}: New flush map file ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm"" will be created to enable persisted lost flush detection." Information 2018-01-21 20:24:25 ESENT 105 General "Video.UI (9312,D,0) {C8490CE0-9460-40D4-862A-39F3E691173A}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.005790 +J(0) +M(C:0K, Fs:138, WS:528K # 528K, PF:2776K # 2864K, P:2776K) [2] 0.000721 +J(0) +M(C:16K, Fs:82, WS:328K # 328K, PF:268K # 180K, P:268K) [3] 0.000049 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000325 +J(0) +M(C:112K, Fs:31, WS:124K # 124K, PF:160K # 160K, P:160K) [5] 0.016316 +J(0) +M(C:0K, Fs:19, WS:76K # 76K, PF:24K # 24K, P:24K) [6] 0.004035 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] - [8] - [9] - [10] - [11] - [12] - [13] 0.241714 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:1763, WS:4964K # 6988K, PF:760K # 2804K, P:760K) [14] 0.000043 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [15] 0.000110 +J(0) +M(C:0K, Fs:16, WS:64K # 0K, PF:64K # 0K, P:64K) [16] 0.038594 +J(0) +M(C:0K, Fs:15, WS:48K # 0K, PF:40K # 0K, P:40K)." Information 2018-01-21 20:24:25 ESENT 916 General Video.UI (9312,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 20:24:24 ESENT 102 General Video.UI (9312,P,0) {C8490CE0-9460-40D4-862A-39F3E691173A}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-21 20:24:05 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 20:15:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 20:07:53 ESENT 916 General svchost (2172,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 19:15:43 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 19:14:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 18:19:40 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 18:13:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 18:00:36 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎21T17:00:35.654811800Z. Information 2018-01-21 18:00:36 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\is-40GV2.tmp\vcredist_x86\vc_red.msi. Client Process Id: 9580. Information 2018-01-21 18:00:36 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022. Product Version: 9.0.21022. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0. Information 2018-01-21 18:00:36 MsiInstaller 11728 None Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Configuration completed successfully. Information 2018-01-21 18:00:35 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎21T17:00:35.654811800Z. Information 2018-01-21 18:00:35 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\is-40GV2.tmp\vcredist_x86\vc_red.msi. Client Process Id: 9580. Information 2018-01-21 17:57:46 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎21T16:57:38.974329500Z. Information 2018-01-21 17:57:46 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\is-BAR7O.tmp\vcredist_x86\vc_red.msi. Client Process Id: 9488. Information 2018-01-21 17:57:46 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022. Product Version: 9.0.21022. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2018-01-21 17:57:46 MsiInstaller 11707 None Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Installation completed successfully. Information 2018-01-21 17:57:38 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎21T16:57:38.974329500Z. Information 2018-01-21 17:57:38 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\is-BAR7O.tmp\vcredist_x86\vc_red.msi. Client Process Id: 9488. Information 2018-01-21 17:48:33 ESENT 916 General svchost (2172,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 17:33:24 Windows Error Reporting 1001 None "Fault bucket 133560231498, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe P2: praid:ContentProcess P3: 11.0.16299.15 P4: 59cda7cd P5: e361 P6: 133120 P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5402.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER919A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER91C7.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9254.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_d35191ed347bc51c6e8920607f7659745b4f8a62_b3b02568_15629b2d Analysis symbol: Rechecking for solution: 0 Report Id: 7d35dcda-e4ca-4c6c-9c85-8eba4672e708 Report Status: 268435456 Hashed bucket: cf8c4afd9be77642756b0650a308fe72" Information 2018-01-21 17:33:11 ESENT 916 General DllHost (1568,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-21 17:33:05 Application Error 1000 (100) "Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd Faulting module name: win32u.dll, version: 10.0.16299.15, time stamp: 0x1900dcc9 Exception code: 0xcfffffff Fault offset: 0x00000000000010a4 Faulting process id: 0x1ccc Faulting application start time: 0x01d392d573b0dfb7 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\Windows\System32\win32u.dll Report Id: 7d35dcda-e4ca-4c6c-9c85-8eba4672e708 Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess" Information 2018-01-21 17:32:26 ESENT 916 General MicrosoftEdge (2680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 17:23:36 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 17:13:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 16:22:00 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 16:12:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 15:12:09 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 15:11:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 14:10:00 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:22:21 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-21 13:21:28 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:20:45 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-21 13:19:44 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-21 13:19:23 ESENT 326 General "svchost (6168,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000007:000C:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001669 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.030589 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K) [4] 0.001353 +J(0) [5] - [6] - [7] 0.001932 -0.000873 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:21, WS:80K # 52K, PF:116K # 92K, P:116K) [8] 0.000828 -0.000376 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 120K, PF:200K # 196K, P:200K) [9] 0.000577 -0.000330 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000036 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000114 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-21 13:19:23 ESENT 105 General "svchost (6168,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000007:0007:0000 - 00000007:000A:0000 - 00000000:0000:0000 - 00000007:000A:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.005785 +J(0) +M(C:0K, Fs:175, WS:692K # 692K, PF:3416K # 3420K, P:3416K) [2] 0.001061 +J(0) +M(C:8K, Fs:89, WS:348K # 348K, PF:304K # 300K, P:304K) [3] 0.000083 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000520 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.007625 +J(0) +M(C:0K, Fs:15, WS:60K # 60K, PF:24K # 24K, P:24K) [6] 0.042670 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.010837 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.046232 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:36504/22) +M(C:0K, Fs:133, WS:316K # 316K, PF:220K # 224K, P:220K) [9] - [10] 0.004805 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000073 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002220 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:52K # 0K, P:52K) [13] 0.086138 -0.000688 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:55, WS:96K # 128K, PF:168K # 224K, P:168K) [14] 0.000033 +J(0) [15] 0.000026 +J(0) [16] 0.002729 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-21 13:19:23 ESENT 302 Logging/Recovery svchost (6168,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-21 13:19:23 ESENT 301 Logging/Recovery "svchost (6168,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-21 13:19:23 ESENT 300 Logging/Recovery svchost (6168,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-21 13:19:23 ESENT 916 General svchost (6168,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:19:23 ESENT 102 General svchost (6168,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-21 13:12:23 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:23Z. Reason: RulesEngine. Information 2018-01-21 13:11:37 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-21 13:11:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:37Z. Reason: RulesEngine. Information 2018-01-21 13:11:07 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-21 13:11:07 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 240316)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-21 13:11:06 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-21 13:11:05 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-21 13:11:04 ESENT 916 General svchost (8440,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:09:45 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-21 13:09:29 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-21 13:09:27 ESENT 326 General "SearchIndexer (7632,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000242:00BE:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.008855 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.041343 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:124K # 0K, PF:148K # 0K, P:148K) [4] 0.000533 +J(0) [5] - [6] - [7] 0.030704 -0.001545 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001357 -0.000829 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 132K, P:260K) [9] 0.000961 -0.000633 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-21 13:09:27 ESENT 105 General "SearchIndexer (7632,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.007499 +J(0) +M(C:0K, Fs:237, WS:932K # 932K, PF:5524K # 5524K, P:5524K) [2] 0.000815 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.003837 +J(0) +M(C:0K, Fs:41, WS:160K # 160K, PF:72K # 72K, P:72K) [4] 0.000350 +J(0) +M(C:0K, Fs:33, WS:132K # 132K, PF:228K # 228K, P:228K) [5] 0.005716 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:20K # 20K, P:20K) [6] 0.010141 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.014028 +J(0) +M(C:0K, Fs:277, WS:1108K # 1108K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.010063 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-996K # 20K, PF:-1020K # 16K, P:-1020K) [14] 0.000042 +J(0) [15] 0.000109 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.001616 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-21 13:09:27 ESENT 916 General SearchIndexer (7632,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:09:27 ESENT 102 General SearchIndexer (7632,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-21 13:09:25 ESENT 916 General taskhostw (2532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:09:18 TV Server 0 None Service started successfully. Information 2018-01-21 13:09:11 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-21 13:09:11 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-21 13:09:11 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-21 13:09:11 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-21 13:09:11 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-21 13:09:01 ESENT 916 General svchost (3396,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:08:58 ESENT 916 General svchost (3576,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:08:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-21 13:08:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-21 13:08:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-21 13:08:51 ESENT 916 General svchost (3600,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:08:48 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-21 13:08:46 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:46 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 94420895 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:45 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:44 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:44 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Warning 2018-01-21 13:08:44 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:38 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-21 13:08:38 ESENT 916 General svchost (2196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:08:37 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-21 13:08:37 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-21 13:08:35 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-21 13:08:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-21 13:08:06 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-21 13:08:06 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:06 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-21 13:08:03 TV Server 0 None Service has been successfully shut down. Information 2018-01-21 13:08:02 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 8956 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2628 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 1836 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 8212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children " Information 2018-01-21 13:08:02 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-21 13:08:02 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-21 13:08:02 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-21 13:07:53 ESENT 916 General svchost (5428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:06:01 ESENT 916 General SystemSettings (8748,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:06:00 ESENT 916 General SystemSettings (8748,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:05:45 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-21 13:04:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:01:28 ESENT 916 General SystemSettings (9076,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:01:28 ESENT 916 General SystemSettings (9076,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:01:28 ESENT 916 General SystemSettings (9076,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 13:01:07 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 12:58:48 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed analysis on Storage (D:) Information 2018-01-21 12:58:17 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-21 12:57:58 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on (C:) Information 2018-01-21 12:12:34 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 12:03:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 11:15:15 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 11:02:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 10:19:14 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 10:01:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 09:23:13 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 09:00:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 08:54:54 ESENT 916 General svchost (5280,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 08:23:19 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 07:59:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 07:23:13 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 06:58:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 06:23:15 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 05:57:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 05:12:46 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 04:56:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 04:33:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:43Z. Reason: RulesEngine. Information 2018-01-21 04:16:45 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 03:55:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 03:25:56 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:55Z. Reason: RulesEngine. Information 2018-01-21 03:21:13 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 02:54:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 02:22:58 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 01:53:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 01:51:14 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 01:23:13 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 00:52:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 00:39:38 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-21 00:12:34 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 23:51:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 23:23:13 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 22:50:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 22:13:56 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 21:49:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 21:14:04 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 20:48:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 20:21:40 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 20:00:41 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:41Z. Reason: RulesEngine. Information 2018-01-20 19:59:42 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 19:47:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 19:23:13 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 18:46:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 18:27:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-20 18:27:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-20 18:23:38 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 18:23:04 ESENT 916 General svchost (1916,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 17:45:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 17:23:14 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 16:45:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 16:18:25 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 15:44:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 14:57:51 ESENT 916 General svchost (8248,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 14:43:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 13:42:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 12:41:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 11:57:56 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 11:40:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 11:30:03 ESENT 916 General svchost (6480,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 10:39:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 10:18:34 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 09:38:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 09:34:04 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 08:43:50 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 08:37:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 07:36:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 06:35:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 05:53:53 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 05:34:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 04:33:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 04:25:58 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 04:17:22 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:22Z. Reason: RulesEngine. Information 2018-01-20 04:13:23 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:23Z. Reason: RulesEngine. Information 2018-01-20 03:32:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 02:31:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 01:30:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 00:29:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-20 00:08:11 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 23:28:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 23:05:23 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 22:27:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 22:08:14 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 21:46:45 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-19 21:46:28 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 21:28:49 Windows Error Reporting 1001 None "Fault bucket 129575400892, type 5 Event Name: RADAR_PRE_LEAK_64 Response: Not available Cab Id: 0 Problem signature: P1: MicrosoftEdgeCP.exe P2: 11.0.16299.15 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR8477.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8487.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8542.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER85DF.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: dfc7bdd2-3855-4c91-bfd3-1535367a19bf Report Status: 268435456 Hashed bucket: b9e4e8d4cc510c42c7f009edb7ae72bb" Information 2018-01-19 21:26:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 21:20:06 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 21:08:12 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 20:35:40 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 20:25:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 19:56:28 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-19 19:55:31 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 19:53:27 ESENT 326 General "svchost (9800,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000007:0008:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.006276 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.042322 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.001365 +J(0) [5] - [6] - [7] 0.001597 -0.000800 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:17, WS:68K # 36K, PF:56K # 28K, P:56K) [8] 0.001025 -0.000398 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 112K, PF:196K # 192K, P:196K) [9] 0.000970 -0.000678 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000019 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-19 19:53:27 ESENT 105 General "svchost (9800,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000007:0003:0000 - 00000007:0006:0000 - 00000000:0000:0000 - 00000007:0006:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.006360 +J(0) +M(C:0K, Fs:136, WS:532K # 532K, PF:3416K # 3416K, P:3416K) [2] 0.001145 +J(0) +M(C:8K, Fs:127, WS:504K # 504K, PF:300K # 300K, P:300K) [3] 0.000049 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000304 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.024433 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:24K # 24K, P:24K) [6] 0.015226 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.016639 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.092637 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:20280/12) +M(C:0K, Fs:117, WS:312K # 312K, PF:224K # 228K, P:224K) [9] - [10] 0.001843 +J(0) +M(C:0K, Fs:13, WS:-8K # 48K, PF:-4K # 52K, P:-4K) [11] 0.000079 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.003333 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.060153 -0.000945 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 96K, PF:160K # 168K, P:160K) [14] 0.000044 +J(0) [15] 0.000042 +J(0) [16] 0.005855 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-19 19:53:27 ESENT 302 Logging/Recovery svchost (9800,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-19 19:53:27 ESENT 301 Logging/Recovery "svchost (9800,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-19 19:53:27 ESENT 300 Logging/Recovery svchost (9800,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-19 19:53:27 ESENT 916 General svchost (9800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 19:53:27 ESENT 102 General svchost (9800,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-19 19:53:21 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 19:24:00 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 19:08:12 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:56:02 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:53:16 ESENT 326 General "Music.UI (7712,D,50) {211DB170-D139-44D1-AE67-A84492AA167B}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:00AD:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001194 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.079006 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:254, WS:792K # 0K, PF:240K # 0K, P:240K) [4] 0.000587 +J(0) [5] - [6] - [7] 0.002520 -0.001661 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:128K # 0K, P:128K) [8] 0.010095 -0.001707 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:63, WS:244K # 0K, PF:236K # 0K, P:236K) [9] 0.001019 -0.000029 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:7, WS:24K # 0K, PF:68K # 0K, P:68K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000118 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000015 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-19 18:53:16 ESENT 105 General "Music.UI (7712,D,0) {211DB170-D139-44D1-AE67-A84492AA167B}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:00A9:0000 - 00000001:00AB:0000 - 00000000:0000:0000 - 00000001:00AB:0000 (00000000:0000:0000) cReInits = 18 Internal Timing Sequence: [1] 0.010146 +J(0) +M(C:0K, Fs:364, WS:1428K # 1428K, PF:3500K # 3428K, P:3500K) [2] 0.000938 +J(0) +M(C:16K, Fs:99, WS:388K # 388K, PF:324K # 324K, P:324K) [3] 0.000041 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000427 +J(0) +M(C:112K, Fs:30, WS:120K # 120K, PF:156K # 156K, P:156K) [5] 0.009247 +J(0) +M(C:0K, Fs:162, WS:644K # 644K, PF:148K # 148K, P:148K) [6] 0.007872 +J(0) +M(C:0K, Fs:143, WS:564K # 564K, PF:56K # 56K, P:56K) [7] 0.099861 +J(0) +M(C:0K, Fs:3019, WS:11712K # 11712K, PF:4904K # 4992K, P:4904K) [8] 0.202787 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:689043/5583) +M(C:0K, Fs:2518, WS:4472K # 4472K, PF:1604K # 1520K, P:1604K) [9] - [10] 0.006237 +J(0) +M(C:0K, Fs:1, WS:-2040K # 0K, PF:-2044K # 0K, P:-2044K) [11] 0.000069 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.073450 +J(0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [13] 0.160659 -0.001188 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:919, WS:1284K # 1320K, PF:4K # 8K, P:4K) [14] 0.000033 +J(0) [15] 0.000028 +J(0) [16] 0.000522 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-19 18:53:16 ESENT 302 Logging/Recovery Music.UI (7712,U,0) {211DB170-D139-44D1-AE67-A84492AA167B}: The database engine has successfully completed recovery steps. Information 2018-01-19 18:53:15 ESENT 335 Logging/Recovery "Music.UI (7712,R,0) {211DB170-D139-44D1-AE67-A84492AA167B}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-19 18:53:15 ESENT 301 Logging/Recovery "Music.UI (7712,R,0) {211DB170-D139-44D1-AE67-A84492AA167B}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-19 18:53:15 ESENT 300 Logging/Recovery Music.UI (7712,R,0) {211DB170-D139-44D1-AE67-A84492AA167B}: The database engine is initiating recovery steps. Information 2018-01-19 18:53:15 ESENT 916 General Music.UI (7712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:53:15 ESENT 102 General Music.UI (7712,P,0) {211DB170-D139-44D1-AE67-A84492AA167B}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-19 18:43:05 ESENT 916 General DllHost (9376,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:42:44 ESENT 916 General MicrosoftEdge (8868,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:42:32 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-19 18:41:57 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-19 18:41:12 ESENT 916 General svchost (3516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:41:10 ESENT 916 General taskhostw (8512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:41:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-19 18:41:00 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-19 18:40:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-19 18:40:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-19 18:40:58 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-19 18:40:57 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-19 18:40:57 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-19 18:40:57 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-19 18:40:23 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-19 18:40:22 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:40:22 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3780 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3780 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3780 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-19 18:40:22 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 25 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 684 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2628 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 1836 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2076 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2076 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2076 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2076 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 564 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2076 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-19 18:40:22 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-19 18:40:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-19 18:40:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-19 18:40:15 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-19 18:37:55 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-19 18:34:16 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-19 18:34:02 ESENT 916 General svchost (5128,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:34:02 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"" ; Description = Revo Uninstaller's restore point - qBittorrent 4.0.3)." Information 2018-01-19 18:32:37 MsiInstaller 1034 None Windows Installer removed the product. Product Name: NordVPN. Product Version: 6.10.8. Product Language: 1033. Manufacturer: NordVPN. Removal success or error status: 0. Information 2018-01-19 18:32:37 MsiInstaller 11724 None Product: NordVPN -- Removal completed successfully. Information 2018-01-19 18:32:26 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎19T17:26:14.128833700Z. Information 2018-01-19 18:32:26 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: NordVPN. Product Version: 6.10.8. Product Language: 1033. Manufacturer: NordVPN. Reconfiguration success or error status: 0. Information 2018-01-19 18:32:26 MsiInstaller 11728 None Product: NordVPN -- Configuration completed successfully. Information 2018-01-19 18:32:26 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Windows\Installer\610a1c.msi. Client Process Id: 8148. Information 2018-01-19 18:27:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:44Z. Reason: RulesEngine. Information 2018-01-19 18:26:14 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎19T17:26:14.128833700Z. Information 2018-01-19 18:26:14 VpnService 0 None Service stopped successfully. Information 2018-01-19 18:26:13 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Windows\Installer\610a1c.msi. Client Process Id: 8148. Error 2018-01-19 18:26:07 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-19 18:25:58 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-19 18:25:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:58Z. Reason: RulesEngine. Information 2018-01-19 18:25:52 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"" ; Description = Revo Uninstaller's restore point - NordVPN)." Information 2018-01-19 18:25:52 ESENT 916 General svchost (5128,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:25:28 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-19 18:25:27 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 242881)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-19 18:25:27 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-19 18:25:20 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-19 18:25:18 ESENT 916 General svchost (5588,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-19 18:25:15 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c06f31d8-6b8a-46a3-950b-bd2ae2a9125a}" Information 2018-01-19 18:24:08 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Error 2018-01-19 18:23:56 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 19b0 Start Time: 01d3914a32617554 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 0fea5a12-d749-4974-9054-0e9d15e7e1ec Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2018-01-19 18:23:56 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F57.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F75.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4022.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_23c94551 Analysis symbol: Rechecking for solution: 0 Report Id: 0fea5a12-d749-4974-9054-0e9d15e7e1ec Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2018-01-19 18:23:53 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2018-01-19 18:23:36 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-19 18:23:34 ESENT 326 General "SearchIndexer (7716,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000022F:00A8:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.004078 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.069552 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:132K # 0K, PF:144K # 0K, P:144K) [4] 0.000513 +J(0) [5] - [6] - [7] 0.064603 -0.001720 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:54, WS:212K # 0K, PF:664K # 0K, P:664K) [8] 0.009505 -0.008982 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.001017 -0.000634 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000045 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000119 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-19 18:23:34 ESENT 105 General "SearchIndexer (7716,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.007086 +J(0) +M(C:0K, Fs:223, WS:868K # 868K, PF:5476K # 5476K, P:5476K) [2] 0.000964 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.002298 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000339 +J(0) +M(C:0K, Fs:26, WS:96K # 96K, PF:232K # 232K, P:232K) [5] 0.005812 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.045044 +J(0) +M(C:0K, Fs:41, WS:164K # 164K, PF:16K # 16K, P:16K) [7] 0.051819 +J(0) +M(C:0K, Fs:324, WS:1292K # 1292K, PF:1032K # 1032K, P:1032K) [8] - [9] - [10] - [11] - [12] - [13] 0.006314 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1024K # 12K, P:-1024K) [14] 0.000033 +J(0) [15] 0.000225 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:68K # 0K, P:68K) [16] 0.000674 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-19 18:23:34 ESENT 916 General SearchIndexer (7716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:23:34 ESENT 102 General SearchIndexer (7716,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-19 18:23:32 ESENT 916 General svchost (3516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:23:30 ESENT 916 General taskhostw (4012,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:23:29 TV Server 0 None Service started successfully. Information 2018-01-19 18:23:17 ESENT 916 General svchost (5136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:23:16 ESENT 916 General svchost (5128,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:23:15 VpnService 0 None Service started successfully. Information 2018-01-19 18:23:13 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:13 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:12 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:12 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:12 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:12 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:12 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 89840412 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:12 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:11 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:11 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:11 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:11 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:11 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:11 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:11 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:10 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:10 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-19 18:23:10 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:23:08 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-19 18:23:01 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-19 18:23:01 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-19 18:23:01 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-19 18:23:01 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-19 18:23:00 ESENT 916 General svchost (3516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:22:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-19 18:22:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-19 18:22:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-19 18:22:53 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-19 18:22:46 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-19 18:22:46 ESENT 916 General svchost (2076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:22:45 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-19 18:22:46 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-19 18:22:43 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-19 18:22:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-19 18:22:43 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-19 18:22:13 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-19 18:22:13 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 18:22:13 VpnService 0 None Service has been successfully shut down. Information 2018-01-19 18:22:10 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-19 18:22:10 TV Server 0 None Service has been successfully shut down. Information 2018-01-19 18:22:09 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 26 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 692 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 568 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-19 18:22:09 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-19 18:22:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-19 18:22:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-19 18:21:44 ESENT 916 General svchost (2844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 18:11:07 ESENT 916 General svchost (2172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 17:30:00 ESENT 916 General svchost (4008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 17:11:06 ESENT 916 General svchost (2172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 17:08:43 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB9D.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF310.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF38C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF40A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_094bfc85 Analysis symbol: Rechecking for solution: 0 Report Id: 3320731b-2d14-4ef1-bd51-c21d507cdd19 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-19 17:08:39 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-19 17:08:38 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-19 16:31:34 Windows Error Reporting 1001 None "Fault bucket 129580687484, type 5 Event Name: RADAR_PRE_LEAK_WOW64 Response: Not available Cab Id: 0 Problem signature: P1: avupdate.exe P2: 2.2.0.57 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDRF120.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF131.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF1BC.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF25A.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 9da6b0ba-e27e-4ac6-9ebf-9914a047ef5d Report Status: 268435456 Hashed bucket: bb7079572e8575b26a4fac81d95f4cdc" Information 2018-01-19 16:29:00 ESENT 916 General svchost (4008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 16:07:05 ESENT 916 General svchost (2172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 15:43:38 ESENT 916 General MicrosoftEdge (4836,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 15:28:00 ESENT 916 General svchost (4008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 15:16:10 MsiInstaller 1033 None Windows Installer installed the product. Product Name: NordVPN. Product Version: 6.10.8. Product Language: 1033. Manufacturer: NordVPN. Installation success or error status: 0. Information 2018-01-19 15:16:10 MsiInstaller 11707 None Product: NordVPN -- Installation completed successfully. Information 2018-01-19 15:16:07 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎19T14:11:55.715143800Z. Information 2018-01-19 15:16:07 MsiInstaller 1033 None Windows Installer installed the product. Product Name: NordVPN. Product Version: 6.10.8. Product Language: 1033. Manufacturer: NordVPN. Installation success or error status: 0. Information 2018-01-19 15:16:07 MsiInstaller 11707 None Product: NordVPN -- Installation completed successfully. Information 2018-01-19 15:16:07 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Roaming\NordVPN\NordVPN 6.10.8\install\3039467\NordVPN Setup.msi. Client Process Id: 1320. Information 2018-01-19 15:16:05 VpnService 0 None Service started successfully. Information 2018-01-19 15:15:16 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-19 15:13:46 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy13. Information 2018-01-19 15:13:46 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy13. Information 2018-01-19 15:12:22 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy13. Information 2018-01-19 15:11:55 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎19T14:11:55.715143800Z. Information 2018-01-19 15:11:55 ESENT 916 General svchost (3944,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 15:11:54 System Restore 8194 None Successfully created restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed NordVPN). Information 2018-01-19 15:11:12 ESENT 916 General svchost (2172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 15:11:12 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Roaming\NordVPN\NordVPN 6.10.8\install\3039467\NordVPN Setup.msi. Client Process Id: 1320. Information 2018-01-19 14:34:26 ESENT 916 General DllHost (4640,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 14:31:21 ESENT 916 General MicrosoftEdge (8400,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 14:30:09 ESENT 916 General DllHost (4640,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 14:30:00 ESENT 916 General svchost (2172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 14:27:00 ESENT 916 General svchost (4008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:40:16 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-19 13:31:48 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-19 13:29:55 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-19 13:29:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:55Z. Reason: RulesEngine. Information 2018-01-19 13:28:49 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-19 13:28:49 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 243178)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-19 13:28:46 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-19 13:28:45 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-19 13:27:53 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-19 13:27:53 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-19 13:27:20 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-19 13:27:11 ESENT 916 General svchost (8476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:27:04 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-19 13:27:04 ESENT 326 General "SearchIndexer (7976,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000022F:0016:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001167 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.057160 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:17, WS:36K # 0K, PF:68K # 0K, P:68K) [4] 0.000563 +J(0) [5] - [6] - [7] 0.019633 -0.001543 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:17, WS:68K # 0K, PF:512K # 0K, P:512K) [8] 0.001162 -0.000684 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:224K # 0K, P:224K) [9] 0.000923 -0.000591 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:32K # 0K, P:32K) [10] 0.000053 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000117 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-19 13:27:04 ESENT 105 General "SearchIndexer (7976,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000022E:00E5:0000 - 0000022F:0001:0000 - 0000022F:0014:0000 - 0000022F:0014:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.002698 +J(0) +M(C:0K, Fs:222, WS:868K # 868K, PF:4984K # 4984K, P:4984K) [2] 0.001412 +J(0) +M(C:10240K, Fs:117, WS:460K # 460K, PF:908K # 908K, P:908K) [3] 0.000066 +J(0) +M(C:0K, Fs:5, WS:20K # 20K, PF:64K # 64K, P:64K) [4] 0.000250 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:220K # 220K, P:220K) [5] 0.006016 +J(0) +M(C:0K, Fs:43, WS:172K # 172K, PF:20K # 20K, P:20K) [6] 0.004862 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.005111 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1028K # 1028K, P:1028K) [8] 0.124586 -0.015747 (20) CM +J(CM:20, PgRf:99, Rd:9/20, Dy:16/92, Lg:1011962/4676) +M(C:0K, Fs:1432, WS:2120K # 2124K, PF:2252K # 2252K, P:2252K) + 1 lgens [9] 0.019834 -0.000184 (9) CM +J(CM:9, PgRf:69, Rd:0/9, Dy:9/133, Lg:77022/252) +M(C:0K, Fs:111, WS:412K # 408K, PF:192K # 192K, P:192K) [10] 0.002325 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000121 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.070796 -0.000009 (25) CM +J(CM:25, PgRf:0, Rd:0/25, Dy:0/0, Lg:0/0) +M(C:0K, Fs:139, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.091209 -0.001260 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:312, WS:-1732K # 0K, PF:-1784K # 0K, P:-1784K) [14] 0.000042 +J(0) [15] 0.000052 +J(0) [16] 0.000708 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-19 13:27:04 ESENT 302 Logging/Recovery SearchIndexer (7976,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-19 13:27:04 ESENT 301 Logging/Recovery "SearchIndexer (7976,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.114250 -0.015747 (20) CM +J(CM:20, PgRf:99, Rd:9/20, Dy:16/92, Lg:1011962/4676) +M(C:0K, Fs:1172, WS:1184K # 1092K, PF:1424K # 1328K, P:1424K)." Information 2018-01-19 13:27:03 ESENT 301 Logging/Recovery "SearchIndexer (7976,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0022E.jtx. Previous Log Processing Stats: " Information 2018-01-19 13:27:03 ESENT 300 Logging/Recovery SearchIndexer (7976,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-19 13:27:03 ESENT 916 General SearchIndexer (7976,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:27:03 ESENT 102 General SearchIndexer (7976,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-19 13:26:59 ESENT 916 General taskhostw (4572,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:26:54 TV Server 0 None Service started successfully. Information 2018-01-19 13:26:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-19 13:26:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-19 13:26:40 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-19 13:26:34 ESENT 916 General svchost (4008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:26:33 ESENT 916 General svchost (3492,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:26:32 ESENT 916 General svchost (3944,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:26:25 ESENT 916 General taskhostw (4572,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:26:21 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:21 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:20 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:20 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:20 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:20 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:20 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 89834920 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:20 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:20 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: The log sequence numbers 87405803 and 87405803 in ibdata files do not match the log sequence number 89834920 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:19 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-19 13:26:19 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-19 13:26:18 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-19 13:26:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-19 13:26:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-19 13:26:17 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-19 13:26:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-19 13:26:12 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-19 13:26:12 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-19 13:26:10 ESENT 916 General svchost (2172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 13:26:07 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-19 13:26:06 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-19 13:26:06 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-19 10:14:46 ESENT 916 General svchost (2068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 10:04:00 ESENT 916 General svchost (5320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 09:14:45 ESENT 916 General svchost (2068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 09:03:00 ESENT 916 General svchost (5320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 08:16:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:00Z. Reason: RulesEngine. Information 2018-01-19 08:14:07 ESENT 916 General svchost (9392,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 08:07:32 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:32Z. Reason: RulesEngine. Information 2018-01-19 08:06:27 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:26Z. Reason: RulesEngine. Information 2018-01-19 08:03:55 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-19 08:03:06 ESENT 916 General taskhostw (1400,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 08:03:02 ESENT 916 General svchost (3680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-19 08:02:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 3 The request is not supported " Information 2018-01-19 08:02:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 3 The request is not supported " Information 2018-01-19 08:02:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-19 08:02:54 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-19 08:02:51 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-19 08:02:51 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-19 08:02:49 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-19 08:02:49 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 22:35:45 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 22:35:43 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9572 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9572 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9572 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9764 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9764 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9764 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-18 22:35:43 ESENT 916 General svchost (5320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:35:43 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 22:35:43 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 10060 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 7572 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 10016 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-18 22:35:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-18 22:35:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-18 22:35:41 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-18 22:35:34 ESENT 916 General svchost (10672,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:35:33 ESENT 916 General DllHost (5932,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:33:00 ESENT 916 General svchost (2068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:32:43 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-18 22:19:38 ESENT 916 General svchost (2068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:07:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:42Z. Reason: RulesEngine. Information 2018-01-18 22:06:12 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-18 22:06:12 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:12Z. Reason: RulesEngine. Information 2018-01-18 22:05:42 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-18 22:05:41 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 244101)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-18 22:05:40 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-18 22:05:35 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-18 22:05:33 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 22:05:13 ESENT 916 General MicrosoftEdge (4444,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:04:47 ESENT 916 General taskhostw (9352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:04:45 ESENT 916 General svchost (3680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:04:37 ESENT 916 General taskhostw (9352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:04:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-18 22:04:35 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 22:04:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-18 22:04:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 22:04:33 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 22:04:32 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 22:04:32 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 22:04:32 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 22:03:26 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 22:03:25 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 18 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-18 22:03:25 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 4008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 4008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 4008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 6008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-18 22:03:25 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 22:03:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-18 22:03:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-18 22:03:18 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-18 22:03:14 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 22:03:00 ESENT 916 General MicrosoftEdge (8352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:02:33 TV Server 0 None Service started successfully. Information 2018-01-18 22:02:29 ESENT 916 General svchost (6000,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:02:28 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-18 22:02:24 ESENT 326 General "SearchIndexer (6212,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000022E:00E6:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.002892 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.025538 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000537 +J(0) [5] - [6] - [7] 0.041614 -0.001564 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001457 -0.000950 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000969 -0.000597 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000047 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000122 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-18 22:02:24 ESENT 105 General "SearchIndexer (6212,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.009775 +J(0) +M(C:0K, Fs:219, WS:856K # 856K, PF:5468K # 5468K, P:5468K) [2] 0.001025 +J(0) +M(C:10240K, Fs:105, WS:412K # 412K, PF:396K # 396K, P:396K) [3] 0.000074 +J(0) +M(C:0K, Fs:8, WS:32K # 32K, PF:64K # 64K, P:64K) [4] 0.000229 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.008661 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004677 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.004659 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.012060 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000056 +J(0) [15] 0.000171 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000746 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-18 22:02:24 ESENT 916 General SearchIndexer (6212,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:02:24 ESENT 102 General SearchIndexer (6212,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-18 22:02:17 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:17 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 87405803 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:16 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:15 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:15 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:15 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:15 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:15 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:15 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-18 22:02:15 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:02:15 ESENT 916 General svchost (5320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:02:14 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 22:02:10 ESENT 916 General taskhostw (3832,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:02:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 22:02:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 22:02:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 22:02:03 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-18 22:02:00 ESENT 916 General svchost (3680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:01:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-18 22:01:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-18 22:01:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 22:01:53 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 22:01:46 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-18 22:01:47 ESENT 916 General svchost (2068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:01:46 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 22:01:45 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-18 22:01:43 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-18 22:01:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-18 22:01:15 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-18 22:01:15 MySQL 100 None "Binlog end For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:01:15 MySQL 100 None "Forcefully disconnecting 0 remaining clients For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:01:15 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:01:15 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:01:15 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:01:15 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 22:01:12 TV Server 0 None Service has been successfully shut down. Information 2018-01-18 22:01:11 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 22:01:11 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-18 22:01:10 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 41 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 700 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 9848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 580 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2640 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-18 22:01:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-18 22:01:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Error 2018-01-18 22:00:46 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1440 Start Time: 01d3909ecca41390 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 8baf1d2e-8528-45a1-b7c2-c6bce8646e36 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2018-01-18 22:00:46 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER777F.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER779D.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER783A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_29bc81bf Analysis symbol: Rechecking for solution: 0 Report Id: 8baf1d2e-8528-45a1-b7c2-c6bce8646e36 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2018-01-18 22:00:41 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2018-01-18 22:00:40 ESENT 916 General DllHost (10524,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 22:00:01 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-18 22:00:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:01Z. Reason: RulesEngine. Information 2018-01-18 21:58:50 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-18 21:58:49 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 244108)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-18 21:58:46 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-18 21:58:44 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-18 21:58:26 ESENT 916 General MicrosoftEdge (8924,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:57:31 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 21:56:50 TV Server 0 None Service started successfully. Information 2018-01-18 21:56:49 ESENT 916 General svchost (5624,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:56:45 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-18 21:56:43 ESENT 326 General "SearchIndexer (6924,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000022E:00C2:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.003644 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.033360 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:148K # 0K, P:148K) [4] 0.000557 +J(0) [5] - [6] - [7] 0.119452 -0.001659 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001184 -0.000683 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.001080 -0.000769 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-18 21:56:43 ESENT 105 General "SearchIndexer (6924,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.017953 +J(0) +M(C:0K, Fs:288, WS:1124K # 1124K, PF:5552K # 5552K, P:5552K) [2] 0.000849 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000170 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000281 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.009860 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.010210 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.021688 +J(0) +M(C:0K, Fs:277, WS:1108K # 1108K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.008094 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000037 +J(0) [15] 0.000140 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.001141 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-18 21:56:43 ESENT 916 General SearchIndexer (6924,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:56:43 ESENT 102 General SearchIndexer (6924,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-18 21:56:35 ESENT 916 General taskhostw (4232,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:56:32 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:32 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 87405322 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:31 ESENT 916 General svchost (5296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:56:30 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-18 21:56:30 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:56:30 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 21:56:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 21:56:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 21:56:20 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-18 21:56:16 ESENT 916 General svchost (3436,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:56:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-18 21:56:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-18 21:56:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 21:56:11 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 21:56:04 ESENT 916 General svchost (2188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:56:03 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-18 21:56:03 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-18 21:56:03 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 21:56:00 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-18 21:56:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-18 21:55:30 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-18 21:55:30 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:55:28 TV Server 0 None Service has been successfully shut down. Information 2018-01-18 21:55:27 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-18 21:55:26 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 37 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 692 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 168 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3796 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2648 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-18 21:55:27 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 21:55:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-18 21:55:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-18 21:52:15 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-18 21:47:31 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Error 2018-01-18 21:44:32 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-18 21:44:13 ESENT 916 General svchost (3916,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:44:13 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=b8249dc2116c4adb9168f0d673&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Error 2018-01-18 21:43:28 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {63e3f4f7-4a51-45fc-a078-c2b785e58e9d}" Information 2018-01-18 21:38:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:51Z. Reason: RulesEngine. Information 2018-01-18 21:35:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:19Z. Reason: RulesEngine. Information 2018-01-18 21:32:53 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a\triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER381E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER383C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER38BA.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER38DB.tmp.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a\memory.hdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_1eebb121 Analysis symbol: Rechecking for solution: 0 Report Id: 69db99a4-c864-447e-80db-77424791078a Report Status: 268435558 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Information 2018-01-18 21:32:41 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:32:11 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-18 21:32:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:10Z. Reason: RulesEngine. Information 2018-01-18 21:31:46 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a\triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER381E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER383C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER38BA.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER38DB.tmp.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a\memory.hdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a Analysis symbol: Rechecking for solution: 0 Report Id: 69db99a4-c864-447e-80db-77424791078a Report Status: 102 Hashed bucket: " Information 2018-01-18 21:31:40 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-18 21:31:40 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 244135)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-18 21:31:39 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-18 21:31:38 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-18 21:31:34 ESENT 916 General svchost (9672,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-18 21:31:19 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1234 Start Time: 01d3909b12029606 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 69db99a4-c864-447e-80db-77424791078a Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2018-01-18 21:31:19 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a\triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER381E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER383C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER38BA.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER38DB.tmp.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a\memory.hdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_cab_25fe3b2a Analysis symbol: Rechecking for solution: 0 Report Id: 69db99a4-c864-447e-80db-77424791078a Report Status: 6 Hashed bucket: " Error 2018-01-18 21:31:14 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2018-01-18 21:30:48 ESENT 916 General DllHost (3516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:30:47 ESENT 916 General MicrosoftEdge (9104,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:30:14 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 21:29:51 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-18 21:29:50 ESENT 326 General "SearchIndexer (7464,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000022E:00A0:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.002469 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.031633 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000575 +J(0) [5] - [6] - [7] 0.032804 -0.001596 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001529 -0.001004 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.000934 -0.000584 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-18 21:29:50 ESENT 105 General "SearchIndexer (7464,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004831 +J(0) +M(C:0K, Fs:220, WS:868K # 868K, PF:5472K # 5464K, P:5472K) [2] 0.000964 +J(0) +M(C:10240K, Fs:104, WS:412K # 412K, PF:392K # 392K, P:392K) [3] 0.000079 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000233 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005961 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.005274 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.004919 +J(0) +M(C:0K, Fs:279, WS:1112K # 1112K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.016234 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:12, WS:-984K # 32K, PF:-1016K # 12K, P:-1016K) [14] 0.000032 +J(0) [15] 0.000114 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000618 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-18 21:29:50 ESENT 916 General SearchIndexer (7464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:29:50 ESENT 102 General SearchIndexer (7464,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-18 21:29:47 ESENT 916 General taskhostw (4012,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:29:45 TV Server 0 None Service started successfully. Information 2018-01-18 21:29:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 21:29:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 21:29:30 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-18 21:29:27 ESENT 916 General svchost (3936,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:29:27 ESENT 916 General svchost (3916,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:29:25 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:29:16 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:16 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:15 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:15 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:15 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:15 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:15 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 87404831 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:15 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:15 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-18 21:29:14 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:29:14 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 21:29:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-18 21:29:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-18 21:29:12 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 21:29:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 21:29:05 ESENT 916 General svchost (2176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:29:05 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 21:29:04 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-18 21:29:03 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-18 21:29:01 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-18 21:29:02 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-18 21:29:01 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-18 21:28:33 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-18 21:28:32 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:28:32 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:28:32 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:28:29 TV Server 0 None Service has been successfully shut down. Information 2018-01-18 21:28:28 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-18 21:28:28 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 680 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 9008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 5260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-18 21:28:28 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 21:28:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-18 21:28:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-18 21:28:00 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-18 21:28:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:00Z. Reason: RulesEngine. Information 2018-01-18 21:27:30 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-18 21:27:29 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 244139)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-18 21:27:28 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-18 21:27:26 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-18 21:27:25 ESENT 916 General svchost (8808,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:26:18 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 21:25:41 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-18 21:25:41 ESENT 326 General "SearchIndexer (7592,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000022E:007E:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001759 +J(0) +M(C:0K, Fs:25, WS:32K # 0K, PF:36K # 0K, P:36K) [3] 0.029221 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:140K # 0K, P:140K) [4] 0.000554 +J(0) [5] - [6] - [7] 0.034217 -0.001589 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:644K # 0K, P:644K) [8] 0.001381 -0.000847 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 108K, P:256K) [9] 0.001008 -0.000621 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000114 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-18 21:25:41 ESENT 105 General "SearchIndexer (7592,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.018916 +J(0) +M(C:0K, Fs:240, WS:940K # 940K, PF:5496K # 5496K, P:5496K) [2] 0.000955 +J(0) +M(C:10240K, Fs:115, WS:460K # 460K, PF:392K # 392K, P:392K) [3] 0.004589 +J(0) +M(C:0K, Fs:9, WS:36K # 36K, PF:64K # 64K, P:64K) [4] 0.000309 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:232K # 232K, P:232K) [5] 0.005722 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.040275 +J(0) +M(C:0K, Fs:78, WS:308K # 308K, PF:84K # 84K, P:84K) [7] 0.090112 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.006032 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1024K # 12K, P:-1024K) [14] 0.000034 +J(0) [15] 0.000127 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000622 +J(0) +M(C:0K, Fs:4, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-18 21:25:41 ESENT 916 General SearchIndexer (7592,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:25:40 ESENT 102 General SearchIndexer (7592,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-18 21:25:38 ESENT 916 General taskhostw (3116,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:25:37 TV Server 0 None Service started successfully. Information 2018-01-18 21:25:31 ESENT 916 General svchost (5252,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:25:26 ESENT 916 General svchost (5280,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:25:22 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 87404110 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:22 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:21 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-18 21:25:20 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:25:16 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 21:25:13 ESENT 916 General svchost (3764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:25:13 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 21:25:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 21:25:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 21:25:12 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-18 21:25:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-18 21:25:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-18 21:25:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 21:25:03 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 21:24:56 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-18 21:24:56 ESENT 916 General svchost (2192,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:24:55 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-18 21:24:55 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 21:24:52 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-18 21:24:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-18 21:24:23 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-18 21:24:23 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:24:23 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:24:23 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:24:23 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 21:24:20 TV Server 0 None Service has been successfully shut down. Information 2018-01-18 21:24:19 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 560 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3628 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3628 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3628 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3628 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 8156 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-18 21:24:19 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 21:24:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-18 21:24:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-18 21:24:04 ESENT 916 General DllHost (6272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:24:04 ESENT 916 General svchost (6780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 21:13:28 Windows Error Reporting 1001 None "Fault bucket 1483143121776411155, type 5 Event Name: ScriptedDiagFailure Response: Not available Cab Id: 0 Problem signature: P1: Microsoft Corporation.AudioPlaybackDiagnostic.4.5 P2: 2542979619 P3: 1.0.0.0 P4: Default P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\msdtadmin\_1462FEEB-E7C9-4EB0-BD7C-0EE96A6B9211_\Pkg618.cab \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E4.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER740.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER79F.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft Corpor_a7a141ed93ad99602a96bba123198cef09711c_00000000_21680de8 Analysis symbol: Rechecking for solution: 0 Report Id: 730db0c1-1c28-4263-a806-1f782718535e Report Status: 268435456 Hashed bucket: 6edf602b95407a88f4952ecfac8c0213" Information 2018-01-18 21:13:26 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: ScriptedDiagFailure Response: Not available Cab Id: 0 Problem signature: P1: Microsoft Corporation.AudioPlaybackDiagnostic.4.5 P2: 2542979619 P3: 1.0.0.0 P4: Default P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\msdtadmin\_1462FEEB-E7C9-4EB0-BD7C-0EE96A6B9211_\Pkg618.cab \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E4.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER740.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER79F.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Corpor_a7a141ed93ad99602a96bba123198cef09711c_00000000_cab_083007bd Analysis symbol: Rechecking for solution: 0 Report Id: 730db0c1-1c28-4263-a806-1f782718535e Report Status: 4 Hashed bucket: " Information 2018-01-18 21:11:46 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 20:28:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 20:28:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 20:27:00 ESENT 916 General svchost (3428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 20:17:14 Windows Error Reporting 1001 None "Fault bucket 129588937969, type 5 Event Name: RADAR_PRE_LEAK_WOW64 Response: Not available Cab Id: 0 Problem signature: P1: MediaPortal.exe P2: 1.18.0.0 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR87D7.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87E8.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8883.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8920.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 2919a804-daab-4271-9197-55770fcc6cc9 Report Status: 268435456 Hashed bucket: cdd4f4ca404bf0cd2e16345680dc7772" Information 2018-01-18 20:12:00 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 19:26:00 ESENT 916 General svchost (3428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 18:25:00 ESENT 916 General svchost (3428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 17:28:29 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-18 17:27:22 ESENT 916 General svchost (3428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 17:25:32 ESENT 326 General "svchost (9044,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000007:0004:0268 Internal Timing Sequence: [1] 0.000011 +J(0) [2] 0.004153 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.082772 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:13, WS:48K # 0K, PF:48K # 0K, P:48K) [4] 0.001831 +J(0) [5] - [6] - [7] 0.001856 -0.000995 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 52K, PF:60K # 48K, P:60K) [8] 0.000886 -0.000388 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.000552 -0.000307 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000117 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-18 17:25:32 ESENT 105 General "svchost (9044,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000006:000D:0000 - 00000007:0001:0000 - 00000007:0002:0000 - 00000007:0002:0000 (00000007:0001:0000) ForwardLogsV2 = 0.102068 s - 1 lgens cReInits = 4 Internal Timing Sequence: [1] 0.003182 +J(0) +M(C:0K, Fs:132, WS:520K # 520K, PF:2872K # 2872K, P:2872K) [2] 0.000887 +J(0) +M(C:8K, Fs:94, WS:372K # 372K, PF:848K # 848K, P:848K) [3] 0.000033 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000293 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:160K # 160K, P:160K) [5] 0.008948 +J(0) +M(C:0K, Fs:49, WS:196K # 196K, PF:16K # 16K, P:16K) [6] 0.008966 +J(0) +M(C:0K, Fs:31, WS:116K # 116K, PF:24K # 24K, P:24K) [7] 0.006905 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.086435 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:53559/34) +M(C:0K, Fs:176, WS:340K # 340K, PF:224K # 236K, P:224K) + 1 lgens [9] 0.043111 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4056/2) +M(C:0K, Fs:16, WS:60K # 60K, PF:60K # 52K, P:60K) [10] 0.004987 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000087 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K) [12] 0.013778 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.117686 -0.000966 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:49, WS:72K # 104K, PF:164K # 168K, P:164K) [14] 0.000034 +J(0) [15] 0.000044 +J(0) [16] 0.002087 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-18 17:25:32 ESENT 302 Logging/Recovery svchost (9044,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-18 17:25:32 ESENT 301 Logging/Recovery "svchost (9044,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: [1] 0.074660 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:53559/34) +M(C:0K, Fs:127, WS:220K # 152K, PF:148K # 92K, P:148K)." Information 2018-01-18 17:25:32 ESENT 301 Logging/Recovery "svchost (9044,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS00006.log. Previous Log Processing Stats: " Information 2018-01-18 17:25:32 ESENT 300 Logging/Recovery svchost (9044,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-18 17:25:32 ESENT 916 General svchost (9044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 17:25:32 ESENT 102 General svchost (9044,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-18 17:25:30 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 17:24:00 ESENT 916 General svchost (3428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:38:00 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-18 16:37:31 ESENT 916 General svchost (1744,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:37:29 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on System Reserved Information 2018-01-18 16:37:29 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on System Reserved Information 2018-01-18 16:36:26 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-18 16:33:04 Windows Error Reporting 1001 None "Fault bucket 1463032877770995628, type 5 Event Name: BEX Response: Not available Cab Id: 0 Problem signature: P1: MediaPortal.exe P2: 1.18.0.0 P3: 59d9d5bc P4: ntdll.dll P5: 10.0.16299.192 P6: 16e7ff7f P7: 000f4bb0 P8: c000000d P9: 00000000 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7445.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3BB.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3D6.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE435.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERE448.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MediaPortal.exe_a956abfdd4a351b441403976acfd81c3a51fc882_30d029d2_cab_2190e628\memory.hdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_MediaPortal.exe_a956abfdd4a351b441403976acfd81c3a51fc882_30d029d2_20935a16 Analysis symbol: Rechecking for solution: 0 Report Id: 6f079eaf-b682-4c3f-9cf9-57e12a319618 Report Status: 268435456 Hashed bucket: dd543c5c15564e16244dbca69e41f7ac" Information 2018-01-18 16:33:01 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: BEX Response: Not available Cab Id: 0 Problem signature: P1: MediaPortal.exe P2: 1.18.0.0 P3: 59d9d5bc P4: ntdll.dll P5: 10.0.16299.192 P6: 16e7ff7f P7: 000f4bb0 P8: c000000d P9: 00000000 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7445.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3BB.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3D6.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE435.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERE448.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MediaPortal.exe_a956abfdd4a351b441403976acfd81c3a51fc882_30d029d2_cab_2190e628\memory.hdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MediaPortal.exe_a956abfdd4a351b441403976acfd81c3a51fc882_30d029d2_cab_2190e628 Analysis symbol: Rechecking for solution: 0 Report Id: 6f079eaf-b682-4c3f-9cf9-57e12a319618 Report Status: 4 Hashed bucket: " Information 2018-01-18 16:31:05 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-18 16:30:22 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11. Information 2018-01-18 16:30:22 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11. Information 2018-01-18 16:30:02 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11. Error 2018-01-18 16:29:54 Application Error 1000 (100) "Faulting application name: MediaPortal.exe, version: 1.18.0.0, time stamp: 0x59d9d5bc Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x16e7ff7f Exception code: 0xc000000d Fault offset: 0x000f4bb0 Faulting process id: 0x1e4 Faulting application start time: 0x01d390705e7b8f66 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\MediaPortal.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 6f079eaf-b682-4c3f-9cf9-57e12a319618 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-18 16:29:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-18 16:28:05 ESENT 916 General svchost (3384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:26:34 System Restore 8194 None Successfully created restore point (Process = c:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update). Information 2018-01-18 16:26:34 ESENT 916 General svchost (3384,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:23:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 16:23:05 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:22:48 ESENT 916 General svchost (3768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:22:45 ESENT 916 General taskhostw (8476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:22:34 ESENT 916 General svchost (3768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 16:22:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-18 16:22:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-18 16:22:31 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 16:22:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 16:22:28 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 16:22:26 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 16:22:24 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 16:22:21 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 12:19:15 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 12:19:15 ESENT 916 General svchost (3428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 12:19:14 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4932 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4932 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4932 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-18 12:19:14 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 29 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 688 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2632 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 568 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 1792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-18 12:19:14 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 12:19:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-18 12:19:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-18 12:19:12 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-18 12:19:06 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 12:19:06 ESENT 916 General DllHost (3328,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 12:08:45 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:54:02 ESENT 916 General DllHost (3328,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:35:21 TV Server 0 None Service started successfully. Information 2018-01-18 11:32:00 TV Server 0 None Service stopped successfully. Information 2018-01-18 11:27:41 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:40Z. Reason: RulesEngine. Information 2018-01-18 11:26:47 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-18 11:26:47 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:43Z. Reason: RulesEngine. Information 2018-01-18 11:26:11 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-18 11:26:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 244741)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-18 11:26:10 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-18 11:26:09 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-18 11:26:07 ESENT 916 General svchost (8448,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:24:55 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 11:24:38 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-18 11:24:37 ESENT 326 General "SearchIndexer (7340,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000021C:0057:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.003753 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.070130 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:140K # 0K, P:140K) [4] 0.000485 +J(0) [5] - [6] - [7] 0.033572 -0.002012 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001163 -0.000639 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 128K, P:260K) [9] 0.001900 -0.001564 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-18 11:24:37 ESENT 105 General "SearchIndexer (7340,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.007898 +J(0) +M(C:0K, Fs:238, WS:928K # 928K, PF:5476K # 5480K, P:5476K) [2] 0.001089 +J(0) +M(C:10240K, Fs:107, WS:428K # 428K, PF:440K # 436K, P:440K) [3] 0.029340 +J(0) +M(C:0K, Fs:56, WS:220K # 220K, PF:80K # 88K, P:80K) [4] 0.000344 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 216K, P:224K) [5] 0.018465 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005695 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.060824 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.099470 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000035 +J(0) [15] 0.000131 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000552 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-18 11:24:37 ESENT 916 General SearchIndexer (7340,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:24:37 ESENT 102 General SearchIndexer (7340,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-18 11:24:33 ESENT 916 General taskhostw (5740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:24:22 TV Server 0 None Service started successfully. Information 2018-01-18 11:24:18 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 11:24:18 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 11:24:18 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 11:24:18 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-18 11:24:18 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-18 11:24:18 ESENT 916 General svchost (3384,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:24:16 ESENT 916 General svchost (3768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:24:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-18 11:24:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-18 11:24:06 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 11:24:01 ESENT 916 General svchost (3428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:24:01 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 11:23:55 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 87396074 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:55 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-18 11:23:54 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:54 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 11:23:48 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-18 11:23:48 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 11:23:48 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:23:46 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-18 11:23:44 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-18 11:23:45 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-18 11:23:14 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-18 11:23:14 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:14 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:14 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:14 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-18 11:23:11 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-18 11:23:12 TV Server 0 None Service has been successfully shut down. Information 2018-01-18 11:23:11 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 22 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 4320 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 1820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 7304 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 8764 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-18 11:23:11 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 11:23:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-18 11:23:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-18 11:22:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-18 11:20:54 ESENT 916 General svchost (3760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:14:04 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 11:00:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:44Z. Reason: RulesEngine. Information 2018-01-18 10:59:55 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 10:59:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 10:57:51 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-18 10:23:13 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-18 10:09:49 ESENT 916 General DllHost (10424,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 10:07:23 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-18 10:07:03 ESENT 916 General DllHost (10424,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 10:02:24 ESENT 916 General svchost (10492,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 10:02:23 ESENT 916 General DllHost (10424,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 10:01:45 ESENT 916 General MicrosoftEdge (2240,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 10:01:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:21Z. Reason: RulesEngine. Information 2018-01-18 09:58:32 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-18 09:58:07 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 09:57:47 ESENT 916 General taskhostw (8792,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 09:57:43 ESENT 916 General svchost (3112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 09:57:39 ESENT 916 General svchost (3112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-18 09:57:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-18 09:57:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-18 09:57:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-18 09:57:35 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-18 09:57:33 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-18 09:57:32 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-18 09:57:32 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-18 09:57:31 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-17 22:43:59 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-17 22:44:00 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-17 22:43:59 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 34 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 680 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 1820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2244 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2244 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2244 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2244 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2244 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-17 22:43:59 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 22:43:59 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 22:43:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-17 22:43:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-17 22:43:56 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-17 22:43:50 ESENT 916 General svchost (4236,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 22:43:49 ESENT 916 General DllHost (792,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 22:15:41 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 21:53:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 21:03:46 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 20:52:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 20:07:29 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 19:51:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 19:11:09 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 18:50:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 18:15:06 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 17:49:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 17:15:41 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 16:48:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 16:03:55 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 16:03:50 ESENT 916 General DllHost (792,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 16:03:20 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER30AB.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER364A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER36C6.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3734.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0d473f13 Analysis symbol: Rechecking for solution: 0 Report Id: ba7d58f4-5dfa-4f93-b34a-8b35262f9c37 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-17 16:03:16 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-17 16:03:16 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-17 15:47:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 15:14:55 ESENT 916 General MicrosoftEdge (5896,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 15:10:35 Windows Error Reporting 1001 None "Fault bucket LKD_0x141_Tdr:6_IMAGE_igdkmd64lp.sys_GEN8CHV_0_DISPLAY, type 0 Event Name: LiveKernelEvent Response: Not available Cab Id: 12efe7ba-fac7-4ebd-b7fd-3c78f00b68b1 Problem signature: P1: 141 P2: ffff9a088c6e84a0 P3: fffff802600424c0 P4: 0 P5: 1498 P6: 10_0_16299 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG-20180117-1509.dmp \\?\C:\Windows\TEMP\WER-1464843-0.sysdata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB77D.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB79C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB80B.tmp.txt \\?\C:\Windows\Temp\WEREEF9.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_141_c9cf51dd5d509b836edf765dff022d55cedfa4_00000000_cab_07bef448 Analysis symbol: Rechecking for solution: 0 Report Id: 344c6972-3ef1-464e-9086-6aec71876214 Report Status: 268435456 Hashed bucket: " Information 2018-01-17 15:10:19 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: LiveKernelEvent Response: Not available Cab Id: 0 Problem signature: P1: 141 P2: ffff9a088c6e84a0 P3: fffff802600424c0 P4: 0 P5: 1498 P6: 10_0_16299 P7: 0_0 P8: 256_1 P9: P10: Attached files: \\?\C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG-20180117-1509.dmp \\?\C:\Windows\TEMP\WER-1464843-0.sysdata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB77D.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB79C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB80B.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_141_c9cf51dd5d509b836edf765dff022d55cedfa4_00000000_cab_08c2b829 Analysis symbol: Rechecking for solution: 0 Report Id: 344c6972-3ef1-464e-9086-6aec71876214 Report Status: 4 Hashed bucket: " Information 2018-01-17 15:04:26 Windows Error Reporting 1001 None "Fault bucket 129595456064, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: System.Windows.Forms P5: 4.7.2556.0 P6: 59b8360c P7: d16 P8: 17 P9: System.InvalidOperationException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER39CA.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C4A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C77.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CD6.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SetupTv.exe_18cbf367353c471fe2e72549821d891a843e94e9_acb3f77f_1ab95457 Analysis symbol: Rechecking for solution: 0 Report Id: c1b2f1a1-a584-459b-b4d8-2dcbc2c577e6 Report Status: 268435456 Hashed bucket: 7dfb8a62212e65bfc05de97a32da4be5" Error 2018-01-17 15:04:19 Application Error 1000 (100) "Faulting application name: SetupTv.exe, version: 1.18.0.0, time stamp: 0x59d9d5c3 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x94 Faulting application start time: 0x01d38f9bada3afb5 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: c1b2f1a1-a584-459b-b4d8-2dcbc2c577e6 Faulting package full name: Faulting package-relative application ID: " Error 2018-01-17 15:04:18 .NET Runtime 1026 None Application: SetupTv.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.InvalidOperationException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at System.Windows.Forms.Control.Invoke(System.Delegate) at SetupTv.Sections.Helpers.ChannelListViewHandler.FillListViewChannels(System.Object) at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart(System.Object) Information 2018-01-17 14:51:32 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:32Z. Reason: RulesEngine. Information 2018-01-17 14:48:47 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-17 14:48:47 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:46Z. Reason: RulesEngine. Information 2018-01-17 14:48:16 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-17 14:48:16 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 245979)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-17 14:48:16 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-17 14:48:12 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-17 14:48:11 ESENT 916 General svchost (5848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:46:51 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-17 14:46:27 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-17 14:46:26 ESENT 326 General "SearchIndexer (4948,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000021B:0063:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.002300 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.062300 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000534 +J(0) [5] - [6] - [7] 0.024064 -0.001684 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:200K # 0K, PF:644K # 0K, P:644K) [8] 0.001440 -0.000915 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 108K, P:256K) [9] 0.001011 -0.000624 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000044 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000117 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-17 14:46:26 ESENT 105 General "SearchIndexer (4948,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.006665 +J(0) +M(C:0K, Fs:251, WS:988K # 988K, PF:5556K # 5556K, P:5556K) [2] 0.000975 +J(0) +M(C:10240K, Fs:102, WS:404K # 404K, PF:376K # 376K, P:376K) [3] 0.001012 +J(0) +M(C:0K, Fs:21, WS:80K # 80K, PF:68K # 68K, P:68K) [4] 0.000276 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006233 +J(0) +M(C:0K, Fs:21, WS:84K # 84K, PF:24K # 32K, P:24K) [6] 0.004911 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 8K, P:16K) [7] 0.022633 +J(0) +M(C:0K, Fs:285, WS:1136K # 1136K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.006335 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000117 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000616 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-17 14:46:26 ESENT 916 General SearchIndexer (4948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:46:26 ESENT 102 General SearchIndexer (4948,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-17 14:46:23 ESENT 916 General taskhostw (3576,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:46:22 TV Server 0 None Service started successfully. Information 2018-01-17 14:46:09 ESENT 916 General svchost (3112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:46:04 ESENT 916 General svchost (3760,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:46:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 14:46:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 14:46:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 14:46:03 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-17 14:46:03 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:45:53 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 85005777 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:52 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:51 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-17 14:45:51 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:50 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-17 14:45:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-17 14:45:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-17 14:45:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-17 14:45:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 14:45:44 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-17 14:45:44 ESENT 916 General svchost (2244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:45:43 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-17 14:45:43 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-17 14:45:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-17 14:45:42 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-17 14:45:40 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-17 14:45:13 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-17 14:45:12 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:12 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:12 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 14:45:10 TV Server 0 None Service has been successfully shut down. Information 2018-01-17 14:45:09 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 25 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 688 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2760 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8524 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 568 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2018-01-17 14:45:09 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 14:45:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-17 14:45:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-17 14:43:46 ESENT 916 General svchost (2396,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:43:46 ESENT 916 General DllHost (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:41:00 ESENT 916 General svchost (3908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 14:32:36 ESENT 916 General svchost (2156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:57:53 ESENT 916 General svchost (3908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:57:08 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-17 13:53:26 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-17 13:50:37 ESENT 326 General "svchost (1484,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000006:000E:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001793 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.057755 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:255/1) +M(C:0K, Fs:27, WS:92K # 32K, PF:28K # 0K, P:28K) [4] 0.001954 +J(0) [5] - [6] - [7] 0.002755 -0.001879 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:17, WS:68K # 64K, PF:56K # 24K, P:56K) [8] 0.000876 -0.000400 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 112K, PF:196K # 192K, P:196K) [9] 0.000552 -0.000318 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000036 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-17 13:50:37 ESENT 105 General "svchost (1484,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000006:0009:0000 - 00000006:000C:0000 - 00000000:0000:0000 - 00000006:000C:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.005668 +J(0) +M(C:0K, Fs:175, WS:692K # 692K, PF:3416K # 3416K, P:3416K) [2] 0.001361 +J(0) +M(C:8K, Fs:89, WS:344K # 344K, PF:308K # 308K, P:308K) [3] 0.000083 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000625 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.027620 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:24K # 24K, P:24K) [6] 0.005739 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.004462 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.061060 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:44616/27) +M(C:0K, Fs:151, WS:316K # 316K, PF:228K # 232K, P:228K) [9] - [10] 0.001689 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000064 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.020616 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:52K # 0K, P:52K) [13] 0.080720 -0.000650 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:54, WS:96K # 128K, PF:164K # 220K, P:164K) [14] 0.000032 +J(0) [15] 0.000026 +J(0) [16] 0.001955 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-17 13:50:37 ESENT 302 Logging/Recovery svchost (1484,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-17 13:50:37 ESENT 301 Logging/Recovery "svchost (1484,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-17 13:50:37 ESENT 300 Logging/Recovery svchost (1484,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-17 13:50:37 ESENT 916 General svchost (1484,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:50:37 ESENT 102 General svchost (1484,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-17 13:45:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:31Z. Reason: RulesEngine. Information 2018-01-17 13:44:44 ESENT 916 General svchost (6864,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:42:44 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-17 13:42:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:44Z. Reason: RulesEngine. Information 2018-01-17 13:42:14 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-17 13:42:14 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 246045)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-17 13:42:13 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-17 13:42:11 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-17 13:42:10 ESENT 916 General svchost (8252,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:40:54 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-17 13:40:31 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-17 13:40:30 ESENT 326 General "SearchIndexer (7428,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000021A:00FD:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.010518 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.037529 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:148K # 0K, P:148K) [4] 0.000528 +J(0) [5] - [6] - [7] 0.056660 -0.001580 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:212K # 0K, PF:660K # 0K, P:660K) [8] 0.001313 -0.000809 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000832 -0.000549 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-17 13:40:30 ESENT 105 General "SearchIndexer (7428,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.012434 +J(0) +M(C:0K, Fs:290, WS:1132K # 1132K, PF:5560K # 5560K, P:5560K) [2] 0.001016 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000078 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000236 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005660 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004727 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.005701 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.018315 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:72, WS:-744K # 272K, PF:-1004K # 36K, P:-1004K) [14] 0.000034 +J(0) [15] 0.000109 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000603 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-17 13:40:30 ESENT 916 General SearchIndexer (7428,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:40:30 ESENT 102 General SearchIndexer (7428,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-17 13:40:27 ESENT 916 General taskhostw (4012,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:40:24 TV Server 0 None Service started successfully. Information 2018-01-17 13:40:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 13:40:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 13:40:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 13:40:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 13:40:12 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-17 13:40:10 ESENT 916 General svchost (3896,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:40:06 ESENT 916 General svchost (3908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:40:05 ESENT 916 General svchost (3300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:39:57 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:56 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:56 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:56 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:56 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:56 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:56 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 85005015 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:55 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-17 13:39:54 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:53 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-17 13:39:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-17 13:39:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-17 13:39:51 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 13:39:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-17 13:39:47 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-17 13:39:47 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-17 13:39:46 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-17 13:39:46 ESENT 916 General svchost (2156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:39:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-17 13:39:44 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-17 13:39:44 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-17 13:39:42 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-17 13:39:13 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-17 13:39:12 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:12 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:12 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:12 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 13:39:10 TV Server 0 None Service has been successfully shut down. Information 2018-01-17 13:39:09 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-17 13:39:09 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 22 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 7836 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8616 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 7024 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-17 13:39:09 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 13:39:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-17 13:39:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-17 13:39:05 ESENT 916 General svchost (9312,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:39:03 ESENT 916 General DllHost (5288,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:34:41 ESENT 916 General svchost (2120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:27:06 ESENT 916 General MicrosoftEdge (8676,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:25:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:01Z. Reason: RulesEngine. Information 2018-01-17 13:23:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:19Z. Reason: RulesEngine. Information 2018-01-17 13:21:33 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 13:21:33 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 13:20:37 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-17 13:20:18 ESENT 916 General svchost (2120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:19:54 ESENT 916 General taskhostw (6756,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:19:54 ESENT 916 General svchost (3292,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 13:19:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-17 13:19:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-17 13:19:41 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-17 13:19:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-17 13:19:40 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 13:19:36 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-17 13:19:36 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-17 13:19:35 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-17 01:25:03 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-17 01:25:02 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3548 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3548 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3548 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-17 01:25:02 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 684 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2668 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8616 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 564 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3732 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-17 01:25:02 ESENT 916 General svchost (3800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 01:25:02 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 01:25:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-17 01:25:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-17 01:24:56 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-17 01:24:49 ESENT 916 General DllHost (5816,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 01:20:00 ESENT 916 General svchost (3800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 01:19:22 ESENT 916 General DllHost (5816,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 01:07:42 ESENT 916 General svchost (2120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 01:01:08 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER35E7.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B85.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BF2.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C60.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_239b441f Analysis symbol: Rechecking for solution: 0 Report Id: 68dc05c0-df48-459e-b17c-3a0f2e7ddcc0 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-17 01:01:04 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-17 01:01:04 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-17 00:57:48 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AD9.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FEB.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3057.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER30C6.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_23a037e9 Analysis symbol: Rechecking for solution: 0 Report Id: 6d131cb1-ac3a-4b27-acd9-439b1ba3de55 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-17 00:57:45 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-17 00:57:45 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-17 00:44:59 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-17 00:43:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:37Z. Reason: RulesEngine. Information 2018-01-17 00:42:19 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-17 00:42:01 ESENT 916 General svchost (1576,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:42:01 ESENT 916 General DllHost (5816,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:39:50 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6FF.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD0B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD96.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE14.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_27e3c603 Analysis symbol: Rechecking for solution: 0 Report Id: 3467d646-99cf-4d68-b7da-d4eefc5e9320 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-17 00:39:47 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-17 00:39:46 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-17 00:37:57 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-17 00:37:57 MsiInstaller 11728 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Configuration completed successfully. Information 2018-01-17 00:37:37 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎16T23:36:55.268636400Z. Information 2018-01-17 00:37:37 MsiInstaller 1042 None Ending a Windows Installer transaction: {6E6E5769-F433-4341-AD13-7017E59716C1}. Client Process Id: 9416. Information 2018-01-17 00:37:37 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-17 00:37:37 MsiInstaller 11728 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Configuration completed successfully. Error 2018-01-17 00:37:10 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-17 00:36:55 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎16T23:36:55.268636400Z. Information 2018-01-17 00:36:54 MsiInstaller 1040 None Beginning a Windows Installer transaction: {6E6E5769-F433-4341-AD13-7017E59716C1}. Client Process Id: 9416. Information 2018-01-17 00:36:54 ESENT 916 General svchost (3748,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:36:54 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-17 00:36:54 MsiInstaller 11728 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Configuration completed successfully. Information 2018-01-17 00:36:54 System Restore 8194 None "Successfully created restore point (Process = D:\Mp2_Plugins\StreamedMP-3.2.1.0 (1).exe (1).exe"" ; Description = Installed MediaPortal StreamedMP Skin 3.2.1)." Information 2018-01-17 00:34:51 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-17 00:32:15 ESENT 916 General MicrosoftEdge (5968,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:24:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:25Z. Reason: RulesEngine. Information 2018-01-17 00:22:22 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-17 00:22:22 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:16Z. Reason: RulesEngine. Information 2018-01-17 00:21:46 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-17 00:21:46 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 246845)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-17 00:21:43 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-17 00:21:14 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-17 00:21:10 ESENT 916 General svchost (8968,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:19:40 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-17 00:19:33 TV Server 0 None Service started successfully. Information 2018-01-17 00:19:15 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-17 00:19:14 ESENT 326 General "SearchIndexer (7200,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000021A:009A:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.003623 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.024526 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000530 +J(0) [5] - [6] - [7] 0.046957 -0.001568 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001443 -0.000910 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000948 -0.000584 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000038 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000114 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-17 00:19:14 ESENT 105 General "SearchIndexer (7200,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002762 +J(0) +M(C:0K, Fs:174, WS:680K # 680K, PF:5472K # 5464K, P:5472K) [2] 0.000983 +J(0) +M(C:10240K, Fs:143, WS:568K # 568K, PF:388K # 388K, P:388K) [3] 0.000076 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000268 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005954 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.006249 +J(0) +M(C:0K, Fs:34, WS:136K # 136K, PF:28K # 28K, P:28K) [7] 0.010734 +J(0) +M(C:0K, Fs:281, WS:1120K # 1120K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.005452 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000034 +J(0) [15] 0.000213 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.004356 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-17 00:19:14 ESENT 916 General SearchIndexer (7200,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:19:14 ESENT 102 General SearchIndexer (7200,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-17 00:19:07 ESENT 916 General taskhostw (4020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:18:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 00:18:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 00:18:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 00:18:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-17 00:18:57 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-17 00:18:55 ESENT 916 General svchost (3748,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:18:54 ESENT 916 General svchost (3292,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:18:53 ESENT 916 General svchost (3800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:18:41 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:41 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:41 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:41 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:41 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:41 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:41 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 85001149 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:41 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:40 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:39 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-17 00:18:39 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:18:39 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-17 00:18:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-17 00:18:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-17 00:18:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-17 00:18:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 00:18:32 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-17 00:18:32 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-17 00:18:32 ESENT 916 General svchost (2120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:18:32 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-17 00:18:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-17 00:18:30 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-17 00:18:28 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-17 00:17:58 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-17 00:17:57 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:17:57 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:17:57 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-17 00:17:57 TV Server 0 None Service has been successfully shut down. Information 2018-01-17 00:17:54 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 7908 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8076 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 7600 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children " Information 2018-01-17 00:17:54 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-17 00:17:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-17 00:17:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-17 00:17:49 ESENT 916 General svchost (1652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:17:49 ESENT 916 General DllHost (8696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-17 00:11:44 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBBEC.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC321.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC39D.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3FC.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_227dd020 Analysis symbol: Rechecking for solution: 0 Report Id: 6a64d6ba-a91a-4685-b2f6-9e53532a578d Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-17 00:11:39 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-17 00:11:39 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-16 23:59:12 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 23:53:04 ESENT 916 General DllHost (8696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 23:45:10 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-16 23:44:38 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 23:44:25 ESENT 916 General svchost (3148,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 23:44:22 ESENT 916 General taskhostw (6016,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 23:44:17 ESENT 916 General svchost (3148,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 23:44:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-16 23:44:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-16 23:44:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-16 23:44:11 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-16 23:44:11 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 23:44:10 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-16 23:44:09 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-16 23:44:08 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-16 21:43:38 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-16 21:43:37 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3356 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3356 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3356 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 1808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 1808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 1808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-16 21:43:37 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 692 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2664 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8076 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2296 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2296 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2296 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2296 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2296 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-16 21:43:37 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 21:43:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 21:43:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-16 21:43:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-16 21:43:35 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-16 21:43:30 ESENT 916 General svchost (7360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 21:43:30 ESENT 916 General DllHost (464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 21:36:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 21:13:50 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 20:35:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 20:13:51 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 19:34:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 19:13:50 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 18:33:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 18:31:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 18:31:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 18:13:51 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 17:32:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 17:09:51 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 16:31:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 16:13:50 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 15:30:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 15:05:55 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:44:01 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:32:43 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-16 14:32:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:42Z. Reason: RulesEngine. Information 2018-01-16 14:31:41 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-16 14:31:41 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 247435)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-16 14:31:40 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-16 14:31:39 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-16 14:31:28 ESENT 916 General svchost (3288,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:30:02 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-16 14:29:37 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-16 14:29:36 ESENT 326 General "SearchIndexer (1976,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000021A:0053:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.002521 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.034285 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000593 +J(0) [5] - [6] - [7] 0.036083 -0.001495 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:204K # 0K, PF:640K # 0K, P:640K) [8] 0.002375 -0.001831 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 120K, P:256K) [9] 0.002673 -0.002309 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000043 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000123 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-16 14:29:36 ESENT 105 General "SearchIndexer (1976,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004231 +J(0) +M(C:0K, Fs:236, WS:924K # 924K, PF:5492K # 5492K, P:5492K) [2] 0.000979 +J(0) +M(C:10240K, Fs:106, WS:424K # 424K, PF:388K # 388K, P:388K) [3] 0.000076 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000254 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:228K # 228K, P:228K) [5] 0.007504 +J(0) +M(C:0K, Fs:54, WS:216K # 216K, PF:24K # 32K, P:24K) [6] 0.005503 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 12K, P:20K) [7] 0.005120 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.005137 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000035 +J(0) [15] 0.000115 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000613 +J(0) +M(C:0K, Fs:6, WS:16K # 0K, PF:12K # 0K, P:12K)." Information 2018-01-16 14:29:36 ESENT 916 General SearchIndexer (1976,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:29:36 ESENT 102 General SearchIndexer (1976,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-16 14:29:34 TV Server 0 None Service started successfully. Information 2018-01-16 14:29:30 ESENT 916 General taskhostw (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:29:17 ESENT 916 General svchost (3592,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:29:16 ESENT 916 General svchost (3148,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:29:16 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 14:29:16 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 14:29:16 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-16 14:29:13 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:29:03 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:03 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:02 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:02 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:02 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:02 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:02 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 84995278 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:02 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:02 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-16 14:29:01 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:29:01 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-16 14:28:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-16 14:28:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-16 14:28:59 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 14:28:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-16 14:28:54 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-16 14:28:54 ESENT 916 General svchost (2296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:28:53 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-16 14:28:53 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-16 14:28:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-16 14:28:50 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-16 14:28:51 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-16 14:28:22 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-16 14:28:21 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:28:21 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 14:28:19 TV Server 0 None Service has been successfully shut down. Information 2018-01-16 14:28:18 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2740 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 4024 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2152 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3792 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2018-01-16 14:28:18 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 14:28:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-16 14:28:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-16 14:28:12 ESENT 916 General svchost (8164,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:28:12 ESENT 916 General DllHost (8992,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 14:12:33 ESENT 916 General svchost (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 13:44:13 ESENT 916 General svchost (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 13:39:00 ESENT 916 General svchost (3800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 13:07:57 ESENT 916 General svchost (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:53:08 ESENT 916 General svchost (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:41:58 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-16 12:41:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:58Z. Reason: RulesEngine. Error 2018-01-16 12:41:44 SideBySide 33 None "Activation context generation failed for ""C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.16299.15_none_e10a04e314dd6b63\Narrator.exe"". Dependent Assembly SRH,type=""win32"",version=""1.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-16 12:40:50 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-16 12:40:49 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 247546)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-16 12:40:48 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-16 12:40:35 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-16 12:40:31 ESENT 916 General svchost (8848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:39:08 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-16 12:38:45 ESENT 916 General svchost (3212,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:38:45 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-16 12:38:45 TV Server 0 None Service started successfully. Information 2018-01-16 12:38:44 ESENT 326 General "SearchIndexer (7348,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000021A:001C:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.030916 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.112006 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000494 +J(0) [5] - [6] - [7] 0.131299 -0.002077 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:56, WS:220K # 0K, PF:664K # 0K, P:664K) [8] 0.001420 -0.000872 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.000995 -0.000623 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000116 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-16 12:38:44 ESENT 105 General "SearchIndexer (7348,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.013769 +J(0) +M(C:0K, Fs:228, WS:896K # 896K, PF:5472K # 5472K, P:5472K) [2] 0.000951 +J(0) +M(C:10240K, Fs:104, WS:416K # 416K, PF:392K # 392K, P:392K) [3] 0.014286 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000291 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005777 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.039957 +J(0) +M(C:0K, Fs:33, WS:124K # 124K, PF:20K # 20K, P:20K) [7] 0.070347 +J(0) +M(C:0K, Fs:329, WS:1316K # 1316K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.014948 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:21, WS:-948K # 68K, PF:-996K # 28K, P:-996K) [14] 0.000040 +J(0) [15] 0.000133 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000640 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-16 12:38:44 ESENT 916 General SearchIndexer (7348,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:38:44 ESENT 102 General SearchIndexer (7348,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-16 12:38:38 ESENT 916 General taskhostw (3660,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:38:26 ESENT 916 General svchost (3776,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:38:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 12:38:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 12:38:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 12:38:26 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-16 12:38:23 ESENT 916 General svchost (3800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:38:21 ESENT 916 General svchost (3212,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:38:10 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 84991890 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:10 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:09 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-16 12:38:09 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 12:38:08 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-16 12:38:06 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-16 12:38:05 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 12:38:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-16 12:38:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-16 12:38:01 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-16 12:38:01 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-16 12:38:01 ESENT 916 General svchost (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:38:00 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-16 12:37:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-16 12:37:57 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-16 12:37:58 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-16 12:37:29 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-16 12:37:26 TV Server 0 None Service has been successfully shut down. Information 2018-01-16 12:37:25 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 4984 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2712 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 7924 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children " Information 2018-01-16 12:37:25 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 12:37:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-16 12:37:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-16 12:37:08 ESENT 916 General DllHost (6384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:20:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 12:14:35 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 11:38:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:01Z. Reason: RulesEngine. Information 2018-01-16 11:36:51 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 11:19:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 11:14:35 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 10:18:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 10:05:55 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:57:12 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:57:12 ESENT 916 General DllHost (6384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:49:24 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:24Z. Reason: RulesEngine. Information 2018-01-16 09:49:00 ESENT 916 General MicrosoftEdge (3444,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:48:36 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:32:09 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-16 09:30:16 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:28:12 ESENT 326 General "svchost (8188,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000006:000A:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.013169 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.021806 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.009271 +J(0) [5] - [6] - [7] 0.001589 -0.000909 (2) CM +J(CM:2, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:17, WS:68K # 36K, PF:56K # 28K, P:56K) [8] 0.001063 -0.000601 (3) CM +J(CM:3, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 112K, PF:196K # 192K, P:196K) [9] 0.000936 -0.000622 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:116K # 116K, P:116K) [10] 0.000042 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000116 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-16 09:28:12 ESENT 105 General "svchost (8188,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000006:0005:0000 - 00000006:0008:0000 - 00000000:0000:0000 - 00000006:0008:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.004616 +J(0) +M(C:0K, Fs:171, WS:680K # 680K, PF:3412K # 3412K, P:3412K) [2] 0.000801 +J(0) +M(C:8K, Fs:87, WS:344K # 344K, PF:300K # 300K, P:300K) [3] 0.000040 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000240 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.007129 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:24K # 24K, P:24K) [6] 0.007801 +J(0) +M(C:0K, Fs:34, WS:132K # 132K, PF:24K # 24K, P:24K) [7] 0.005532 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.070630 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:28392/17) +M(C:0K, Fs:136, WS:320K # 320K, PF:280K # 280K, P:280K) [9] - [10] 0.001634 +J(0) +M(C:0K, Fs:12, WS:-12K # 44K, PF:-56K # 4K, P:-56K) [11] 0.000081 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.009378 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.071836 -0.001030 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 96K, PF:160K # 168K, P:160K) [14] 0.000030 +J(0) [15] 0.000026 +J(0) [16] 0.004878 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-16 09:28:12 ESENT 302 Logging/Recovery svchost (8188,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-16 09:28:12 ESENT 301 Logging/Recovery "svchost (8188,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-16 09:28:12 ESENT 300 Logging/Recovery svchost (8188,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-16 09:28:12 ESENT 916 General svchost (8188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:28:12 ESENT 102 General svchost (8188,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-16 09:24:19 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-16 09:20:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:51Z. Reason: RulesEngine. Information 2018-01-16 09:20:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 09:20:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 09:18:05 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-16 09:17:37 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:17:19 ESENT 916 General taskhostw (8012,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:17:16 ESENT 916 General svchost (3316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:17:09 ESENT 916 General svchost (3316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 09:17:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-16 09:17:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-16 09:17:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-16 09:17:07 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-16 09:17:07 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 09:17:04 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-16 09:17:03 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-16 09:17:03 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-16 01:39:28 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-16 01:39:27 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3504 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3504 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3504 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-16 01:39:27 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 688 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2712 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 568 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-16 01:39:27 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 01:39:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-16 01:39:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-16 01:39:21 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-16 01:38:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 01:07:07 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:43:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:28Z. Reason: RulesEngine. Information 2018-01-16 00:40:33 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-16 00:40:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:33Z. Reason: RulesEngine. Information 2018-01-16 00:40:03 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-16 00:40:03 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 248267)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-16 00:40:01 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-16 00:39:51 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-16 00:39:48 ESENT 916 General svchost (8512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:38:19 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-16 00:37:55 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-16 00:37:54 ESENT 326 General "SearchIndexer (7436,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000219:00CD:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.004195 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.024088 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000551 +J(0) [5] - [6] - [7] 0.031405 -0.001545 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:50, WS:200K # 0K, PF:640K # 0K, P:640K) [8] 0.001418 -0.000853 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 116K, P:256K) [9] 0.000967 -0.000647 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000138 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-16 00:37:54 ESENT 105 General "SearchIndexer (7436,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.007630 +J(0) +M(C:0K, Fs:224, WS:880K # 880K, PF:5460K # 5460K, P:5460K) [2] 0.000712 +J(0) +M(C:10240K, Fs:105, WS:420K # 420K, PF:384K # 384K, P:384K) [3] 0.000161 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000296 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006564 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005541 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.021194 +J(0) +M(C:0K, Fs:321, WS:1284K # 1284K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.005648 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000122 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000636 +J(0) +M(C:0K, Fs:5, WS:12K # 0K, PF:8K # 0K, P:8K)." Information 2018-01-16 00:37:54 ESENT 916 General SearchIndexer (7436,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:37:54 ESENT 102 General SearchIndexer (7436,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-16 00:37:50 ESENT 916 General taskhostw (3992,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:37:49 TV Server 0 None Service started successfully. Information 2018-01-16 00:37:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:37:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:37:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:37:35 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:37:35 ESENT 916 General svchost (3316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:37:35 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-16 00:37:35 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:37:35 ESENT 916 General svchost (4012,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:37:20 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:20 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 83116089 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:19 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:18 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:18 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:18 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:18 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:18 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-16 00:37:18 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:37:18 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-16 00:37:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-16 00:37:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-16 00:37:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-16 00:37:16 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 00:37:11 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-16 00:37:11 ESENT 916 General svchost (2184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:37:10 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-16 00:37:10 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-16 00:37:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-16 00:37:08 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-16 00:37:07 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-16 00:36:39 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-16 00:36:38 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:36:38 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:36:38 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:36:38 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:36:35 TV Server 0 None Service has been successfully shut down. Information 2018-01-16 00:36:34 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-16 00:36:34 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 27 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 3508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 868 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-16 00:36:34 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 00:36:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-16 00:36:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-16 00:35:26 ESENT 916 General MicrosoftEdge (8796,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:33:57 ESENT 916 General svchost (7200,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:33:56 ESENT 916 General DllHost (7812,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:29:47 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-16 00:29:47 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:47Z. Reason: RulesEngine. Information 2018-01-16 00:28:46 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-16 00:28:46 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 248278)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-16 00:28:45 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-16 00:28:44 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-16 00:28:42 ESENT 916 General svchost (6580,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:27:10 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-16 00:26:50 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-16 00:26:49 ESENT 326 General "SearchIndexer (7340,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000219:0084:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.012017 +J(0) +M(C:0K, Fs:25, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.026359 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:128K # 0K, PF:148K # 0K, P:148K) [4] 0.000520 +J(0) [5] - [6] - [7] 0.068865 -0.001512 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:200K # 0K, PF:644K # 0K, P:644K) [8] 0.001443 -0.000906 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 112K, P:256K) [9] 0.000979 -0.000609 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000117 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-16 00:26:49 ESENT 105 General "SearchIndexer (7340,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.010546 +J(0) +M(C:0K, Fs:285, WS:1116K # 1116K, PF:5500K # 5500K, P:5500K) [2] 0.000977 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000084 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000237 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.007123 +J(0) +M(C:0K, Fs:67, WS:268K # 268K, PF:80K # 88K, P:80K) [6] 0.005858 +J(0) +M(C:0K, Fs:33, WS:128K # 128K, PF:20K # 12K, P:20K) [7] 0.005294 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.014578 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1024K # 12K, P:-1024K) [14] 0.000040 +J(0) [15] 0.000108 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000719 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-16 00:26:49 ESENT 916 General SearchIndexer (7340,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:26:49 ESENT 102 General SearchIndexer (7340,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-16 00:26:43 ESENT 916 General taskhostw (3820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:26:42 TV Server 0 None Service started successfully. Information 2018-01-16 00:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:26:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:26:29 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-16 00:26:26 ESENT 916 General svchost (3688,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:26:25 ESENT 916 General svchost (3620,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:26:23 ESENT 916 General svchost (3208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:26:13 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:13 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:13 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:13 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:13 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:12 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:12 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 83115609 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:12 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:12 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:11 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-16 00:26:11 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:26:10 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-16 00:26:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-16 00:26:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-16 00:26:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-16 00:26:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 00:26:02 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-16 00:26:02 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-16 00:26:02 ESENT 916 General svchost (2124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:26:02 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-16 00:26:00 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-16 00:25:59 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-16 00:25:59 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-16 00:25:30 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-16 00:25:29 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:25:29 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:25:26 TV Server 0 None Service has been successfully shut down. Information 2018-01-16 00:25:25 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 708 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2212 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3668 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2212 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3668 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2212 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3668 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3668 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2212 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3668 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2212 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2018-01-16 00:25:25 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 00:25:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-16 00:25:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-16 00:25:19 ESENT 916 General svchost (7052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:25:19 ESENT 916 General DllHost (4716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:19:28 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-16 00:19:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:28Z. Reason: RulesEngine. Information 2018-01-16 00:18:28 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-16 00:18:28 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 248288)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-16 00:18:27 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-16 00:18:26 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-16 00:18:24 ESENT 916 General svchost (7388,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:16:54 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-16 00:16:29 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-16 00:16:28 ESENT 326 General "SearchIndexer (7736,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000219:0048:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.007870 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.026149 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:140K # 0K, P:140K) [4] 0.000542 +J(0) [5] - [6] - [7] 0.073263 -0.001630 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001316 -0.000774 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000940 -0.000586 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:12, WS:44K # 0K, PF:100K # 100K, P:100K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-16 00:16:28 ESENT 105 General "SearchIndexer (7736,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004427 +J(0) +M(C:0K, Fs:213, WS:836K # 836K, PF:5460K # 5460K, P:5460K) [2] 0.001006 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000085 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000250 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.008590 +J(0) +M(C:0K, Fs:72, WS:288K # 288K, PF:36K # 44K, P:36K) [6] 0.006009 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 12K, P:20K) [7] 0.005639 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.007216 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000122 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000698 +J(0) +M(C:0K, Fs:5, WS:12K # 0K, PF:8K # 0K, P:8K)." Information 2018-01-16 00:16:28 ESENT 916 General SearchIndexer (7736,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:16:28 ESENT 102 General SearchIndexer (7736,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-16 00:16:25 TV Server 0 None Service started successfully. Information 2018-01-16 00:16:19 ESENT 916 General taskhostw (4000,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:16:06 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:16:06 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:16:06 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:16:06 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-16 00:16:06 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-16 00:16:05 ESENT 916 General svchost (3816,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:16:05 ESENT 916 General svchost (3324,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:16:03 ESENT 916 General svchost (3844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:15:54 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:54 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:54 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:54 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:54 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:54 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:54 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 83115129 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:53 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:53 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:53 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:53 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:52 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:52 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:52 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:52 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:52 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:52 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-16 00:15:52 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:52 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-16 00:15:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-16 00:15:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-16 00:15:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-16 00:15:50 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 00:15:44 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-16 00:15:44 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-16 00:15:44 ESENT 916 General svchost (2212,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:15:44 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-16 00:15:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-16 00:15:42 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-16 00:15:40 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-16 00:15:12 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-16 00:15:11 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:11 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:11 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:11 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-16 00:15:09 TV Server 0 None Service has been successfully shut down. Information 2018-01-16 00:15:08 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-16 00:15:08 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 29 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 8276 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3516 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8004 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 8848 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3516 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-16 00:15:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-16 00:15:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 3 The request is not supported " Information 2018-01-16 00:15:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-16 00:15:03 ESENT 916 General svchost (5520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-16 00:09:29 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:55:56 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:48:30 Microsoft-Windows-RestartManager 10001 None Ending session 3 started ‎2018‎-‎01‎-‎15T22:46:42.902979300Z. Information 2018-01-15 23:46:42 Microsoft-Windows-RestartManager 10000 None Starting session 3 - ‎2018‎-‎01‎-‎15T22:46:42.902979300Z. Information 2018-01-15 23:44:05 ESENT 916 General DllHost (6484,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:42:53 ESENT 916 General MicrosoftEdge (2764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:41:55 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-15 23:41:20 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:41:08 ESENT 916 General taskhostw (6924,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:41:05 ESENT 916 General svchost (3248,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:40:57 ESENT 916 General taskhostw (6924,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 23:40:56 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-15 23:40:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 3 The request is not supported " Information 2018-01-15 23:40:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 3 The request is not supported " Information 2018-01-15 23:40:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-15 23:40:55 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-15 23:40:53 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-15 23:40:52 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-15 23:40:52 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-15 22:41:00 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-15 22:41:00 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes " Information 2018-01-15 22:40:59 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 25 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 5316 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\PageSetup Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software Process 8004 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\International\Scripts\3 Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Policies Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Settings Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\International\Scripts Process 3180 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 6704 (\Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer " Information 2018-01-15 22:40:59 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-15 22:40:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-15 22:40:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-15 22:40:58 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 22:40:49 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-15 22:40:43 ESENT 916 General svchost (5164,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 22:18:04 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 22:12:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 21:11:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 21:08:03 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 20:10:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 20:04:01 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 19:09:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-15 19:09:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-15 19:09:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 19:04:12 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 18:18:04 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 18:09:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 17:54:59 ESENT 916 General svchost (2064,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 17:53:35 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:35Z. Reason: RulesEngine. Information 2018-01-15 17:52:42 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 17:18:03 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 17:08:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 16:35:53 ESENT 916 General svchost (9476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 16:09:29 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 16:07:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 15:07:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-15 15:07:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-15 15:06:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 15:03:35 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 14:10:06 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 14:07:21 ESENT 916 General svchost (7128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 14:05:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 13:14:03 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 13:04:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 12:12:32 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 12:03:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 11:36:43 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <323C118E1BF7B8B65254E2E2100DD6029037F096>. Information 2018-01-15 11:36:43 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <323C118E1BF7B8B65254E2E2100DD6029037F096>. Information 2018-01-15 11:30:27 ESENT 916 General DllHost (6420,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 11:30:10 ESENT 916 General MicrosoftEdge (4660,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 11:07:23 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:23Z. Reason: RulesEngine. Information 2018-01-15 11:06:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:10Z. Reason: RulesEngine. Information 2018-01-15 11:04:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-15 11:04:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-15 11:03:11 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-15 11:02:54 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 11:02:31 ESENT 916 General taskhostw (1124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 11:02:28 ESENT 916 General svchost (3248,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 11:02:22 ESENT 916 General svchost (3248,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-15 11:02:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-15 11:02:15 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-15 11:02:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-15 11:02:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-15 11:02:11 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-15 11:02:09 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-15 11:02:09 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-15 11:02:09 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-14 22:08:14 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-14 22:08:13 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 53 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3560 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3560 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3560 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8780 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8780 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8780 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\ActivatableClasses Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\ActivatableClasses\Package Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\ActivatableClasses\Package\Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\MIME\Database\Content Type\video/mp4 Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-14 22:08:13 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 54 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8004 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies Process 2096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3624 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\VideoSettings Process 4080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2608 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 8888 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Control Panel\International\User Profile " Information 2018-01-14 22:08:13 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 22:08:13 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 22:08:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-14 22:08:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-14 22:08:06 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-14 22:08:00 ESENT 916 General svchost (5828,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 21:14:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 21:09:16 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 20:25:55 Windows Error Reporting 1001 None "Fault bucket 2198967425105212057, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 66ad P8: 171 P9: System.ArgumentException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER131.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER146D.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER148C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER150A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_f08c99fe9195f3b7663408da47ace87bd4bd41_e905dbaa_14f31bce Analysis symbol: Rechecking for solution: 0 Report Id: 2b50bf51-65c0-4887-962a-226dec705123 Report Status: 268435456 Hashed bucket: 6025bda96371a4748e844d38f60d3299" Error 2018-01-14 20:25:48 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x2478 Faulting application start time: 0x01d38d6c32ae5bd1 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\SMPEditor.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 2b50bf51-65c0-4887-962a-226dec705123 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-14 20:25:40 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4E1.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA61.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDADD.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB4B.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_19d6e30a Analysis symbol: Rechecking for solution: 0 Report Id: c31ddf77-f4a5-4def-9e37-bb9aced7bd69 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-14 20:25:36 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-14 20:25:36 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error 2018-01-14 20:16:12 Application Hang 1002 (101) "The program kodi.exe version 17.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 25e0 Start Time: 01d38d6af45c2473 Termination Time: 107 Application Path: C:\Program Files (x86)\Kodi\kodi.exe Report Id: 86927fad-aab0-4a99-afcc-234d782abba5 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-14 20:16:11 Windows Error Reporting 1001 None "Fault bucket 2110778122116297939, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: b279 P5: 134217728 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER94E8.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9506.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9584.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER2B2E.tmp.appcompat.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_kodi.exe_f1def174898835d6535d7b95088da915c61fdf1_4a57e4ee_24be3359 Analysis symbol: Rechecking for solution: 0 Report Id: 86927fad-aab0-4a99-afcc-234d782abba5 Report Status: 268435456 Hashed bucket: 43ce576dc47a26aa4d4afd84c86874d3" Information 2018-01-14 20:13:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 20:05:19 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 19:12:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 19:09:16 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 18:11:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 18:09:17 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 17:51:43 ESENT 916 General svchost (2064,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 17:51:35 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 17:35:10 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA6B.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBFDA.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0A5.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC123.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_015ac930 Analysis symbol: Rechecking for solution: 0 Report Id: 720dfe2b-ae43-4ec8-bc35-c5c5a797fb53 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-14 17:35:06 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-14 17:35:06 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-14 17:15:38 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCDCB.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD3C8.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD444.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4C2.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_200ce7fa Analysis symbol: Rechecking for solution: 0 Report Id: 6d86a0b5-5008-42cb-bf3c-f544640565b1 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-14 17:15:31 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-14 17:15:31 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-14 17:10:00 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 17:09:16 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 17:03:09 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:03:09.820991400Z. Information 2018-01-14 17:03:09 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:03:09.820991400Z. Information 2018-01-14 17:03:07 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:03:07.493032700Z. Information 2018-01-14 17:03:07 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:03:07.493032700Z. Information 2018-01-14 17:02:16 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:02:16.578296300Z. Information 2018-01-14 17:02:16 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:02:16.578296300Z. Information 2018-01-14 17:02:12 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:02:12.310859200Z. Information 2018-01-14 17:02:12 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:02:12.310859200Z. Information 2018-01-14 17:01:57 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:01:57.004043000Z. Information 2018-01-14 17:01:57 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:01:57.004043000Z. Information 2018-01-14 17:01:55 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:01:55.125313500Z. Information 2018-01-14 17:01:55 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:01:55.125313500Z. Information 2018-01-14 17:01:51 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:01:51.481907300Z. Information 2018-01-14 17:01:51 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:01:51.481907300Z. Information 2018-01-14 17:01:20 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎01‎-‎14T16:01:20.123683300Z. Information 2018-01-14 17:01:20 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎01‎-‎14T16:01:20.123683300Z. Information 2018-01-14 16:59:36 Windows Error Reporting 1001 None "Fault bucket 129572682250, type 5 Event Name: RADAR_PRE_LEAK_64 Response: Not available Cab Id: 0 Problem signature: P1: Azureus.exe P2: 5.0.0.0 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR30D4.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER30D5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3160.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER320D.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: d05f7c67-7d52-4312-ae4f-6fae5de9641a Report Status: 268435456 Hashed bucket: a96b3c36e71f5890da8d191dcaa30865" Information 2018-01-14 16:26:34 Windows Error Reporting 1001 None "Fault bucket 120855640427, type 4 Event Name: APPCRASH Response: Not available Cab Id: 1977853552477620849 Problem signature: P1: Azureus.exe P2: 5.0.0.0 P3: 56c6d48f P4: MSCTF.dll P5: 10.0.16299.19 P6: 9be5ad6b P7: c0000005 P8: 000000000004289f P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE14.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8A5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8D0.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE93F.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERF21C.tmp.appcompat.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERF327.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Azureus.exe_3391b06e18ba6d7272cd16d02c1c4e22da21b9c4_e523a1a6_cab_1f6bfd33 Analysis symbol: Rechecking for solution: 0 Report Id: 9a684160-6ecf-4ba2-80a6-d8bbd722fd79 Report Status: 268435464 Hashed bucket: 18740f5e62694cdbd1e6b21f710ca22f" Error 2018-01-14 16:26:26 Application Error 1000 (100) "Faulting application name: Azureus.exe, version: 5.0.0.0, time stamp: 0x56c6d48f Faulting module name: MSCTF.dll, version: 10.0.16299.19, time stamp: 0x9be5ad6b Exception code: 0xc0000005 Fault offset: 0x000000000004289f Faulting process id: 0xd38 Faulting application start time: 0x01d38d4afb6877a3 Faulting application path: C:\PROGRA~1\Vuze\Azureus.exe Faulting module path: C:\Windows\System32\MSCTF.dll Report Id: 9a684160-6ecf-4ba2-80a6-d8bbd722fd79 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-14 16:15:15 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:15Z. Reason: RulesEngine. Information 2018-01-14 16:12:33 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-14 16:12:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:33Z. Reason: RulesEngine. Information 2018-01-14 16:12:03 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-14 16:12:03 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 250215)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-14 16:12:02 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-14 16:12:00 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-14 16:11:58 ESENT 916 General svchost (9776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:11:12 ESENT 916 General DllHost (9548,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:10:36 ESENT 916 General MicrosoftEdge (8932,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:10:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-14 16:10:07 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-14 16:10:06 ESENT 326 General "SearchIndexer (7464,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001F8:0045:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.019253 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.026114 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000528 +J(0) [5] - [6] - [7] 0.068613 -0.001689 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001240 -0.000685 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 136K, P:260K) [9] 0.001091 -0.000602 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-14 16:10:06 ESENT 105 General "SearchIndexer (7464,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002858 +J(0) +M(C:0K, Fs:179, WS:700K # 700K, PF:5476K # 5476K, P:5476K) [2] 0.000837 +J(0) +M(C:10240K, Fs:142, WS:568K # 568K, PF:384K # 384K, P:384K) [3] 0.000075 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000226 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005776 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.007977 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.006585 +J(0) +M(C:0K, Fs:320, WS:1280K # 1280K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.020280 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:12, WS:-988K # 28K, PF:-1020K # 16K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000112 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000657 +J(0) +M(C:0K, Fs:5, WS:12K # 0K, PF:8K # 0K, P:8K)." Information 2018-01-14 16:10:06 ESENT 916 General SearchIndexer (7464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:10:06 ESENT 102 General SearchIndexer (7464,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-14 16:10:02 ESENT 916 General taskhostw (5024,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:10:02 TV Server 0 None Service started successfully. Information 2018-01-14 16:09:47 ESENT 916 General svchost (3584,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:09:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 16:09:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 16:09:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 16:09:45 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-14 16:09:44 ESENT 916 General svchost (3616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:09:41 ESENT 916 General svchost (3248,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:09:37 ESENT 916 General taskhostw (5024,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:09:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-14 16:09:29 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:29 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 78182199 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-14 16:09:28 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:28 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-14 16:09:27 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:09:27 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-14 16:09:27 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-14 16:09:26 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 16:09:20 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-14 16:09:20 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:09:19 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-14 16:09:20 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-14 16:09:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-14 16:09:18 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-14 16:09:16 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-14 16:08:48 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-14 16:08:48 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:08:48 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:08:44 TV Server 0 None Service has been successfully shut down. Information 2018-01-14 16:08:44 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-14 16:08:43 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 55 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 700 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 580 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 7460 (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Control Panel\International\User Profile " Information 2018-01-14 16:08:44 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 16:08:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-14 16:08:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-14 16:08:11 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-14 16:08:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 250219)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-14 16:08:10 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-14 16:08:07 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-14 16:08:03 ESENT 916 General svchost (10468,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:08:01 ESENT 916 General DllHost (10684,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-14 16:07:19 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 19e0 Start Time: 01d38d492ed49dac Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 72579ab9-1b74-4943-bc39-0f83bad7413f Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2018-01-14 16:07:18 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE22E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE27B.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE357.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_0735eb16 Analysis symbol: Rechecking for solution: 0 Report Id: 72579ab9-1b74-4943-bc39-0f83bad7413f Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2018-01-14 16:07:14 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2018-01-14 16:06:52 ESENT 916 General MicrosoftEdge (8488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:06:39 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-14 16:06:14 ESENT 916 General svchost (3172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:06:11 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-14 16:06:10 ESENT 326 General "SearchIndexer (7232,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001F8:0017:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.010345 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.032833 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:124K # 0K, PF:148K # 0K, P:148K) [4] 0.000524 +J(0) [5] - [6] - [7] 0.038349 -0.001535 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:204K # 0K, PF:640K # 0K, P:640K) [8] 0.001463 -0.000918 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 116K, P:260K) [9] 0.001210 -0.000820 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000042 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-14 16:06:10 ESENT 105 General "SearchIndexer (7232,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.005364 +J(0) +M(C:0K, Fs:221, WS:868K # 868K, PF:5472K # 5468K, P:5472K) [2] 0.000686 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000890 +J(0) +M(C:0K, Fs:5, WS:20K # 20K, PF:64K # 64K, P:64K) [4] 0.000264 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.005612 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.005680 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.021877 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.007533 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000034 +J(0) [15] 0.000110 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000616 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-14 16:06:10 ESENT 916 General SearchIndexer (7232,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:06:10 ESENT 102 General SearchIndexer (7232,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-14 16:06:08 ESENT 916 General taskhostw (3864,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:06:07 TV Server 0 None Service started successfully. Information 2018-01-14 16:05:53 ESENT 916 General svchost (4428,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:05:51 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 16:05:51 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 16:05:51 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 16:05:51 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-14 16:05:50 ESENT 916 General svchost (4384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:05:50 ESENT 916 General svchost (3172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:05:41 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:41 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:41 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:40 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:40 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:40 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:40 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 78181719 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:40 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:40 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:39 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-14 16:05:39 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 16:05:38 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-14 16:05:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-14 16:05:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-14 16:05:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-14 16:05:31 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 16:05:26 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-14 16:05:25 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-14 16:05:26 ESENT 916 General svchost (2052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 16:05:25 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-14 16:05:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-14 16:05:23 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-14 16:05:22 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-14 16:04:53 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-14 16:04:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-14 16:04:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 32 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 700 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3568 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 580 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-14 16:04:50 TV Server 0 None Service has been successfully shut down. Information 2018-01-14 16:04:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 16:04:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-14 16:04:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-14 16:04:43 ESENT 916 General svchost (1568,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:52:29 ESENT 916 General svchost (2072,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:42:04 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-14 15:41:24 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-14 15:41:24 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:24Z. Reason: RulesEngine. Information 2018-01-14 15:40:37 ESENT 916 General DllHost (9516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:40:11 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-14 15:40:10 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 250247)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-14 15:40:08 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-14 15:40:04 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-14 15:40:00 ESENT 916 General svchost (7828,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:39:57 ESENT 916 General MicrosoftEdge (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:39:41 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER553A.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5AD9.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B64.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5BC3.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0ab263e0 Analysis symbol: Rechecking for solution: 0 Report Id: 21fd9fa0-8cf3-455b-9add-5528bbf23d2f Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-14 15:39:37 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-14 15:39:37 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-14 15:38:25 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-14 15:38:04 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-14 15:38:01 ESENT 326 General "SearchIndexer (7176,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001F7:00D4:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.008582 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.035490 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:140K # 0K, P:140K) [4] 0.000538 +J(0) [5] - [6] - [7] 0.072886 -0.001582 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:56, WS:220K # 0K, PF:664K # 0K, P:664K) [8] 0.001427 -0.000905 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 116K, P:256K) [9] 0.000909 -0.000560 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000111 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-14 15:38:01 ESENT 105 General "SearchIndexer (7176,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.003680 +J(0) +M(C:0K, Fs:186, WS:724K # 724K, PF:5480K # 5480K, P:5480K) [2] 0.001046 +J(0) +M(C:10240K, Fs:139, WS:556K # 556K, PF:392K # 392K, P:392K) [3] 0.000094 +J(0) +M(C:0K, Fs:8, WS:32K # 32K, PF:64K # 64K, P:64K) [4] 0.000260 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.018485 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.005060 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.005289 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.044595 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:51, WS:-828K # 188K, PF:-1020K # 24K, P:-1020K) [14] 0.000035 +J(0) [15] 0.000122 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000636 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-14 15:38:01 ESENT 916 General SearchIndexer (7176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:38:01 ESENT 102 General SearchIndexer (7176,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-14 15:37:58 TV Server 0 None Service started successfully. Information 2018-01-14 15:37:55 ESENT 916 General taskhostw (3288,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:37:41 ESENT 916 General svchost (3544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:37:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 15:37:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 15:37:41 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-14 15:37:41 ESENT 916 General svchost (3512,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:37:38 ESENT 916 General svchost (3116,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:37:27 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:27 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:26 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:26 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:26 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:26 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:26 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 78181229 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:26 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:26 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-14 15:37:25 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:37:25 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-14 15:37:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-14 15:37:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-14 15:37:24 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 15:37:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-14 15:37:18 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-14 15:37:17 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-14 15:37:18 ESENT 916 General svchost (2072,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:37:18 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-14 15:37:16 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-14 15:37:16 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-14 15:37:14 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-14 15:36:46 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-14 15:36:45 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:36:45 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:36:45 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:36:43 TV Server 0 None Service has been successfully shut down. Information 2018-01-14 15:36:42 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-14 15:36:42 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 32 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 708 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3744 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2560 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-14 15:36:42 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 15:36:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-14 15:36:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-14 15:36:36 ESENT 916 General svchost (288,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:35:29 Windows Error Reporting 1001 None "Fault bucket 126041138031, type 5 Event Name: VSSetup Response: Not available Cab Id: 0 Problem signature: P1: unknown P2: unknown P3: 14.0.1535.0 P4: unknown P5: unknown P6: FixDotNet;unknown P7: unknown P8: unknown P9: unknown P10: Attached files: \\?\C:\Windows\windowsupdate.log \\?\C:\Windows\logs\cbs\cbs.log \\?\C:\Users\Eglobal\AppData\Local\Temp\FixDotNet.log \\?\C:\Users\Eglobal\AppData\Local\Temp\NetFxSetupEvents.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\dd_NetFxRepairTool_decompression_log.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\FixDotNet_HKCR_Installer.regdump \\?\C:\Users\Eglobal\AppData\Local\Temp\FixDotNet_HKLM_Installer.regdump \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBBF8.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBCC3.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD41.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_unknown_873321afffb557284db5cfbf49b44f8ed9e8e6_00000000_0d70c37a Analysis symbol: Rechecking for solution: 0 Report Id: 36661e78-8004-4c26-91ad-ff62b60ba153 Report Status: 268435456 Hashed bucket: ba93dbc72969994a9d97357854ac4d37" Information 2018-01-14 15:35:27 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: VSSetup Response: Not available Cab Id: 0 Problem signature: P1: unknown P2: unknown P3: 14.0.1535.0 P4: unknown P5: unknown P6: FixDotNet;unknown P7: unknown P8: unknown P9: unknown P10: Attached files: \\?\C:\Windows\windowsupdate.log \\?\C:\Windows\logs\cbs\cbs.log \\?\C:\Users\Eglobal\AppData\Local\Temp\FixDotNet.log \\?\C:\Users\Eglobal\AppData\Local\Temp\NetFxSetupEvents.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\dd_NetFxRepairTool_decompression_log.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\FixDotNet_HKCR_Installer.regdump \\?\C:\Users\Eglobal\AppData\Local\Temp\FixDotNet_HKLM_Installer.regdump These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 36661e78-8004-4c26-91ad-ff62b60ba153 Report Status: 1074003968 Hashed bucket: " Information 2018-01-14 15:14:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:30Z. Reason: RulesEngine. Information 2018-01-14 15:11:31 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-14 15:11:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:31Z. Reason: RulesEngine. Information 2018-01-14 15:11:01 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-14 15:11:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 250276)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-14 15:11:00 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-14 15:10:57 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-14 15:10:47 ESENT 916 General DllHost (9508,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:10:03 ESENT 916 General MicrosoftEdge (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:09:48 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-14 15:09:38 ESENT 916 General svchost (8268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:09:26 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-14 15:09:24 ESENT 326 General "SearchIndexer (7288,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001F7:0088:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.003872 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.031732 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000534 +J(0) [5] - [6] - [7] 0.024053 -0.002369 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:212K # 0K, PF:660K # 0K, P:660K) [8] 0.001658 -0.001125 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.001302 -0.000923 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000046 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000158 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-14 15:09:24 ESENT 105 General "SearchIndexer (7288,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.006190 +J(0) +M(C:0K, Fs:216, WS:844K # 844K, PF:5468K # 5468K, P:5468K) [2] 0.000720 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.002607 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:112K # 112K, P:112K) [4] 0.000260 +J(0) +M(C:0K, Fs:26, WS:100K # 100K, PF:228K # 228K, P:228K) [5] 0.005596 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.025337 +J(0) +M(C:0K, Fs:78, WS:308K # 308K, PF:32K # 32K, P:32K) [7] 0.012249 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.006242 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000034 +J(0) [15] 0.000113 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000650 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-14 15:09:24 ESENT 916 General SearchIndexer (7288,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:09:24 ESENT 102 General SearchIndexer (7288,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-14 15:09:24 ESENT 916 General taskhostw (5176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:09:14 TV Server 0 None Service started successfully. Information 2018-01-14 15:09:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 15:09:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 15:09:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 15:09:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 15:09:10 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-14 15:09:05 ESENT 916 General svchost (3684,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:08:56 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:08:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-14 15:08:55 ESENT 916 General svchost (3172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:08:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-14 15:08:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-14 15:08:49 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 78180739 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:49 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:48 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-14 15:08:47 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:47 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 15:08:47 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-14 15:08:40 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-14 15:08:40 ESENT 916 General svchost (2068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 15:08:39 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-14 15:08:39 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-14 15:08:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-14 15:08:38 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-14 15:08:37 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-14 15:08:07 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-14 15:08:06 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:06 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:06 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:06 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-14 15:08:04 TV Server 0 None Service has been successfully shut down. Information 2018-01-14 15:08:03 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-14 15:08:03 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 15:08:03 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 44 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 7012 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 10012 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-14 15:08:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 3 The request is not supported " Information 2018-01-14 15:08:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-14 15:02:24 VSS 8224 None The VSS service is shutting down due to idle timeout. Error 2018-01-14 14:54:33 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-14 14:54:17 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=05d6797eb0754c8a85825b7249&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Information 2018-01-14 14:54:17 ESENT 916 General svchost (3524,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-14 14:53:33 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {d97e57ef-241f-495d-a78e-4abd28088c00}" Information 2018-01-14 14:51:08 ESENT 326 General "svchost (860,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000006:0006:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.003260 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.041603 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.001277 +J(0) [5] - [6] - [7] 0.001690 -0.000904 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:17, WS:68K # 36K, PF:56K # 28K, P:56K) [8] 0.000872 -0.000356 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 112K, PF:196K # 192K, P:196K) [9] 0.000651 -0.000386 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000037 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000114 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-14 14:51:08 ESENT 105 General "svchost (860,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000006:0001:0000 - 00000006:0004:0000 - 00000000:0000:0000 - 00000006:0004:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.003431 +J(0) +M(C:0K, Fs:131, WS:516K # 516K, PF:2868K # 2868K, P:2868K) [2] 0.000694 +J(0) +M(C:8K, Fs:94, WS:368K # 368K, PF:856K # 856K, P:856K) [3] 0.000032 +J(0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 64K, P:64K) [4] 0.001052 +J(0) +M(C:0K, Fs:63, WS:248K # 248K, PF:160K # 160K, P:160K) [5] 0.007541 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:16K # 16K, P:16K) [6] 0.008096 +J(0) +M(C:0K, Fs:31, WS:120K # 120K, PF:24K # 24K, P:24K) [7] 0.004804 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.091411 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:12168/7) +M(C:0K, Fs:121, WS:332K # 332K, PF:240K # 244K, P:240K) [9] - [10] 0.003017 +J(0) +M(C:0K, Fs:13, WS:-8K # 48K, PF:-4K # 52K, P:-4K) [11] 0.000060 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.029812 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.121538 -0.017161 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 96K, PF:160K # 168K, P:160K) [14] 0.000032 +J(0) [15] 0.000026 +J(0) [16] 0.002417 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-14 14:51:08 ESENT 302 Logging/Recovery svchost (860,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-14 14:51:07 ESENT 301 Logging/Recovery "svchost (860,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-14 14:51:07 ESENT 300 Logging/Recovery svchost (860,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-14 14:51:07 ESENT 916 General svchost (860,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 14:51:07 ESENT 102 General svchost (860,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-14 14:51:06 ESENT 916 General svchost (1736,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 14:50:20 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-14 14:50:04 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 14:43:22 ESENT 916 General DllHost (6868,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 14:42:58 ESENT 916 General MicrosoftEdge (9080,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 14:37:36 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER48A2.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F5A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FC6.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5025.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_00035c59 Analysis symbol: Rechecking for solution: 0 Report Id: 2ce7952c-7a9c-41de-ac0f-8e21d13d734e Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-14 14:37:31 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-14 14:37:30 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-14 14:28:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 14:13:15 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 13:27:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 13:26:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 13:26:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 13:13:16 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 12:26:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 12:05:11 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 11:25:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 11:09:11 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 10:24:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 10:05:47 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 09:38:25 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 09:33:30 ESENT 916 General svchost (1736,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 09:27:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:51Z. Reason: RulesEngine. Information 2018-01-14 09:26:16 ESENT 916 General svchost (6564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 09:25:00 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 09:25:00 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-14 09:24:16 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-14 09:24:00 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 09:23:39 ESENT 916 General taskhostw (1768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 09:23:38 ESENT 916 General svchost (3236,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-14 09:23:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 3 The request is not supported " Information 2018-01-14 09:23:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 3 The request is not supported " Information 2018-01-14 09:23:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-14 09:23:24 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-14 09:23:22 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-14 09:23:17 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-14 09:23:16 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-14 09:23:16 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-13 17:38:33 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-13 17:38:32 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9160 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9160 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9160 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4648 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-13 17:38:32 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 18 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 2516 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 8124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 7840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-13 17:38:32 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 17:38:32 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-13 17:38:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-13 17:38:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-13 17:38:29 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-13 17:38:26 ESENT 916 General svchost (3212,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 17:38:26 ESENT 916 General DllHost (3412,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 17:23:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 17:08:37 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 16:36:36 ESENT 916 General svchost (64,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 16:22:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 16:05:38 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 15:21:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 15:15:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-13 15:15:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-13 15:08:39 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 14:57:51 ESENT 916 General svchost (8496,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 14:20:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 14:13:40 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 13:19:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 13:03:52 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 12:18:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 12:07:32 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 11:17:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 11:11:32 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 10:16:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 10:13:39 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 09:15:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 09:05:32 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 08:36:47 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 08:14:00 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 08:09:32 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 07:27:31 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 07:16:08 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:08Z. Reason: RulesEngine. Information 2018-01-13 07:13:26 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-13 07:12:57 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 07:12:48 ESENT 916 General svchost (3236,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 07:12:41 ESENT 916 General taskhostw (6664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 07:12:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-13 07:12:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-13 07:12:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-13 07:12:30 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-13 07:12:26 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-13 07:12:26 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-13 07:12:25 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-13 07:12:25 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-13 01:22:04 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-13 01:22:03 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-13 01:22:03 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 40 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3580 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-13 01:22:04 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:22:03 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-13 01:22:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-13 01:22:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-13 01:22:00 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-13 01:21:54 ESENT 916 General svchost (8460,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:21:53 ESENT 916 General DllHost (9972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:21:45 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER529A.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER57CB.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5856.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER58C5.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_1ad86075 Analysis symbol: Rechecking for solution: 0 Report Id: 432175d0-5448-49cd-958e-e4a0193e6ef4 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-13 01:21:41 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-13 01:21:41 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-13 01:13:43 ESENT 916 General MicrosoftEdge (5184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:12:35 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:35Z. Reason: RulesEngine. Information 2018-01-13 01:11:29 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-13 01:11:29 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:27Z. Reason: RulesEngine. Information 2018-01-13 01:10:57 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-13 01:10:57 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 252556)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-13 01:10:56 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-13 01:10:54 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-13 01:10:53 ESENT 916 General svchost (2152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:10:52 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C10.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER62A9.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6334.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6393.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_20c26b62 Analysis symbol: Rechecking for solution: 0 Report Id: 97c25c79-2ea9-4eda-afdf-4bcaad05ee82 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-13 01:10:48 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-13 01:10:48 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-13 01:09:35 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-13 01:09:16 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-13 01:09:15 ESENT 326 General "SearchIndexer (7520,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001F2:00D5:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001984 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.048633 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:128K # 0K, PF:148K # 0K, P:148K) [4] 0.000537 +J(0) [5] - [6] - [7] 0.039118 -0.001857 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001347 -0.000807 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000948 -0.000590 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000046 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-13 01:09:15 ESENT 105 General "SearchIndexer (7520,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.006398 +J(0) +M(C:0K, Fs:243, WS:956K # 956K, PF:5480K # 5480K, P:5480K) [2] 0.000920 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.001141 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000295 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005707 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.025660 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.018709 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.007272 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000112 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000851 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-13 01:09:15 ESENT 916 General SearchIndexer (7520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:09:15 ESENT 102 General SearchIndexer (7520,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-13 01:09:11 ESENT 916 General taskhostw (5320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:09:06 TV Server 0 None Service started successfully. Information 2018-01-13 01:08:55 ESENT 916 General svchost (3524,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:08:51 ESENT 916 General svchost (3236,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:08:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-13 01:08:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-13 01:08:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-13 01:08:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-13 01:08:50 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-13 01:08:49 ESENT 916 General svchost (3560,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:08:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-13 01:08:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-13 01:08:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-13 01:08:37 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:37 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-13 01:08:37 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:37 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:37 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:37 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:37 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 75809675 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:36 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:36 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:36 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:36 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:35 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:35 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:35 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:35 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:35 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:35 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-13 01:08:35 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:08:33 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-13 01:08:27 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-13 01:08:27 ESENT 916 General svchost (2064,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:08:27 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-13 01:08:27 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-13 01:08:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-13 01:08:25 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-13 01:08:24 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-13 01:07:54 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:07:54 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:07:54 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:07:54 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-13 01:07:53 TV Server 0 None Service has been successfully shut down. Information 2018-01-13 01:07:52 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-13 01:07:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 3 The request is not supported " Information 2018-01-13 01:07:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-13 01:07:37 ESENT 916 General svchost (656,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:07:36 ESENT 916 General DllHost (9488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 01:04:34 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E5F.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6332.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER639E.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER63FD.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER70C0.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_298b711b Analysis symbol: Rechecking for solution: 0 Report Id: caca359b-144d-4fb5-96f8-79981d94c673 Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-13 01:04:29 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-13 01:04:29 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-13 00:51:16 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C6C.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER37A8.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3872.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER392E.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_1b1344e5 Analysis symbol: Rechecking for solution: 0 Report Id: 4e9d1ae5-8657-44b9-a207-9233f7ab93f2 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-13 00:51:10 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-13 00:51:10 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-13 00:50:35 ESENT 916 General MicrosoftEdge (9516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 00:49:08 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER44A1.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4974.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER49D1.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A20.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0b255172 Analysis symbol: Rechecking for solution: 0 Report Id: 43ec88c0-58ca-48c0-9f75-f8da6e5c0eca Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-13 00:49:05 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-13 00:49:05 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-13 00:42:23 Windows Error Reporting 1001 None "Fault bucket 2198967425105212057, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 66ad P8: 171 P9: System.ArgumentException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER60E.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BCB.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BEA.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C39.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_f08c99fe9195f3b7663408da47ace87bd4bd41_e905dbaa_00df22fd Analysis symbol: Rechecking for solution: 0 Report Id: 1009acb6-0130-4a9c-b337-30316136c8eb Report Status: 268435456 Hashed bucket: 6025bda96371a4748e844d38f60d3299" Error 2018-01-13 00:42:15 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x3b4 Faulting application start time: 0x01d38bfda9daad97 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\SMPEditor.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 1009acb6-0130-4a9c-b337-30316136c8eb Faulting package full name: Faulting package-relative application ID: " Information 2018-01-13 00:42:12 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF006.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_1ba2f8df Analysis symbol: Rechecking for solution: 0 Report Id: 3ecdc073-f990-4e17-85df-e0898d2da2ca Report Status: 268439648 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Information 2018-01-13 00:42:10 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0086ef4a Analysis symbol: Rechecking for solution: 0 Report Id: 3ecdc073-f990-4e17-85df-e0898d2da2ca Report Status: 4196 Hashed bucket: " Error 2018-01-13 00:41:35 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-13 00:41:34 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-13 00:28:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-13 00:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 23:39:32 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-12 23:36:31 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 23:27:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 23:25:35 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:35Z. Reason: RulesEngine. Information 2018-01-12 23:24:49 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 23:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 22:26:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 22:04:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 21:25:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 21:08:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 20:24:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 20:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 19:23:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 19:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 18:22:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 18:06:36 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 17:21:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 17:15:35 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-12 17:15:35 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-12 17:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 16:33:36 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F>. Information 2018-01-12 16:20:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 16:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 15:19:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 15:08:13 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 14:18:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 14:10:15 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 13:19:54 ESENT 916 General DllHost (9488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 13:17:26 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-12 13:17:12 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 13:17:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 13:06:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 12:16:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 12:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 11:15:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 11:10:14 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 10:14:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 10:06:12 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 09:41:41 ESENT 916 General svchost (1636,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 09:28:58 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 09:18:52 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:52Z. Reason: RulesEngine. Information 2018-01-12 09:17:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:43Z. Reason: RulesEngine. Information 2018-01-12 09:14:53 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-12 09:14:26 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 09:14:09 ESENT 916 General taskhostw (9196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 09:14:04 ESENT 916 General svchost (3132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 09:13:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 3 The request is not supported " Information 2018-01-12 09:13:56 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-12 09:13:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 3 The request is not supported " Information 2018-01-12 09:13:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-12 09:13:54 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-12 09:13:54 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-12 09:13:53 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-12 09:13:53 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-12 01:42:49 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-12 01:42:48 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8632 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8632 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8632 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-12 01:42:48 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 18 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 7144 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 6668 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3428 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 7060 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-12 01:42:48 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 01:42:48 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-12 01:42:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-12 01:42:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-12 01:42:35 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-12 01:38:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 00:59:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:30Z. Reason: RulesEngine. Information 2018-01-12 00:58:43 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 00:37:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 00:16:35 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1957.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E3A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EA7.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F06.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_22cd2936 Analysis symbol: Rechecking for solution: 0 Report Id: 024900c3-966d-4926-b0bc-72c966f98777 Report Status: 268435456 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-12 00:16:31 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-12 00:16:31 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-12 00:11:46 ESENT 916 General svchost (8504,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-12 00:11:37 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-12 00:11:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-12 00:04:01 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 23:36:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 23:30:35 ESENT 916 General DllHost (4348,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 23:17:05 ESENT 916 General MicrosoftEdge (8724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 23:04:01 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 22:35:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 22:04:01 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 21:34:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 21:04:01 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 20:33:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 20:04:01 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 19:32:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 19:14:27 ESENT 916 General svchost (2252,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 19:04:01 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 18:39:15 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 18:31:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 17:30:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 17:24:24 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-11 17:24:24 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-11 17:14:05 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-11 16:29:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 15:28:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 15:08:21 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 14:27:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 14:04:17 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 13:30:08 Windows Error Reporting 1001 None "Fault bucket 1680984716787111918, type 5 Event Name: BEX Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 9e3394c7 P7: 000933ab P8: c0000409 P9: 00000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D7B.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER49C2.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER49DD.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A4B.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_3a9bffd163f1e3ed2bcb23eb7667852982f123_4a57e4ee_01b9514f Analysis symbol: Rechecking for solution: 0 Report Id: fdd66be7-ec70-4597-98e5-8deb90b08fd0 Report Status: 268435456 Hashed bucket: 641a3d0724bec589f7540eb194f4d7ee" Error 2018-01-11 13:30:02 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.6.0.0, time stamp: 0x5a2d50f5 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x9e3394c7 Exception code: 0xc0000409 Fault offset: 0x000933ab Faulting process id: 0xb0c Faulting application start time: 0x01d38ad7d8b35d30 Faulting application path: C:\Program Files (x86)\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: fdd66be7-ec70-4597-98e5-8deb90b08fd0 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-11 13:26:59 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-11 13:26:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 13:24:03 ESENT 326 General "svchost (2536,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000006:0002:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001686 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.017587 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.001437 +J(0) [5] - [6] - [7] 0.001545 -0.000840 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:17, WS:68K # 36K, PF:56K # 28K, P:56K) [8] 0.001153 -0.000517 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 112K, PF:196K # 192K, P:196K) [9] 0.000744 -0.000437 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000042 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000121 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-11 13:24:03 ESENT 105 General "svchost (2536,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000005:000B:0000 - 00000005:000E:0000 - 00000000:0000:0000 - 00000005:000E:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.006695 +J(0) +M(C:0K, Fs:172, WS:684K # 684K, PF:3408K # 3408K, P:3408K) [2] 0.000749 +J(0) +M(C:8K, Fs:90, WS:348K # 348K, PF:312K # 312K, P:312K) [3] 0.000118 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000351 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:164K # 164K, P:164K) [5] 0.007040 +J(0) +M(C:0K, Fs:15, WS:60K # 60K, PF:24K # 24K, P:24K) [6] 0.018266 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.018943 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.096522 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52728/33) +M(C:0K, Fs:177, WS:328K # 328K, PF:284K # 284K, P:284K) [9] - [10] 0.001606 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000058 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002800 +J(0) +M(C:0K, Fs:12, WS:48K # 4K, PF:4K # 0K, P:4K) [13] 0.079675 -0.000744 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4713/4) +M(C:0K, Fs:69, WS:152K # 216K, PF:160K # 172K, P:160K) [14] 0.000033 +J(0) [15] 0.000025 +J(0) [16] 0.006587 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-11 13:24:03 ESENT 302 Logging/Recovery svchost (2536,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-11 13:24:02 ESENT 301 Logging/Recovery "svchost (2536,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-11 13:24:02 ESENT 300 Logging/Recovery svchost (2536,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-11 13:24:02 ESENT 916 General svchost (2536,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 13:24:02 ESENT 102 General svchost (2536,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-11 13:24:00 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 13:04:49 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 12:25:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 12:09:16 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 11:25:36 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3863.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EAD.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F96.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3FF5.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER4D25.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0ca74d91 Analysis symbol: Rechecking for solution: 0 Report Id: bee22443-6bd7-419b-a519-e212e83f9749 Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 11:25:31 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 11:25:30 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-11 11:24:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 11:09:17 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 10:58:26 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 10:23:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 09:37:53 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 09:36:40 ESENT 916 General svchost (1636,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 09:27:46 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-11 09:26:26 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:26Z. Reason: RulesEngine. Information 2018-01-11 09:23:50 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-11 09:23:20 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 09:23:04 ESENT 916 General taskhostw (6440,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 09:23:01 ESENT 916 General svchost (3132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 09:22:53 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-11 09:22:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-11 09:22:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-11 09:22:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-11 09:22:52 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-11 09:22:49 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-11 09:22:48 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-11 09:22:47 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-11 02:23:54 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-11 02:23:54 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 02:23:53 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-11 02:23:52 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 708 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 6668 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-11 02:23:52 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-11 02:23:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-11 02:23:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-11 02:23:49 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-11 02:23:45 ESENT 916 General svchost (6224,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 02:23:44 ESENT 916 General DllHost (7492,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 02:11:00 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 02:10:36 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:46:15 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD267.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD769.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD7E5.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD854.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERE516.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0814e572 Analysis symbol: Rechecking for solution: 0 Report Id: 5f0933fc-6276-4cb9-a1d8-f3126dc52382 Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 01:46:10 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 01:46:10 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-11 01:42:51 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-11 01:40:05 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-11 01:40:05 MsiInstaller 11728 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Configuration completed successfully. Information 2018-01-11 01:39:53 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎11T00:39:51.954765900Z. Information 2018-01-11 01:39:53 MsiInstaller 1042 None Ending a Windows Installer transaction: {6E6E5769-F433-4341-AD13-7017E59716C1}. Client Process Id: 1992. Information 2018-01-11 01:39:53 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-11 01:39:53 MsiInstaller 11728 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Configuration completed successfully. Information 2018-01-11 01:39:51 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎11T00:39:51.954765900Z. Information 2018-01-11 01:39:51 MsiInstaller 1040 None Beginning a Windows Installer transaction: {6E6E5769-F433-4341-AD13-7017E59716C1}. Client Process Id: 1992. Information 2018-01-11 01:39:51 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-11 01:39:51 MsiInstaller 11728 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Configuration completed successfully. Information 2018-01-11 01:39:51 System Restore 8216 None "Skipping creation of restore point (Process = D:\Mp2_Plugins\StreamedMP-3.2.1.0 (1).exe (1).exe"" ; Description = Configured MediaPortal StreamedMP Skin 3.2.1) as there is a restore point avaliable which is recent enough for System Restore." Information 2018-01-11 01:31:21 ESENT 916 General MicrosoftEdge (7628,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:29:22 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-11 01:23:35 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF9.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1469.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER14D5.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1553.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER2245.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0b5022b0 Analysis symbol: Rechecking for solution: 0 Report Id: 4cbb193d-ea69-466d-bb3e-c644e43d4429 Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 01:23:30 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 01:23:30 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-11 01:20:46 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BEA.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER816A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81D6.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8244.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER8F26.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_1f6d8fa1 Analysis symbol: Rechecking for solution: 0 Report Id: 93f6cd32-1a14-4636-90af-7369919a387a Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 01:20:41 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 01:20:41 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-11 01:17:48 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3EF.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8D2.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC93E.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9AC.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERD67F.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_1452d6da Analysis symbol: Rechecking for solution: 0 Report Id: 8b003065-9764-4fc9-85f3-5b4944dfffac Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 01:17:43 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 01:17:43 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-11 01:16:22 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:22Z. Reason: RulesEngine. Information 2018-01-11 01:13:45 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC46.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER12DE.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER135A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER13C8.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER2108.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_1d4f2183 Analysis symbol: Rechecking for solution: 0 Report Id: 59e5d5cf-402d-497a-9917-3d19b0bf6e3f Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 01:13:39 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 01:13:39 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-11 01:13:27 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-11 01:13:27 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:27Z. Reason: RulesEngine. Information 2018-01-11 01:12:57 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-11 01:12:57 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 255434)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-11 01:12:56 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-11 01:12:54 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-11 01:11:42 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-11 01:11:26 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-11 01:11:25 ESENT 326 General "SearchIndexer (7216,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001E0:0099:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.010362 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.174359 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000556 +J(0) [5] - [6] - [7] 0.077344 -0.001567 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.002607 -0.002085 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.000969 -0.000616 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000114 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-11 01:11:24 ESENT 105 General "SearchIndexer (7216,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.009355 +J(0) +M(C:0K, Fs:224, WS:880K # 880K, PF:5476K # 5480K, P:5476K) [2] 0.000727 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 384K, P:388K) [3] 0.005027 +J(0) +M(C:0K, Fs:25, WS:92K # 92K, PF:76K # 76K, P:76K) [4] 0.000251 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:220K # 220K, P:220K) [5] 0.057727 +J(0) +M(C:0K, Fs:77, WS:308K # 308K, PF:80K # 88K, P:80K) [6] 0.006372 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 8K, P:16K) [7] 0.024001 +J(0) +M(C:0K, Fs:281, WS:1120K # 1120K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.067956 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000044 +J(0) [15] 0.000124 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.007122 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-11 01:11:24 ESENT 916 General SearchIndexer (7216,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:11:24 ESENT 102 General SearchIndexer (7216,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-11 01:11:24 ESENT 916 General taskhostw (2120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:11:13 TV Server 0 None Service started successfully. Information 2018-01-11 01:11:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-11 01:11:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-11 01:11:10 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-11 01:10:53 ESENT 916 General svchost (3500,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:10:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-11 01:10:50 ESENT 916 General svchost (3132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:10:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-11 01:10:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-11 01:10:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-11 01:10:48 ESENT 916 General svchost (3532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:10:43 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:43 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:42 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:42 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:42 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:42 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:42 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 68666820 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:42 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:42 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-11 01:10:41 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:10:41 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-11 01:10:36 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-11 01:10:34 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-11 01:10:34 ESENT 916 General svchost (1720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 01:10:33 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-11 01:10:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-11 01:10:32 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-11 01:10:31 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-11 01:10:31 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-11 01:09:58 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-11 01:09:58 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:09:58 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-11 01:09:55 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 23 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 440 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 5196 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 1584 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5340 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-11 01:09:56 TV Server 0 None Service has been successfully shut down. Information 2018-01-11 01:09:55 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-11 01:09:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-11 01:09:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-11 01:06:17 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-11 01:02:54 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-11 00:58:29 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-11 00:58:13 ESENT 916 General svchost (3684,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 00:58:13 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=84ad9aaf32b149c793b5651925&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Information 2018-01-11 00:33:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 00:23:50 Windows Error Reporting 1001 None "Fault bucket 2198967425105212057, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 66ad P8: 171 P9: System.ArgumentException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE397.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF07A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF099.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF108.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERFDBA.tmp.appcompat.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERFEA5.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_f08c99fe9195f3b7663408da47ace87bd4bd41_e905dbaa_231efeff Analysis symbol: Rechecking for solution: 0 Report Id: 20189d90-c5ff-4252-9aa6-11dc89558e7b Report Status: 2147487752 Hashed bucket: 6025bda96371a4748e844d38f60d3299" Error 2018-01-11 00:23:42 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x8ac Faulting application start time: 0x01d38a69e03c7d28 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\SMPEditor.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 20189d90-c5ff-4252-9aa6-11dc89558e7b Faulting package full name: Faulting package-relative application ID: " Information 2018-01-11 00:23:37 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8BE.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBDF0.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE9A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF18.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERCBEB.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_0f96cc46 Analysis symbol: Rechecking for solution: 0 Report Id: 756d3c4e-4ca1-4e4f-b29d-fd590c9a3ce8 Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 00:23:32 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 00:23:31 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-11 00:12:33 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-11 00:01:01 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D8.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAA.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER1B78.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_20a21bd4 Analysis symbol: Rechecking for solution: 0 Report Id: 88cbebc2-e279-44fa-8dac-124a46815800 Report Status: 2147487752 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-11 00:00:56 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-11 00:00:56 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-10 23:59:44 Windows Error Reporting 1001 None "Fault bucket 2198967425105212057, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 1985557314760138397 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 66ad P8: 171 P9: System.ArgumentException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB743.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA8E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCAAD.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB1C.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERD7CE.tmp.appcompat.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERD907.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_f08c99fe9195f3b7663408da47ace87bd4bd41_e905dbaa_cab_1060f0a2 Analysis symbol: Rechecking for solution: 0 Report Id: d5ec1258-4762-4f1b-9a90-a23d71927fd3 Report Status: 268435464 Hashed bucket: 6025bda96371a4748e844d38f60d3299" Error 2018-01-10 23:59:29 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x878 Faulting application start time: 0x01d38a65a03e9cbd Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\SMPEditor.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: d5ec1258-4762-4f1b-9a90-a23d71927fd3 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-10 23:59:19 Windows Error Reporting 1001 None "Fault bucket 1802603549420078239, type 1 Event Name: APPCRASH Response: Not available Cab Id: 2229444207380418299 Problem signature: P1: SMPEditor.exe P2: 3.2.1.0 P3: 59fd7232 P4: KERNELBASE.dll P5: 6.2.16299.15 P6: 2cd1ce3d P7: e0434352 P8: 001008b2 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER60D6.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER680A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER68B5.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6933.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER7634.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SMPEditor.exe_42e88c7224e3b7f4986bafab5b5df7d8d8f4c13b_00000000_cab_0eb08e1f Analysis symbol: Rechecking for solution: 0 Report Id: 410070d9-2376-4bf5-bc32-a2275af4ca2e Report Status: 268435464 Hashed bucket: 9d6ae6d5bd42c0de79042260aa0ac49f" Error 2018-01-10 23:59:07 Application Error 1000 (100) "Faulting application name: SMPEditor.exe, version: 3.2.1.0, time stamp: 0x59fd7232 Faulting module name: KERNELBASE.dll, version: 6.2.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 Faulting package full name: %14 Faulting package-relative application ID: %15" Error 2018-01-10 23:59:07 .NET Runtime 1026 None Application: SMPEditor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at StreamedMPEditor.formStreamedMpEditor.Download() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Information 2018-01-10 23:53:25 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-10 23:52:01 MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Reconfiguration success or error status: 0. Information 2018-01-10 23:52:01 MsiInstaller 11728 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Configuration completed successfully. Information 2018-01-10 23:51:13 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎01‎-‎10T22:50:26.472088800Z. Information 2018-01-10 23:51:13 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Downloaded Installations\{6DB365C5-3093-4134-85BB-8B03755C2A04}\MediaPortal StreamedMP Skin 3.2.1.msi. Client Process Id: 8064. Information 2018-01-10 23:51:13 MsiInstaller 1033 None Windows Installer installed the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Installation success or error status: 0. Information 2018-01-10 23:51:13 MsiInstaller 11707 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Installation operation completed successfully. Information 2018-01-10 23:50:26 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎01‎-‎10T22:50:26.472088800Z. Information 2018-01-10 23:50:25 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Downloaded Installations\{6DB365C5-3093-4134-85BB-8B03755C2A04}\MediaPortal StreamedMP Skin 3.2.1.msi. Client Process Id: 8064. Information 2018-01-10 23:50:25 MsiInstaller 1033 None Windows Installer installed the product. Product Name: MediaPortal StreamedMP Skin 3.2.1. Product Version: 3.2.1.0. Product Language: 1033. Manufacturer: StreamedMP Team. Installation success or error status: 0. Information 2018-01-10 23:50:25 MsiInstaller 11707 None Product: MediaPortal StreamedMP Skin 3.2.1 -- Installation operation completed successfully. Information 2018-01-10 23:50:25 System Restore 8216 None "Skipping creation of restore point (Process = D:\Mp2_Plugins\StreamedMP-3.2.1.0 (1).exe (1).exe"" ; Description = Installed MediaPortal StreamedMP Skin 3.2.1) as there is a restore point avaliable which is recent enough for System Restore." Information 2018-01-10 23:32:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 23:17:06 ESENT 916 General MicrosoftEdge (6940,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 23:13:44 ESENT 916 General svchost (2064,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 23:05:45 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 22:31:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 22:09:46 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 21:30:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 21:13:46 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 20:29:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 20:15:46 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 19:28:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 19:15:45 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 18:27:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 18:15:46 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 17:31:40 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 17:26:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 16:25:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 15:24:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 15:15:50 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-10 15:08:53 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 14:57:51 ESENT 916 General svchost (7856,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 14:23:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 13:22:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 13:06:52 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 12:42:08 ESENT 326 General "Music.UI (6700,D,50) {6CBB619F-7A24-4561-85E8-8D39EAC513C0}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:00AA:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001208 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.035284 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:278, WS:1092K # 0K, PF:164K # 0K, P:164K) [4] 0.000538 +J(0) [5] - [6] - [7] 0.001994 -0.001174 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:128K # 0K, P:128K) [8] 0.013690 -0.002007 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:157, WS:596K # 0K, PF:224K # 0K, P:224K) [9] 0.000408 -0.000020 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 0K, PF:68K # 0K, P:68K) [10] 0.000031 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000107 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-10 12:42:08 ESENT 105 General "Music.UI (6700,D,0) {6CBB619F-7A24-4561-85E8-8D39EAC513C0}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:00A6:0000 - 00000001:00A8:0000 - 00000000:0000:0000 - 00000001:00A8:0000 (00000000:0000:0000) cReInits = 17 Internal Timing Sequence: [1] 0.011068 +J(0) +M(C:0K, Fs:420, WS:1648K # 1648K, PF:2976K # 3028K, P:2976K) [2] 0.000794 +J(0) +M(C:16K, Fs:88, WS:356K # 356K, PF:292K # 240K, P:292K) [3] 0.000049 +J(0) +M(C:0K, Fs:3, WS:8K # 8K, PF:64K # 64K, P:64K) [4] 0.000403 +J(0) +M(C:112K, Fs:35, WS:136K # 136K, PF:172K # 172K, P:172K) [5] 0.006949 +J(0) +M(C:0K, Fs:125, WS:496K # 496K, PF:60K # 60K, P:60K) [6] 0.006605 +J(0) +M(C:0K, Fs:83, WS:328K # 328K, PF:24K # 24K, P:24K) [7] 0.048888 +J(0) +M(C:0K, Fs:1783, WS:7000K # 7000K, PF:3296K # 3424K, P:3296K) [8] 0.119907 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:676875/5575) +M(C:0K, Fs:2817, WS:5916K # 5920K, PF:3060K # 2940K, P:3060K) [9] - [10] 0.004286 +J(0) +M(C:0K, Fs:18, WS:-1972K # 28K, PF:-2040K # 0K, P:-2040K) [11] 0.000071 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.006802 +J(0) +M(C:0K, Fs:51, WS:192K # 0K, PF:52K # 0K, P:52K) [13] 0.081636 -0.001225 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:860, WS:1064K # 1164K, PF:264K # 320K, P:264K) [14] 0.000034 +J(0) [15] 0.000030 +J(0) [16] 0.000540 +J(0) +M(C:0K, Fs:7, WS:24K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-10 12:42:08 ESENT 302 Logging/Recovery Music.UI (6700,U,0) {6CBB619F-7A24-4561-85E8-8D39EAC513C0}: The database engine has successfully completed recovery steps. Information 2018-01-10 12:42:07 ESENT 335 Logging/Recovery "Music.UI (6700,R,0) {6CBB619F-7A24-4561-85E8-8D39EAC513C0}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-10 12:42:07 ESENT 301 Logging/Recovery "Music.UI (6700,R,0) {6CBB619F-7A24-4561-85E8-8D39EAC513C0}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-10 12:42:07 ESENT 300 Logging/Recovery Music.UI (6700,R,0) {6CBB619F-7A24-4561-85E8-8D39EAC513C0}: The database engine is initiating recovery steps. Information 2018-01-10 12:42:07 ESENT 916 General Music.UI (6700,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 12:42:07 ESENT 102 General Music.UI (6700,P,0) {6CBB619F-7A24-4561-85E8-8D39EAC513C0}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-10 12:41:57 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-10 12:39:57 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-10 12:37:02 ESENT 326 General "svchost (2916,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000005:000C:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.011947 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.032245 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.010752 +J(0) [5] - [6] - [7] 0.001976 -0.001104 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:18, WS:68K # 36K, PF:64K # 36K, P:64K) [8] 0.000789 -0.000348 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.000506 -0.000297 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000033 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-10 12:37:02 ESENT 105 General "svchost (2916,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000005:0008:0000 - 00000005:000A:0000 - 00000000:0000:0000 - 00000005:000A:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.007950 +J(0) +M(C:0K, Fs:173, WS:684K # 684K, PF:3412K # 3412K, P:3412K) [2] 0.000689 +J(0) +M(C:8K, Fs:88, WS:348K # 348K, PF:304K # 304K, P:304K) [3] 0.000043 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000267 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.007949 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.007502 +J(0) +M(C:0K, Fs:31, WS:116K # 116K, PF:24K # 24K, P:24K) [7] 0.009170 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.048043 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:36504/23) +M(C:0K, Fs:152, WS:320K # 320K, PF:228K # 236K, P:228K) [9] - [10] 0.001662 +J(0) +M(C:0K, Fs:14, WS:-4K # 52K, PF:-4K # 48K, P:-4K) [11] 0.000064 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.007362 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.086604 -0.000875 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:49, WS:72K # 96K, PF:164K # 172K, P:164K) [14] 0.000031 +J(0) [15] 0.000026 +J(0) [16] 0.001699 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-10 12:37:02 ESENT 302 Logging/Recovery svchost (2916,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-10 12:37:02 ESENT 301 Logging/Recovery "svchost (2916,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-10 12:37:02 ESENT 300 Logging/Recovery svchost (2916,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-10 12:37:02 ESENT 916 General svchost (2916,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 12:37:02 ESENT 102 General svchost (2916,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-10 12:36:53 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 12:21:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 12:12:31 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 11:20:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 11:15:46 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 10:23:49 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 10:19:00 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 10:06:20 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 09:24:20 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8. Information 2018-01-10 09:24:20 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8. Information 2018-01-10 09:24:05 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:04Z. Reason: RulesEngine. Information 2018-01-10 09:23:31 VSS 8224 None The VSS service is shutting down due to idle timeout. Error 2018-01-10 09:23:20 Microsoft-Windows-Perflib 1008 None "The Open Procedure for service ""BITS"" in DLL ""C:\Windows\System32\bitsperf.dll"" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code." Information 2018-01-10 09:22:56 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-10 09:22:56 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-10 09:22:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-10 09:22:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-10 09:22:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-10 09:22:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-10 09:22:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-10 09:22:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-10 09:20:43 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8. Information 2018-01-10 09:20:31 System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore. Information 2018-01-10 09:20:20 ESENT 916 General svchost (3684,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 09:20:10 System Restore 8194 None Successfully created restore point (Process = c:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update). Information 2018-01-10 09:20:10 ESENT 916 General svchost (3684,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 09:18:47 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-10 09:18:47 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:47Z. Reason: RulesEngine. Information 2018-01-10 09:18:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-10 09:18:01 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-10 09:18:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 256389)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-10 09:18:00 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-10 09:17:59 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2018-01-10 09:17:43 ESENT 916 General taskhostw (5488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 09:17:38 ESENT 916 General svchost (3300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-10 09:17:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-10 09:17:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-10 09:17:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-10 09:17:31 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-10 09:17:28 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-10 09:17:26 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-10 09:17:26 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-10 09:17:26 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-09 23:14:58 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-09 23:14:57 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-09 23:14:57 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 23 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 3620 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 708 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 584 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3696 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3592 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 3620 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-09 23:14:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-09 23:14:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-09 23:14:54 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-09 23:14:49 ESENT 916 General svchost (8304,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:14:48 ESENT 916 General DllHost (8528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:14:38 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-09 23:14:19 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-09 23:14:19 ESENT 326 General "SearchIndexer (7784,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001C4:002F:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.009843 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.046187 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000544 +J(0) [5] - [6] - [7] 0.063248 -0.001811 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001737 -0.001162 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.001248 -0.000823 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000048 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000119 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-09 23:14:19 ESENT 105 General "SearchIndexer (7784,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.014253 +J(0) +M(C:0K, Fs:251, WS:992K # 992K, PF:5512K # 5512K, P:5512K) [2] 0.001184 +J(0) +M(C:10240K, Fs:142, WS:568K # 568K, PF:380K # 380K, P:380K) [3] 0.000088 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000265 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.009979 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004719 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.007739 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.012419 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.001175 +J(0) [15] 0.000224 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.001818 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-09 23:14:18 ESENT 916 General SearchIndexer (7784,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:14:18 ESENT 102 General SearchIndexer (7784,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-09 23:14:13 ESENT 916 General taskhostw (4068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:14:10 TV Server 0 None Service started successfully. Information 2018-01-09 23:14:00 ESENT 916 General svchost (3684,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:13:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 23:13:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 23:13:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 23:13:58 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-09 23:13:51 ESENT 916 General svchost (3300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:13:50 ESENT 916 General svchost (3724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:13:40 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:40 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 66458402 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:39 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:38 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:38 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:38 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:38 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:38 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:38 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:38 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-09 23:13:38 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 23:13:37 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-09 23:13:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-09 23:13:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-09 23:13:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-09 23:13:36 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-09 23:13:31 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-09 23:13:31 ESENT 916 General svchost (2088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 23:13:30 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-09 23:13:30 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-09 23:13:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-09 23:13:29 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-09 23:13:27 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-09 23:12:53 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-09 23:12:50 TV Server 0 None Service has been successfully shut down. Information 2018-01-09 23:12:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 704 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2592 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 584 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-09 23:12:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-09 23:12:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-09 23:12:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-09 23:10:14 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-09 23:04:48 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-09 23:02:29 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-09 23:02:12 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=aa65bb3cc6fc46759d49b85fd2&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Information 2018-01-09 23:02:11 ESENT 916 General svchost (3692,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-09 23:01:27 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {ee93d653-82e9-4802-8e09-c58f400e77dd}" Information 2018-01-09 22:40:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 22:12:03 Windows Error Reporting 1001 None "Fault bucket 2044713297119505072, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: MediaPortal.exe P2: 1.18.0.0 P3: 59d9d5bc P4: unknown P5: 0.0.0.0 P6: 00000000 P7: c0000005 P8: 07717f70 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER70FB.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE54.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF88.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE025.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_MediaPortal.exe_9de638e23a544d4fe9fb5e2b5d2aa6281a170e8_30d029d2_1b80e94c Analysis symbol: Rechecking for solution: 0 Report Id: 27850807-a3a0-4d24-a783-1a8b998a38f1 Report Status: 268435456 Hashed bucket: c54d34e8712315d3bc6047e90e536ab0" Information 2018-01-09 22:11:36 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Error 2018-01-09 22:09:21 Application Error 1000 (100) "Faulting application name: MediaPortal.exe, version: 1.18.0.0, time stamp: 0x59d9d5bc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x07717f70 Faulting process id: 0x20e0 Faulting application start time: 0x01d38981b35652c3 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\MediaPortal.exe Faulting module path: unknown Report Id: 27850807-a3a0-4d24-a783-1a8b998a38f1 Faulting package full name: Faulting package-relative application ID: " Error 2018-01-09 22:09:19 .NET Runtime 1026 None Application: MediaPortal.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at Microsoft.DirectX.Direct3D.Font.OnLostDevice() at Microsoft.DirectX.Direct3D.Font.OnParentLost(System.Object, System.EventArgs) at System.EventHandler.Invoke(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.raise_DeviceLost(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.Reset(Microsoft.DirectX.Direct3D.PresentParameters[]) at MediaPortal.D3D.RecreateSwapChain(Boolean) at MediaPortal.D3D.RecoverDevice() at MediaPortalApp.OnDeviceLost(System.Object, System.EventArgs) at System.EventHandler.Invoke(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.raise_DeviceLost(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.Finalize() Information 2018-01-09 22:04:48 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 21:39:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 21:04:48 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 20:40:32 Windows Error Reporting 1001 None "Fault bucket 129608903964, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: MediaPortal.exe P2: 1.18.0.0 P3: 59d9d5bc P4: Microsoft.DirectX.Direct3DX P5: 9.12.589.0 P6: 442d82b0 P7: a40 P8: c P9: System.NullReferenceException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE5E.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1635.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1660.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER16CE.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_MediaPortal.exe_4f1bc862af67e6dbcac6b5e6f58f93b4c73746_30d029d2_03d91f59 Analysis symbol: Rechecking for solution: 0 Report Id: a32ce9ed-a6f2-474f-a29b-98e02c073dca Report Status: 268435456 Hashed bucket: a3e909c47b73fe060b593ab174aa06a4" Error 2018-01-09 20:40:07 Application Error 1000 (100) "Faulting application name: MediaPortal.exe, version: 1.18.0.0, time stamp: 0x59d9d5bc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x06f3aff0 Faulting process id: 0x20ac Faulting application start time: 0x01d38962a2e7b02c Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\MediaPortal.exe Faulting module path: unknown Report Id: a32ce9ed-a6f2-474f-a29b-98e02c073dca Faulting package full name: Faulting package-relative application ID: " Error 2018-01-09 20:40:05 .NET Runtime 1026 None Application: MediaPortal.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at Microsoft.DirectX.Direct3D.Font.OnLostDevice() at Microsoft.DirectX.Direct3D.Font.OnParentLost(System.Object, System.EventArgs) at System.EventHandler.Invoke(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.raise_DeviceLost(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.Reset(Microsoft.DirectX.Direct3D.PresentParameters[]) at MediaPortal.D3D.RecreateSwapChain(Boolean) at MediaPortal.D3D.RecoverDevice() at MediaPortalApp.OnDeviceLost(System.Object, System.EventArgs) at System.EventHandler.Invoke(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.raise_DeviceLost(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.Finalize() Information 2018-01-09 20:38:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 20:04:48 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 19:38:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 19:04:48 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 18:37:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 18:26:15 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 18:04:49 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 17:36:00 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 17:04:57 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:40:29 ESENT 326 General "Music.UI (7696,D,50) {C2309AB7-8710-4591-967C-8C3313B9E803}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:00A7:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001143 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.031643 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:237, WS:724K # 0K, PF:188K # 0K, P:188K) [4] 0.000547 +J(0) [5] - [6] - [7] 0.001870 -0.001110 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:128K # 0K, P:128K) [8] 0.021241 -0.001458 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:69, WS:260K # 0K, PF:344K # 0K, P:344K) [9] 0.000358 -0.000020 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 0K, PF:64K # 0K, P:64K) [10] 0.000029 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000105 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-09 16:40:29 ESENT 105 General "Music.UI (7696,D,0) {C2309AB7-8710-4591-967C-8C3313B9E803}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:00A3:0000 - 00000001:00A5:0000 - 00000000:0000:0000 - 00000001:00A5:0000 (00000000:0000:0000) cReInits = 16 Internal Timing Sequence: [1] 0.020300 +J(0) +M(C:0K, Fs:490, WS:1932K # 1932K, PF:3756K # 3728K, P:3756K) [2] 0.000826 +J(0) +M(C:16K, Fs:93, WS:368K # 368K, PF:380K # 380K, P:380K) [3] 0.000037 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.004187 +J(0) +M(C:112K, Fs:513, WS:2036K # 2036K, PF:1204K # 1204K, P:1204K) [5] 0.008650 +J(0) +M(C:0K, Fs:40, WS:160K # 160K, PF:0K # 0K, P:0K) [6] 0.009026 +J(0) +M(C:0K, Fs:103, WS:412K # 412K, PF:16K # 16K, P:16K) [7] 0.031480 +J(0) +M(C:0K, Fs:835, WS:3104K # 3104K, PF:2300K # 2480K, P:2300K) [8] 0.113369 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:664707/5567) +M(C:0K, Fs:2027, WS:3136K # 3140K, PF:1120K # 948K, P:1120K) [9] - [10] 0.003876 +J(0) +M(C:0K, Fs:20, WS:-1968K # 16K, PF:-2036K # 0K, P:-2036K) [11] 0.000069 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.024216 +J(0) +M(C:0K, Fs:209, WS:820K # 0K, PF:456K # 0K, P:456K) [13] 0.065924 -0.001256 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:1123, WS:2080K # 2972K, PF:152K # 620K, P:152K) [14] 0.000032 +J(0) [15] 0.000027 +J(0) [16] 0.000540 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-09 16:40:29 ESENT 302 Logging/Recovery Music.UI (7696,U,0) {C2309AB7-8710-4591-967C-8C3313B9E803}: The database engine has successfully completed recovery steps. Information 2018-01-09 16:40:29 ESENT 335 Logging/Recovery "Music.UI (7696,R,0) {C2309AB7-8710-4591-967C-8C3313B9E803}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-09 16:40:29 ESENT 301 Logging/Recovery "Music.UI (7696,R,0) {C2309AB7-8710-4591-967C-8C3313B9E803}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-09 16:40:29 ESENT 300 Logging/Recovery Music.UI (7696,R,0) {C2309AB7-8710-4591-967C-8C3313B9E803}: The database engine is initiating recovery steps. Information 2018-01-09 16:40:29 ESENT 916 General Music.UI (7696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:40:29 ESENT 102 General Music.UI (7696,P,0) {C2309AB7-8710-4591-967C-8C3313B9E803}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-09 16:40:17 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-09 16:38:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:37Z. Reason: RulesEngine. Information 2018-01-09 16:37:49 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-09 16:37:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:49Z. Reason: RulesEngine. Information 2018-01-09 16:37:19 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-09 16:37:19 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 257390)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-09 16:37:18 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-09 16:37:17 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-09 16:37:16 ESENT 916 General svchost (8128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:36:00 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-09 16:35:37 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-09 16:35:34 ESENT 326 General "SearchIndexer (1928,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001C3:00E9:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.016907 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.029889 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:140K # 0K, P:140K) [4] 0.000565 +J(0) [5] - [6] - [7] 0.067456 -0.001655 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:204K # 0K, PF:640K # 0K, P:640K) [8] 0.001985 -0.001461 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 112K, P:256K) [9] 0.001018 -0.000654 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-09 16:35:34 ESENT 105 General "SearchIndexer (1928,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.011077 +J(0) +M(C:0K, Fs:212, WS:828K # 828K, PF:5476K # 5468K, P:5476K) [2] 0.000712 +J(0) +M(C:10240K, Fs:111, WS:444K # 444K, PF:384K # 384K, P:384K) [3] 0.000060 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000388 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.011076 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004857 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.005812 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.005146 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000114 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000684 +J(0) +M(C:0K, Fs:5, WS:12K # 0K, PF:8K # 0K, P:8K)." Information 2018-01-09 16:35:34 ESENT 916 General SearchIndexer (1928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:35:34 ESENT 102 General SearchIndexer (1928,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-09 16:35:33 ESENT 916 General taskhostw (3496,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:35:29 TV Server 0 None Service started successfully. Information 2018-01-09 16:35:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 16:35:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 16:35:22 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-09 16:35:14 ESENT 916 General svchost (3776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:35:14 ESENT 916 General svchost (3692,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:35:12 ESENT 916 General svchost (2948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:35:02 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:02 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:02 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:02 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:02 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:02 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:02 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 66455624 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:01 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-09 16:35:00 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:35:00 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-09 16:34:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-09 16:34:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-09 16:34:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-09 16:34:57 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-09 16:34:52 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-09 16:34:51 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-09 16:34:52 ESENT 916 General svchost (1972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:34:51 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-09 16:34:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-09 16:34:48 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-09 16:34:49 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-09 16:34:19 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-09 16:34:18 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:34:18 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 16:34:15 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 704 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8200 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2018-01-09 16:34:15 TV Server 0 None Service has been successfully shut down. Information 2018-01-09 16:34:15 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-09 16:34:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-09 16:34:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-09 16:34:10 ESENT 916 General svchost (4464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:34:10 ESENT 916 General DllHost (6916,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:28:00 Windows Error Reporting 1001 None "Fault bucket 129608903964, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: MediaPortal.exe P2: 1.18.0.0 P3: 59d9d5bc P4: Microsoft.DirectX.Direct3DX P5: 9.12.589.0 P6: 442d82b0 P7: a40 P8: c P9: System.NullReferenceException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1879.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5EEA.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F24.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F83.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_MediaPortal.exe_4f1bc862af67e6dbcac6b5e6f58f93b4c73746_30d029d2_18ca6dca Analysis symbol: Rechecking for solution: 0 Report Id: 1498e2fd-a8a8-4dc7-b2e0-2494f5174c32 Report Status: 268435456 Hashed bucket: a3e909c47b73fe060b593ab174aa06a4" Error 2018-01-09 16:27:38 Application Error 1000 (100) "Faulting application name: MediaPortal.exe, version: 1.18.0.0, time stamp: 0x59d9d5bc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x1ff42b68 Faulting process id: 0x190c Faulting application start time: 0x01d38950448b76d7 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal\MediaPortal.exe Faulting module path: unknown Report Id: 1498e2fd-a8a8-4dc7-b2e0-2494f5174c32 Faulting package full name: Faulting package-relative application ID: " Error 2018-01-09 16:27:36 .NET Runtime 1026 None Application: MediaPortal.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at Microsoft.DirectX.Direct3D.Font.OnLostDevice() at Microsoft.DirectX.Direct3D.Font.OnParentLost(System.Object, System.EventArgs) at System.EventHandler.Invoke(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.raise_DeviceLost(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.Reset(Microsoft.DirectX.Direct3D.PresentParameters[]) at MediaPortal.D3D.RecreateSwapChain(Boolean) at MediaPortal.D3D.RecoverDevice() at MediaPortalApp.OnDeviceLost(System.Object, System.EventArgs) at System.EventHandler.Invoke(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.raise_DeviceLost(System.Object, System.EventArgs) at Microsoft.DirectX.Direct3D.Device.Finalize() Information 2018-01-09 16:16:00 ESENT 916 General svchost (4060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 16:10:58 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 15:15:00 ESENT 916 General svchost (4060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 15:08:03 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 14:45:29 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 14:14:00 ESENT 916 General svchost (4060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 13:13:00 ESENT 916 General svchost (4060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 13:10:57 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 12:24:37 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 12:12:00 ESENT 916 General svchost (4060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 12:10:57 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:18:00 ESENT 916 General svchost (8380,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:16:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:51Z. Reason: RulesEngine. Information 2018-01-09 11:14:29 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-09 11:14:29 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:29Z. Reason: RulesEngine. Information 2018-01-09 11:13:59 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-09 11:13:59 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 257713)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-09 11:13:55 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-09 11:13:42 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-09 11:12:12 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-09 11:12:02 ESENT 916 General svchost (8208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:54 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-09 11:11:53 ESENT 326 General "SearchIndexer (7824,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001BE:006F:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001270 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.022220 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:18, WS:40K # 0K, PF:20K # 0K, P:20K) [4] 0.000531 +J(0) [5] - [6] - [7] 0.039432 -0.001720 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:35, WS:128K # 0K, PF:576K # 0K, P:576K) [8] 0.001290 -0.000803 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:224K # 0K, P:224K) [9] 0.000881 -0.000576 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [10] 0.000044 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-09 11:11:53 ESENT 105 General "SearchIndexer (7824,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 000001BB:0001:0000 - 000001BC:0001:0000 - 000001BE:006D:0000 - 000001BE:006D:0000 (00000000:0000:0000) Internal Timing Sequence: [1] 0.006085 +J(0) +M(C:0K, Fs:248, WS:976K # 976K, PF:5476K # 5472K, P:5476K) [2] 0.000731 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000937 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000273 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.006034 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005013 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.013072 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1028K # 1028K, P:1028K) [8] 0.097210 -0.002645 (43) CM +J(CM:43, PgRf:155, Rd:76/43, Dy:0/0, Lg:1005941/412) +M(C:0K, Fs:752, WS:2880K # 2880K, PF:3972K # 3972K, P:3972K) + 1 lgens [9] 0.112300 -0.002100 (83) CM +J(CM:83, PgRf:372, Rd:51/83, Dy:29/167, Lg:2478755/886) +M(C:0K, Fs:733, WS:2760K # 2760K, PF:1708K # 1708K, P:1708K) + 2 lgens [10] 0.002305 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000137 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.077047 -0.000019 (29) CM +J(CM:29, PgRf:0, Rd:0/29, Dy:0/0, Lg:0/0) +M(C:0K, Fs:237, WS:20K # 0K, PF:0K # 0K, P:0K) [13] 0.059781 -0.001921 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:315, WS:-4836K # 0K, PF:-4932K # 0K, P:-4932K) [14] 0.000031 +J(0) [15] 0.000048 +J(0) [16] 0.000566 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-09 11:11:53 ESENT 302 Logging/Recovery SearchIndexer (7824,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-09 11:11:53 ESENT 301 Logging/Recovery "SearchIndexer (7824,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.037412 -0.000890 (33) CM +J(CM:33, PgRf:150, Rd:18/33, Dy:8/32, Lg:1024822/368) +M(C:0K, Fs:292, WS:1100K # 1100K, PF:616K # 616K, P:616K)." Information 2018-01-09 11:11:53 ESENT 301 Logging/Recovery "SearchIndexer (7824,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb001BD.jtx. Previous Log Processing Stats: [1] 0.047497 -0.000786 (31) CM +J(CM:31, PgRf:130, Rd:33/31, Dy:0/0, Lg:1016391/316) +M(C:0K, Fs:266, WS:992K # 1028K, PF:1060K # 1060K, P:1060K)." Information 2018-01-09 11:11:53 ESENT 301 Logging/Recovery "SearchIndexer (7824,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb001BC.jtx. Previous Log Processing Stats: [1] 0.069706 -0.002645 (43) CM +J(CM:43, PgRf:155, Rd:76/43, Dy:0/0, Lg:1005941/412) +M(C:0K, Fs:459, WS:1788K # 1788K, PF:2968K # 2964K, P:2968K)." Information 2018-01-09 11:11:53 ESENT 301 Logging/Recovery "SearchIndexer (7824,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb001BB.jtx. Previous Log Processing Stats: " Information 2018-01-09 11:11:53 ESENT 300 Logging/Recovery SearchIndexer (7824,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-09 11:11:53 ESENT 916 General SearchIndexer (7824,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:53 ESENT 102 General SearchIndexer (7824,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-09 11:11:47 ESENT 916 General taskhostw (3576,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:44 TV Server 0 None Service started successfully. Information 2018-01-09 11:11:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 11:11:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 11:11:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-09 11:11:36 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-09 11:11:33 ESENT 916 General svchost (4036,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:23 ESENT 916 General svchost (4060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:22 ESENT 916 General svchost (3116,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:14 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:14 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:13 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:13 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:13 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:13 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:13 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 64314484 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:13 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:13 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: The log sequence numbers 60858245 and 60858245 in ibdata files do not match the log sequence number 64314484 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:12 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:11 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:11 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:11 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:11 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-09 11:11:11 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-09 11:11:11 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-09 11:11:10 ESENT 916 General taskhostw (3576,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-09 11:11:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-09 11:11:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-09 11:11:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-09 11:11:06 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-09 11:11:04 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-09 11:11:01 ESENT 916 General svchost (2032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 11:11:00 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-09 11:10:58 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-09 11:10:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-09 11:10:59 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-09 11:07:48 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:48Z. Reason: RulesEngine. Information 2018-01-09 11:06:37 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 10:50:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 10:48:36 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-09 10:43:21 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-09 10:40:30 ESENT 326 General "svchost (7716,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000005:0009:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001788 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.089693 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:44K # 0K, PF:44K # 0K, P:44K) [4] 0.001598 +J(0) [5] - [6] - [7] 0.013216 -0.012516 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:17, WS:68K # 48K, PF:56K # 40K, P:56K) [8] 0.002815 -0.002301 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 112K, PF:196K # 192K, P:196K) [9] 0.003085 -0.002620 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000053 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000120 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-09 10:40:30 ESENT 105 General "svchost (7716,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000005:0004:0000 - 00000005:0007:0000 - 00000000:0000:0000 - 00000005:0007:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.010817 +J(0) +M(C:0K, Fs:175, WS:692K # 692K, PF:3416K # 3416K, P:3416K) [2] 0.001294 +J(0) +M(C:8K, Fs:87, WS:344K # 344K, PF:300K # 300K, P:300K) [3] 0.000128 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000373 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:164K # 164K, P:164K) [5] 0.008190 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:24K # 24K, P:24K) [6] 0.079071 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.007943 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.135527 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/15) +M(C:0K, Fs:136, WS:324K # 324K, PF:280K # 280K, P:280K) [9] - [10] 0.005053 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000077 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.035039 +J(0) +M(C:0K, Fs:12, WS:48K # 4K, PF:4K # 0K, P:4K) [13] 0.359364 -0.001195 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 136K, PF:160K # 172K, P:160K) [14] 0.000031 +J(0) [15] 0.000025 +J(0) [16] 0.001331 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-09 10:40:30 ESENT 302 Logging/Recovery svchost (7716,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-09 10:40:29 ESENT 301 Logging/Recovery "svchost (7716,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-09 10:40:29 ESENT 300 Logging/Recovery svchost (7716,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-09 10:40:29 ESENT 916 General svchost (7716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 10:40:29 ESENT 102 General svchost (7716,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-09 10:40:21 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 10:28:37 ESENT 916 General svchost (1652,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-09 10:22:42 SideBySide 33 None "Activation context generation failed for ""C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.16299.15_none_e10a04e314dd6b63\Narrator.exe"". Dependent Assembly SRH,type=""win32"",version=""1.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-09 10:22:23 ESENT 916 General DllHost (2224,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 10:13:06 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 09:49:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 09:42:38 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 09:07:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 08:48:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 08:17:27 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 07:47:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 07:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 06:46:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 06:19:21 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 05:45:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 05:23:22 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 04:44:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 04:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 03:43:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 03:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 03:09:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:21Z. Reason: RulesEngine. Information 2018-01-09 03:04:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:49Z. Reason: RulesEngine. Information 2018-01-09 03:03:58 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 02:42:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 02:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 01:41:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 01:22:48 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 00:58:48 ESENT 916 General svchost (3836,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 00:40:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-09 00:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 23:40:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 23:22:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 22:39:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 22:26:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 21:38:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 21:23:11 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 20:37:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 20:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 19:36:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 19:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 18:35:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 18:29:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 18:29:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 18:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 17:34:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 17:20:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 16:33:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 16:28:44 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-08 16:27:24 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 16:26:53 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 15:52:19 ESENT 916 General DllHost (2224,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 15:46:03 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 15:33:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 15:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 15:05:40 ESENT 326 General "Music.UI (3652,D,50) {3BA4B2FB-FB03-48C2-A8BD-3BF564407257}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:00A4:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001255 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.011626 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:7, WS:20K # 0K, PF:20K # 0K, P:20K) [4] 0.000508 +J(0) [5] - [6] - [7] 0.001968 -0.001277 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:32K # 0K, PF:124K # 0K, P:124K) [8] 0.000600 -0.000045 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:35, WS:132K # 0K, PF:200K # 0K, P:200K) [9] 0.000259 -0.000020 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:16K # 0K, PF:64K # 0K, P:64K) [10] 0.000027 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000104 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000015 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-08 15:05:40 ESENT 105 General "Music.UI (3652,D,0) {3BA4B2FB-FB03-48C2-A8BD-3BF564407257}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:00A0:0000 - 00000001:00A2:0000 - 00000000:0000:0000 - 00000001:00A2:0000 (00000000:0000:0000) cReInits = 15 Internal Timing Sequence: [1] 0.003816 +J(0) +M(C:0K, Fs:193, WS:764K # 764K, PF:2972K # 2972K, P:2972K) [2] 0.020966 +J(0) +M(C:16K, Fs:719, WS:2844K # 2844K, PF:664K # 664K, P:664K) [3] 0.000039 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000434 +J(0) +M(C:112K, Fs:32, WS:124K # 124K, PF:164K # 164K, P:164K) [5] 0.007796 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:28K # 28K, P:28K) [6] 0.008418 +J(0) +M(C:0K, Fs:148, WS:584K # 584K, PF:220K # 220K, P:220K) [7] 0.076449 +J(0) +M(C:0K, Fs:2079, WS:8144K # 8144K, PF:3956K # 4028K, P:3956K) [8] 0.095303 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:652539/5559) +M(C:0K, Fs:3428, WS:8944K # 8948K, PF:3728K # 3664K, P:3728K) [9] - [10] 0.004055 +J(0) +M(C:0K, Fs:4, WS:-2032K # 0K, PF:-2040K # 0K, P:-2040K) [11] 0.000078 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:16K # 0K, PF:4K # 0K, P:4K) [12] 0.013132 +J(0) +M(C:0K, Fs:186, WS:492K # 0K, PF:-224K # 0K, P:-224K) [13] 0.069149 -0.001206 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:926, WS:1076K # 1596K, PF:152K # 0K, P:152K) [14] 0.000032 +J(0) [15] 0.000028 +J(0) [16] 0.000509 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-08 15:05:40 ESENT 302 Logging/Recovery Music.UI (3652,U,0) {3BA4B2FB-FB03-48C2-A8BD-3BF564407257}: The database engine has successfully completed recovery steps. Information 2018-01-08 15:05:40 ESENT 335 Logging/Recovery "Music.UI (3652,R,0) {3BA4B2FB-FB03-48C2-A8BD-3BF564407257}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-08 15:05:40 ESENT 301 Logging/Recovery "Music.UI (3652,R,0) {3BA4B2FB-FB03-48C2-A8BD-3BF564407257}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-08 15:05:40 ESENT 300 Logging/Recovery Music.UI (3652,R,0) {3BA4B2FB-FB03-48C2-A8BD-3BF564407257}: The database engine is initiating recovery steps. Information 2018-01-08 15:05:40 ESENT 916 General Music.UI (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 15:05:40 ESENT 102 General Music.UI (3652,P,0) {3BA4B2FB-FB03-48C2-A8BD-3BF564407257}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-08 15:05:28 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-08 15:05:12 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 14:32:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 14:18:46 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 13:31:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 13:22:03 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 13:07:33 ESENT 916 General svchost (9208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 12:30:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 12:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 11:29:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 11:28:05 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:43:15 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:32:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:25:55Z. Reason: RulesEngine. Information 2018-01-08 10:31:13 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-08 10:31:13 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:13Z. Reason: RulesEngine. Information 2018-01-08 10:30:43 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-08 10:30:43 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259196)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-08 10:30:41 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-08 10:30:39 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-08 10:30:34 ESENT 916 General svchost (6512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:29:17 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-08 10:28:53 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-08 10:28:52 ESENT 326 General "SearchIndexer (7328,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001B3:0063:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.003717 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.025965 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:140K # 0K, P:140K) [4] 0.000581 +J(0) [5] - [6] - [7] 0.047455 -0.001933 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:54, WS:212K # 0K, PF:664K # 0K, P:664K) [8] 0.001495 -0.000989 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 144K, P:256K) [9] 0.001216 -0.000878 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000038 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000239 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-08 10:28:52 ESENT 105 General "SearchIndexer (7328,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002761 +J(0) +M(C:0K, Fs:175, WS:684K # 684K, PF:5468K # 5468K, P:5468K) [2] 0.000803 +J(0) +M(C:10240K, Fs:143, WS:568K # 568K, PF:384K # 384K, P:384K) [3] 0.000074 +J(0) +M(C:0K, Fs:8, WS:32K # 32K, PF:64K # 64K, P:64K) [4] 0.000231 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.006041 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.019539 +J(0) +M(C:0K, Fs:95, WS:380K # 380K, PF:40K # 40K, P:40K) [7] 0.045905 +J(0) +M(C:0K, Fs:281, WS:1120K # 1120K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.005468 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000052 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000128 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000663 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-08 10:28:52 ESENT 916 General SearchIndexer (7328,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:28:52 ESENT 102 General SearchIndexer (7328,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-08 10:28:48 ESENT 916 General taskhostw (3480,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:28:46 TV Server 0 None Service started successfully. Information 2018-01-08 10:28:33 ESENT 916 General svchost (3888,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:28:31 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 10:28:31 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 10:28:31 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 10:28:31 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-08 10:28:30 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:28:27 ESENT 916 General svchost (3172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:28:21 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:21 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 60858245 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:20 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-08 10:28:19 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:28:17 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-08 10:28:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-08 10:28:13 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-08 10:28:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-08 10:28:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-08 10:28:09 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-08 10:28:08 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-08 10:28:08 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-08 10:28:08 ESENT 916 General svchost (1764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:28:06 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-08 10:28:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-08 10:28:06 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-08 10:27:36 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-08 10:27:36 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 10:27:34 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 700 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2696 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8180 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 580 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2018-01-08 10:27:35 TV Server 0 None Service has been successfully shut down. Information 2018-01-08 10:27:34 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-08 10:27:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-08 10:27:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-08 10:27:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-02-07T09:26:07Z. Reason: RulesEngine. Information 2018-01-08 10:26:37 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/07/07:09:26:36;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2018-01-08 10:26:27 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-08 10:26:26 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-08 10:26:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-08 10:26:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-08 10:26:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-08 10:26:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-08 10:26:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-08 10:26:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-08 10:26:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-08 10:26:23 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2018/01/08 09:26" Information 2018-01-08 10:26:22 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.115.138.219:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2018/01/08 09:26, 1, 1, 248916, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2018-01-08 10:25:49 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-08 10:25:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2018-01-08 10:25:25 ESENT 916 General svchost (4228,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:22:46 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:22:39 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:39Z. Reason: RulesEngine. Information 2018-01-08 10:13:55 ESENT 916 General svchost (3020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:11:45 ESENT 916 General DllHost (6848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 10:08:31 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:57:04 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-08 09:57:04 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:02:04Z. Reason: RulesEngine. Information 2018-01-08 09:56:15 ESENT 916 General svchost (6916,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:55:50 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-08 09:55:50 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 248947)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-08 09:55:48 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-08 09:55:46 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-08 09:54:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 09:54:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 09:54:22 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-08 09:54:08 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-08 09:54:07 ESENT 326 General "SearchIndexer (7456,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000001B2:006F:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.009908 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.058375 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:140K # 0K, P:140K) [4] 0.000711 +J(0) [5] - [6] - [7] 0.138970 -0.001658 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001729 -0.000784 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.001182 -0.000821 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000044 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000117 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-08 09:54:07 ESENT 105 General "SearchIndexer (7456,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.009027 +J(0) +M(C:0K, Fs:251, WS:988K # 988K, PF:5472K # 5476K, P:5472K) [2] 0.000968 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 380K, P:384K) [3] 0.001418 +J(0) +M(C:0K, Fs:5, WS:20K # 20K, PF:64K # 64K, P:64K) [4] 0.000314 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.006551 +J(0) +M(C:0K, Fs:15, WS:60K # 60K, PF:20K # 20K, P:20K) [6] 0.022170 +J(0) +M(C:0K, Fs:36, WS:140K # 140K, PF:24K # 24K, P:24K) [7] 0.041700 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.022309 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000140 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000626 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-08 09:54:07 ESENT 916 General SearchIndexer (7456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:54:07 ESENT 102 General SearchIndexer (7456,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-08 09:54:03 ESENT 916 General taskhostw (5004,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:53:57 TV Server 0 None Service started successfully. Information 2018-01-08 09:53:42 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 09:53:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 09:53:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 09:53:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-08 09:53:41 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-08 09:53:38 ESENT 916 General svchost (3288,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:53:36 ESENT 916 General svchost (3264,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:53:35 ESENT 916 General svchost (3148,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:53:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-08 09:53:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-08 09:53:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-08 09:53:24 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-08 09:53:23 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:23 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 60857745 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:22 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:21 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:21 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:21 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:21 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:21 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:21 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-08 09:53:21 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:53:21 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-08 09:53:15 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-08 09:53:16 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:53:14 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-08 09:53:15 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-08 09:53:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-08 09:53:12 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-08 09:53:13 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-08 09:52:41 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-08 09:52:40 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:52:40 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:52:40 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-08 09:52:38 TV Server 0 None Service has been successfully shut down. Information 2018-01-08 09:52:37 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 31 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 7952 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3640 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 3308 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-08 09:52:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-08 09:52:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-08 09:52:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-08 09:49:40 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-08 09:46:19 ESENT 326 General "Music.UI (10168,D,50) {7A71D808-5869-48E7-8CB6-0A38A58174FF}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:00A1:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001221 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.069620 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:113, WS:432K # 0K, PF:56K # 0K, P:56K) [4] 0.000564 +J(0) [5] - [6] - [7] 0.001954 -0.001140 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 0K, PF:120K # 0K, P:120K) [8] 0.029750 -0.001618 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:272, WS:860K # 0K, PF:388K # 0K, P:388K) [9] 0.000396 -0.000019 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 0K, PF:72K # 0K, P:72K) [10] 0.000030 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [11] 0.000106 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-08 09:46:19 ESENT 105 General "Music.UI (10168,D,0) {7A71D808-5869-48E7-8CB6-0A38A58174FF}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:009D:0000 - 00000001:009F:0000 - 00000000:0000:0000 - 00000001:009F:0000 (00000000:0000:0000) cReInits = 14 Internal Timing Sequence: [1] 0.034121 +J(0) +M(C:0K, Fs:360, WS:1396K # 1396K, PF:3068K # 3112K, P:3068K) [2] 0.000821 +J(0) +M(C:16K, Fs:92, WS:368K # 368K, PF:300K # 256K, P:300K) [3] 0.000038 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000348 +J(0) +M(C:112K, Fs:49, WS:196K # 196K, PF:160K # 160K, P:160K) [5] 0.017491 +J(0) +M(C:0K, Fs:383, WS:1520K # 1520K, PF:176K # 176K, P:176K) [6] 0.005427 +J(0) +M(C:0K, Fs:50, WS:196K # 196K, PF:64K # 64K, P:64K) [7] 0.030048 +J(0) +M(C:0K, Fs:1065, WS:4224K # 4224K, PF:2736K # 2812K, P:2736K) [8] 0.184844 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:640371/5551) +M(C:0K, Fs:4037, WS:11336K # 11340K, PF:4176K # 4108K, P:4176K) [9] - [10] 0.004050 +J(0) +M(C:0K, Fs:21, WS:-1968K # 52K, PF:-2036K # 0K, P:-2036K) [11] 0.000067 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.024089 +J(0) +M(C:0K, Fs:194, WS:768K # 0K, PF:424K # 0K, P:424K) [13] 0.104416 -0.001278 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:1034, WS:1732K # 2536K, PF:176K # 608K, P:176K) [14] 0.000032 +J(0) [15] 0.000027 +J(0) [16] 0.000495 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-08 09:46:19 ESENT 302 Logging/Recovery Music.UI (10168,U,0) {7A71D808-5869-48E7-8CB6-0A38A58174FF}: The database engine has successfully completed recovery steps. Information 2018-01-08 09:46:19 ESENT 335 Logging/Recovery "Music.UI (10168,R,0) {7A71D808-5869-48E7-8CB6-0A38A58174FF}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-08 09:46:19 ESENT 301 Logging/Recovery "Music.UI (10168,R,0) {7A71D808-5869-48E7-8CB6-0A38A58174FF}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-08 09:46:19 ESENT 300 Logging/Recovery Music.UI (10168,R,0) {7A71D808-5869-48E7-8CB6-0A38A58174FF}: The database engine is initiating recovery steps. Information 2018-01-08 09:46:19 ESENT 916 General Music.UI (10168,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:46:19 ESENT 102 General Music.UI (10168,P,0) {7A71D808-5869-48E7-8CB6-0A38A58174FF}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-08 09:46:05 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Error 2018-01-08 09:41:54 VSS 8193 None "Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet" Information 2018-01-08 09:41:38 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=44491fc775044e9db9586a40ff&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Information 2018-01-08 09:41:38 ESENT 916 General svchost (3552,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-08 09:40:56 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {a0324ed1-d992-42ce-8280-b170b76378ba}" Information 2018-01-08 09:35:54 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:25:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:28Z. Reason: RulesEngine. Information 2018-01-08 09:24:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:30Z. Reason: RulesEngine. Information 2018-01-08 09:21:52 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-08 09:21:24 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:21:07 ESENT 916 General taskhostw (7408,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:21:03 ESENT 916 General svchost (3132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 09:20:56 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-08 09:20:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-08 09:20:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-08 09:20:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-08 09:20:53 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-08 09:20:51 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-08 09:20:49 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-08 09:20:49 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-08 01:06:03 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-08 01:06:01 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4372 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 9136 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-08 01:06:01 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 672 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2656 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 3640 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 556 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3564 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 4456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 3464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-08 01:06:01 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 01:06:01 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-08 01:06:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-08 01:06:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-08 01:05:53 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-08 01:05:48 ESENT 916 General svchost (5948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 01:05:48 ESENT 916 General DllHost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 01:00:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 00:56:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-08 00:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 23:55:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 23:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 23:19:42 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-07 23:16:53 ESENT 326 General "svchost (3436,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000005:0005:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.109805 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.232668 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.000909 +J(0) [5] - [6] - [7] 0.003053 -0.002050 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 36K, PF:60K # 32K, P:60K) [8] 0.002305 -0.001197 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.000730 -0.000398 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000072 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000125 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-07 23:16:53 ESENT 105 General "svchost (3436,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000005:0001:0000 - 00000005:0003:0000 - 00000000:0000:0000 - 00000005:0003:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.004652 +J(0) +M(C:0K, Fs:155, WS:612K # 612K, PF:3416K # 3416K, P:3416K) [2] 0.000721 +J(0) +M(C:8K, Fs:107, WS:424K # 424K, PF:300K # 300K, P:300K) [3] 0.000031 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000246 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.015079 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:24K # 24K, P:24K) [6] 0.036227 +J(0) +M(C:0K, Fs:31, WS:120K # 120K, PF:24K # 24K, P:24K) [7] 0.015948 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.077938 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/5) +M(C:0K, Fs:119, WS:324K # 324K, PF:236K # 240K, P:236K) [9] - [10] 0.007252 +J(0) +M(C:0K, Fs:4, WS:-48K # 8K, PF:-4K # 52K, P:-4K) [11] 0.000148 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.032180 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.139465 -0.001418 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:55, WS:100K # 124K, PF:164K # 172K, P:164K) [14] 0.000031 +J(0) [15] 0.000068 +J(0) [16] 0.069906 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-07 23:16:53 ESENT 302 Logging/Recovery svchost (3436,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-07 23:16:52 ESENT 301 Logging/Recovery "svchost (3436,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-07 23:16:52 ESENT 300 Logging/Recovery svchost (3436,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-07 23:16:52 ESENT 916 General svchost (3436,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 23:16:52 ESENT 102 General svchost (3436,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-07 23:16:50 ESENT 916 General svchost (2184,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 23:16:38 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 22:54:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 22:29:33 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 21:53:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 21:19:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 20:52:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 20:48:26 ESENT 916 General svchost (8688,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 20:23:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 19:51:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 19:27:26 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 18:50:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 18:28:54 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 17:49:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 17:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 16:48:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 16:31:22 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 16:09:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-07 16:09:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-07 16:05:40 ESENT 916 General svchost (2184,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 15:47:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 15:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 14:58:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:02:06Z. Reason: RulesEngine. Information 2018-01-07 14:57:14 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 14:46:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 14:21:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 13:45:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 13:25:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 12:44:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 12:29:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 12:18:29 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 11:43:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 11:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 10:42:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 10:27:42 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 09:41:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 09:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 08:40:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 08:19:08 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 07:39:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 07:23:05 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 06:38:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 06:27:06 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 05:37:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 05:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 04:39:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:43Z. Reason: RulesEngine. Information 2018-01-07 04:36:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 04:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 04:14:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:02:07Z. Reason: RulesEngine. Information 2018-01-07 04:13:17 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 03:35:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 03:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 02:34:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 02:26:30 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 01:33:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 01:21:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 00:32:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 00:25:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-07 00:07:47 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-07 00:07:47 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-06 23:31:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 23:29:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 22:30:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 22:25:53 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 21:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 21:29:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 20:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 20:28:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 20:06:21 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-06 20:06:21 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-06 19:27:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 19:19:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 18:26:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 18:23:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 17:27:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 17:25:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 16:43:55 ESENT 916 General svchost (1964,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 16:31:21 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 16:24:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 16:04:54 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-06 16:04:54 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-06 16:01:37 ESENT 916 General svchost (2184,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 15:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 15:23:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 15:08:10 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 14:57:51 ESENT 916 General svchost (1888,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 14:32:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:19Z. Reason: RulesEngine. Information 2018-01-06 14:31:27 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 14:22:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 14:19:37 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 13:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 13:21:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 12:21:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 12:20:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 11:25:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 11:19:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 10:24:11 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 10:18:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 09:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 09:17:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 08:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 08:16:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 07:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 07:15:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 06:19:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 06:14:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 05:23:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 05:13:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 04:27:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 04:12:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 03:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 03:20:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:19Z. Reason: RulesEngine. Information 2018-01-06 03:17:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:55Z. Reason: RulesEngine. Information 2018-01-06 03:11:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 02:23:02 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 02:10:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 01:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 01:09:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 00:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-06 00:08:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 23:21:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 23:07:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 22:22:26 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 22:06:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 21:29:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 21:05:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 20:31:18 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 20:04:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 20:02:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 20:02:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 19:26:48 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 19:03:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 18:56:48 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 18:21:50 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 18:03:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 17:36:17 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 17:18:30 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 17:02:00 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:07:23 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:23Z. Reason: RulesEngine. Information 2018-01-05 16:04:25 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-05 16:04:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:25Z. Reason: RulesEngine. Information 2018-01-05 16:03:55 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-05 16:03:55 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 252899)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-05 16:03:54 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-05 16:03:53 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-05 16:03:51 ESENT 916 General svchost (7068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:02:30 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-05 16:02:11 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-05 16:02:10 ESENT 326 General "SearchIndexer (7216,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000177:00D0:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.008950 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.026307 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000531 +J(0) [5] - [6] - [7] 0.046345 -0.001644 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001162 -0.000661 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000846 -0.000545 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-05 16:02:10 ESENT 105 General "SearchIndexer (7216,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.012497 +J(0) +M(C:0K, Fs:274, WS:1076K # 1076K, PF:5552K # 5552K, P:5552K) [2] 0.000950 +J(0) +M(C:10240K, Fs:100, WS:400K # 400K, PF:376K # 376K, P:376K) [3] 0.000076 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000237 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006639 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.006841 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:32K # 32K, P:32K) [7] 0.020211 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.011128 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [15] 0.000109 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000621 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-05 16:02:09 ESENT 916 General SearchIndexer (7216,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:02:09 ESENT 102 General SearchIndexer (7216,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-05 16:02:07 ESENT 916 General taskhostw (5860,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:02:02 TV Server 0 None Service started successfully. Information 2018-01-05 16:01:51 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 16:01:51 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 16:01:50 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-05 16:01:44 ESENT 916 General svchost (3132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:01:44 ESENT 916 General svchost (3552,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:01:36 ESENT 916 General svchost (3604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:01:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-05 16:01:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-05 16:01:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-05 16:01:32 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-05 16:01:30 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:30 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 54979568 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:29 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:28 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:28 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:28 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:28 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:28 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-05 16:01:28 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:01:28 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-05 16:01:22 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-05 16:01:22 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 16:01:21 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-05 16:01:21 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-05 16:01:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-05 16:01:20 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-05 16:01:18 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-05 16:00:48 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-05 16:00:47 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:00:47 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:00:47 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:00:47 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 16:00:44 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 688 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2596 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5572 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2100 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2100 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2100 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2100 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 568 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2100 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3716 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2018-01-05 16:00:45 TV Server 0 None Service has been successfully shut down. Information 2018-01-05 16:00:44 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-05 16:00:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-05 16:00:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-05 16:00:36 ESENT 916 General DllHost (8360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:58:25 ESENT 916 General svchost (2100,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:47:02 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-05 15:47:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:02:01Z. Reason: RulesEngine. Information 2018-01-05 15:46:00 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-05 15:45:59 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 252917)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-05 15:45:59 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-05 15:45:57 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-05 15:44:26 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-05 15:44:24 ESENT 916 General svchost (8424,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:44:23 ESENT 916 General DllHost (8360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:44:05 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-05 15:44:03 ESENT 326 General "SearchIndexer (7516,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000177:0049:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.033218 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.044238 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:120K # 0K, PF:144K # 0K, P:144K) [4] 0.000535 +J(0) [5] - [6] - [7] 0.121245 -0.001455 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:204K # 0K, PF:640K # 0K, P:640K) [8] 0.001461 -0.000916 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 108K, P:256K) [9] 0.001057 -0.000651 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000046 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000120 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-05 15:44:03 ESENT 105 General "SearchIndexer (7516,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.016579 +J(0) +M(C:0K, Fs:337, WS:1316K # 1316K, PF:5572K # 5572K, P:5572K) [2] 0.000895 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000068 +J(0) +M(C:0K, Fs:5, WS:20K # 20K, PF:64K # 64K, P:64K) [4] 0.000224 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005637 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004552 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.063043 +J(0) +M(C:0K, Fs:294, WS:1176K # 1176K, PF:1048K # 1048K, P:1048K) [8] - [9] - [10] - [11] - [12] - [13] 0.005401 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000034 +J(0) [15] 0.000260 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000941 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-05 15:44:03 ESENT 916 General SearchIndexer (7516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:44:03 ESENT 102 General SearchIndexer (7516,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-05 15:43:56 TV Server 0 None Service started successfully. Information 2018-01-05 15:43:52 ESENT 916 General taskhostw (3832,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:43:41 ESENT 916 General svchost (3744,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:43:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 15:43:40 ESENT 916 General svchost (3680,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:43:40 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 15:43:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 15:43:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 15:43:39 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-05 15:43:38 ESENT 916 General svchost (3092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:43:29 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 54975322 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:29 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:28 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-05 15:43:27 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:43:25 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-05 15:43:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-05 15:43:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-05 15:43:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-05 15:43:22 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-05 15:43:17 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-05 15:43:16 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-05 15:43:17 ESENT 916 General svchost (2100,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:43:16 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-05 15:43:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-05 15:43:15 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-05 15:43:13 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-05 15:42:43 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-05 15:42:43 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:42:43 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:42:43 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 15:42:39 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 684 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2452 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 9128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 564 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 6576 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-05 15:42:40 TV Server 0 None Service has been successfully shut down. Information 2018-01-05 15:42:39 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-05 15:42:39 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-05 15:42:39 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-05 15:36:15 ESENT 326 General "Music.UI (6528,D,50) {BB672FEB-4DFB-40F0-9679-3F676B8E1130}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:009E:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001127 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.019481 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:7, WS:20K # 0K, PF:20K # 0K, P:20K) [4] 0.000532 +J(0) [5] - [6] - [7] 0.001900 -0.001165 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:52K # 0K, PF:144K # 0K, P:144K) [8] 0.000565 -0.000046 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:35, WS:132K # 0K, PF:200K # 0K, P:200K) [9] 0.000278 -0.000019 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 0K, PF:64K # 0K, P:64K) [10] 0.000029 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000120 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000016 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-05 15:36:15 ESENT 105 General "Music.UI (6528,D,0) {BB672FEB-4DFB-40F0-9679-3F676B8E1130}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:009A:0000 - 00000001:009C:0000 - 00000000:0000:0000 - 00000001:009C:0000 (00000000:0000:0000) cReInits = 13 Internal Timing Sequence: [1] 0.004368 +J(0) +M(C:0K, Fs:212, WS:824K # 824K, PF:2948K # 2948K, P:2948K) [2] 0.000720 +J(0) +M(C:16K, Fs:87, WS:348K # 348K, PF:292K # 292K, P:292K) [3] 0.000033 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.005891 +J(0) +M(C:112K, Fs:254, WS:996K # 996K, PF:152K # 152K, P:152K) [5] 0.006360 +J(0) +M(C:0K, Fs:70, WS:280K # 280K, PF:164K # 164K, P:164K) [6] 0.005683 +J(0) +M(C:0K, Fs:70, WS:280K # 280K, PF:136K # 136K, P:136K) [7] 0.026208 +J(0) +M(C:0K, Fs:1247, WS:4968K # 4968K, PF:2648K # 2652K, P:2648K) [8] 0.082850 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:628203/5543) +M(C:0K, Fs:1988, WS:3764K # 3784K, PF:2452K # 2492K, P:2452K) [9] - [10] 0.004095 +J(0) +M(C:0K, Fs:9, WS:-2012K # 0K, PF:-2016K # 0K, P:-2016K) [11] 0.000086 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.029639 +J(0) +M(C:0K, Fs:379, WS:1480K # 0K, PF:76K # 0K, P:76K) [13] 0.107249 -0.001279 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:705, WS:104K # 1612K, PF:-156K # 0K, P:-156K) [14] 0.000031 +J(0) [15] 0.000028 +J(0) [16] 0.000495 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-05 15:36:15 ESENT 302 Logging/Recovery Music.UI (6528,U,0) {BB672FEB-4DFB-40F0-9679-3F676B8E1130}: The database engine has successfully completed recovery steps. Information 2018-01-05 15:36:15 ESENT 335 Logging/Recovery "Music.UI (6528,R,0) {BB672FEB-4DFB-40F0-9679-3F676B8E1130}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-05 15:36:14 ESENT 301 Logging/Recovery "Music.UI (6528,R,0) {BB672FEB-4DFB-40F0-9679-3F676B8E1130}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-05 15:36:14 ESENT 300 Logging/Recovery Music.UI (6528,R,0) {BB672FEB-4DFB-40F0-9679-3F676B8E1130}: The database engine is initiating recovery steps. Information 2018-01-05 15:36:14 ESENT 916 General Music.UI (6528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:36:14 ESENT 102 General Music.UI (6528,P,0) {BB672FEB-4DFB-40F0-9679-3F676B8E1130}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-05 15:36:04 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-05 15:35:35 ESENT 916 General svchost (3832,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:27:37 Windows Error Reporting 1001 None "Fault bucket 1716656423059477734, type 4 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: msconfig.exe P2: 10.0.16299.15 P3: 74c1e3c8 P4: msvcrt.dll P5: 7.0.16299.125 P6: 20688290 P7: 40000015 P8: 000000000000ad32 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER663A.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6958.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6976.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER69F4.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_msconfig.exe_6c6942c14a7068b4fdd0db8c98f7c31116cf2bb5_2dcf77de_1fa67657 Analysis symbol: Rechecking for solution: 0 Report Id: 6aac1677-0af8-4377-a8da-6165d79bebfd Report Status: 268435456 Hashed bucket: d7af73e2e33659a4f7d2c9ebe9da54e6" Error 2018-01-05 15:27:32 Application Error 1000 (100) "Faulting application name: msconfig.exe, version: 10.0.16299.15, time stamp: 0x74c1e3c8 Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290 Exception code: 0x40000015 Fault offset: 0x000000000000ad32 Faulting process id: 0x2068 Faulting application start time: 0x01d386314fd28a1f Faulting application path: C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.16299.15_none_fd666a760ee483bb\msconfig.exe Faulting module path: C:\Windows\System32\msvcrt.dll Report Id: 6aac1677-0af8-4377-a8da-6165d79bebfd Faulting package full name: Faulting package-relative application ID: " Information 2018-01-05 15:26:59 ESENT 916 General DllHost (8392,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 15:24:32 ESENT 916 General svchost (3832,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:58:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:38Z. Reason: RulesEngine. Information 2018-01-05 14:57:47 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-05 14:57:47 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T06:01:47Z. Reason: RulesEngine. Information 2018-01-05 14:57:45 ESENT 916 General svchost (8864,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:57:17 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/30:06:03:14;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2018-01-05 14:56:55 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-05 14:56:54 ESENT 326 General "SearchIndexer (7360,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000176:00F5:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001193 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.034912 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:17, WS:36K # 0K, PF:20K # 0K, P:20K) [4] 0.000615 +J(0) [5] - [6] - [7] 0.055208 -0.001657 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:18, WS:68K # 0K, PF:516K # 0K, P:516K) [8] 0.001321 -0.000753 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:224K # 0K, P:224K) [9] 0.000876 -0.000572 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [10] 0.000043 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000128 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000016 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-05 14:56:54 ESENT 105 General "SearchIndexer (7360,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000173:0001:0000 - 00000174:0001:0000 - 00000176:00F3:0000 - 00000176:00F3:0000 (00000000:0000:0000) Internal Timing Sequence: [1] 0.003727 +J(0) +M(C:0K, Fs:198, WS:772K # 772K, PF:5476K # 5476K, P:5476K) [2] 0.001058 +J(0) +M(C:10240K, Fs:123, WS:492K # 492K, PF:388K # 388K, P:388K) [3] 0.000152 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000300 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006932 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005012 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.006958 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1036K # 1036K, P:1036K) [8] 0.204202 -0.002984 (61) CM +J(CM:61, PgRf:704, Rd:94/61, Dy:0/0, Lg:1002891/1819) +M(C:0K, Fs:926, WS:3576K # 3576K, PF:4524K # 4524K, P:4524K) + 1 lgens [9] 0.301133 -0.001259 (103) CM +J(CM:103, PgRf:653, Rd:71/103, Dy:42/628, Lg:3000826/1965) +M(C:0K, Fs:925, WS:3524K # 3524K, PF:2352K # 2352K, P:2352K) + 2 lgens [10] 0.002221 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000301 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.112899 -0.000022 (41) CM +J(CM:41, PgRf:0, Rd:0/41, Dy:0/0, Lg:0/0) +M(C:0K, Fs:339, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.084258 -0.000638 (1) CM +J(CM:1, PgRf:2, Rd:0/1, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:300, WS:-6112K # 0K, PF:-6184K # 0K, P:-6184K) [14] 0.000035 +J(0) [15] 0.000050 +J(0) [16] 0.000591 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-05 14:56:54 ESENT 302 Logging/Recovery SearchIndexer (7360,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-05 14:56:54 ESENT 301 Logging/Recovery "SearchIndexer (7360,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.142183 -0.000594 (31) CM +J(CM:31, PgRf:130, Rd:34/31, Dy:1/3, Lg:1012020/316) +M(C:0K, Fs:275, WS:1028K # 1028K, PF:1100K # 1100K, P:1100K)." Information 2018-01-05 14:56:54 ESENT 301 Logging/Recovery "SearchIndexer (7360,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00175.jtx. Previous Log Processing Stats: [1] 0.098818 -0.000626 (31) CM +J(CM:31, PgRf:134, Rd:31/31, Dy:0/0, Lg:1008342/318) +M(C:0K, Fs:268, WS:1000K # 1036K, PF:996K # 996K, P:996K)." Information 2018-01-05 14:56:53 ESENT 301 Logging/Recovery "SearchIndexer (7360,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00174.jtx. Previous Log Processing Stats: [1] 0.168064 -0.002984 (61) CM +J(CM:61, PgRf:704, Rd:94/61, Dy:0/0, Lg:1002891/1819) +M(C:0K, Fs:631, WS:2476K # 2476K, PF:3520K # 3516K, P:3520K)." Information 2018-01-05 14:56:53 ESENT 301 Logging/Recovery "SearchIndexer (7360,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00173.jtx. Previous Log Processing Stats: " Information 2018-01-05 14:56:53 ESENT 300 Logging/Recovery SearchIndexer (7360,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-05 14:56:53 ESENT 916 General SearchIndexer (7360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:56:53 ESENT 102 General SearchIndexer (7360,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-05 14:56:39 ESENT 916 General taskhostw (7040,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:56:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-05 14:56:31 ESENT 916 General taskhostw (7040,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:56:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-05 14:56:28 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-05 14:56:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-05 14:56:24 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-05 14:56:24 ESENT 916 General svchost (3832,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:56:17 TV Server 0 None Service started successfully. Information 2018-01-05 14:56:13 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 14:56:13 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Error 2018-01-05 14:56:13 SecurityCenter 16 None Error while updating status to SECURITY_PRODUCT_STATE_ON. Error 2018-01-05 14:56:13 SecurityCenter 16 None Error while updating status to SECURITY_PRODUCT_STATE_ON. Error 2018-01-05 14:56:13 SecurityCenter 16 None Error while updating status to SECURITY_PRODUCT_STATE_ON. Error 2018-01-05 14:56:13 SecurityCenter 16 None Error while updating status to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 14:56:13 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-05 14:56:12 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-05 14:56:11 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-05 14:56:11 Microsoft-Windows-WMI 5616 None The Windows Management Instrumentation (WMI) repository was successfully re-created by the auto-recovery mechanism. Information 2018-01-05 14:56:12 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 252966)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 14:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 14:56:08 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=379665e4-add7-49bc-83b1-caa74548c59d" Information 2018-01-05 14:56:08 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=8eb463f0-cad3-41e4-9512-21899ccfef5f" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=e290290a-c5bb-4db2-b3cd-7ed6bbdc8e31" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=1cc726b4-565a-4177-9d9a-d0210157d03a" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=0615251b-6a83-4da9-8d88-93bd3cd9031a" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=47d51373-fff1-4544-a396-1ab4b49faaed" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=bf3d5a58-365f-4707-a949-13d3f072b364" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=4ffe5ec0-e4db-4671-a117-b26a7b9f7dc8" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Private) License Id=13d4e961-6457-4744-aa2d-5ce60764ebdf" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Public) License Id=0d8ac0b2-bf4c-406a-a469-b81a842a8f75" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=32a7f29d-2bf2-4043-8daf-fa659ae1747c" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=426f8963-7590-4eb7-849a-5cde807900f9" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=4837f35c-880d-4d9a-8b6a-489820dec939" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=527317ed-7370-4170-b592-76587de224f9" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=c99d4a63-6b56-4cfb-a3ee-a0508910cb43" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=949c86bd-b925-46c8-ac42-9d7d933481e6" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=b8e2dcf3-05a4-4383-9777-562764520f3a" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=9d724b54-735d-46ff-b237-21c86cfdfb9f" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=f195bd61-ed05-4f02-b726-80d92ddef1ab" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=a2a9e8d8-a18b-4e6c-948b-9f3f7bf37515" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=5a468fc3-558c-4e81-9b52-ac742d0c6e75" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=795ffe39-b0c1-4a51-bb1c-e2d5b039ac64" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=8cd0daad-7765-4b79-b566-3d989a88b9d4" Information 2018-01-05 14:56:07 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=2081e522-28bd-4660-a21e-d404f03ea1e9" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=c845d9c3-0e40-4181-a0fe-072002281dc7" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=123201bb-f93f-409e-a01d-adf908e9d61b" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=fe07a815-91e4-4f5d-b99f-a2a17c8112d1" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=b37fbdd8-41e4-41ce-9e8e-704df6d5544f" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=e7cd0373-46cd-43bd-ad7c-388ad05d3222" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=34aa78f7-005d-4c67-bde7-df73b157efe9" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=41a1b404-c41a-4348-aa37-810e68d378e4" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=3ca8f54b-e5ef-4c77-953a-f4c290ee68ef" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=a3df516c-41f1-4fae-adc9-fd51366a9b2a" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=9affb959-d6e8-4c46-a5f1-cb6044a9c336" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=719aeee3-f2a7-413f-81a8-2531b5abdeb0" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=72279210-2058-4a45-9447-09f02b7bd0b8" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=ee3dea07-04c8-492d-b564-f68bce0772ff" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=2ed14c9f-7129-4df3-a670-499e1cd6133b" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=a2e131d1-fee3-4bbb-9664-c0cf9cbc69eb" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=8da5de37-5e7e-418f-9344-0e9e209ced7d" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=50c500f2-28d3-4770-8fc9-f0033fcd12a2" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=aa349888-ee4e-47a5-912a-f0538a7f01a6" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=3a836447-1dc7-47d8-913c-4fcdd4ee8a99" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=04e2e470-935e-4ed3-8ee7-6f0fcd7a9f78" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=0f12ee3a-382a-49bf-8634-846c348983d9" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=fcdd6f2d-4051-45e3-816d-71038ed5ec2e" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=0c99de14-5a16-43e0-a15d-a9a08c4739f6" Information 2018-01-05 14:56:06 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=e66f65cd-f442-407a-9790-c72f27b58c2b" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=70307d66-1a99-457c-b4d3-6d3dc1bdad3d" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=5d3b69cf-db5c-4656-9837-8be4f9f00433" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=918248f7-c466-4028-9095-509c546180ef" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=4872ed88-fae4-4487-9922-e8f2bdf894b1" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=ae2bdc0f-8714-4d81-b03b-acacce1d9df3" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=966e7be1-2f9f-4def-b73c-dfaf8e08e368" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=006c17e0-262a-444e-bc52-00eeed440ba6" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=02bb63f9-c5c7-469b-ac43-ee7903b58ab3" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=e55b7af5-e36c-4f83-85be-a7630febb0cd" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=c451230a-f124-4f40-9f62-d81150662169" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=4c0aeaab-3d2c-451e-b981-c07b2e9604a9" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=dc3e2063-56f8-4b21-b0aa-4511080afc37" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=076e73e8-f6fb-4595-9342-f70dc8a51a00" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=e68dd81d-d0f2-40d8-8480-09867b5b90b9" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=1d2db0e6-33b5-4ea1-b885-5d832250b052" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=d138411b-5689-4b2f-93a6-ebf3d806b9b6" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=d159c196-8e44-43b5-be80-297be7db0a1a" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=c0f55887-9298-4416-b687-5bed46a72718" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=57e15773-80f7-489c-9d89-1bbf9a470986" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=89fe0008-900a-4098-a9ea-15c558b4be0f" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=4efdc836-b19d-47cc-a8db-90540f432509" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=2d2e70c2-4e96-4961-9b22-7fdc00b14378" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=6f7e4b92-fd5a-4d55-8c85-a262a9812e20" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=b0de5e9a-1290-4f7d-81bb-6b9ada049ebe" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=41b50af9-7c36-4513-b513-e5c0c6171d91" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=24fe9be7-1dab-44e6-a7c0-ab59eb250e39" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=1293a4a6-1891-44ee-8ad3-09ed37171499" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=b29b5d78-de81-4572-b8b0-f6abe174969e" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=297403b8-e648-4c47-bc88-a41c401ba31b" Information 2018-01-05 14:56:05 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=51866601-3f7f-4a79-a2f1-207f74819d11" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=a0afd91a-9514-4f92-80c7-5ac162c5bb77" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=8dca8b11-c2ed-40e0-ae71-3d535ee9ac48" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=23b2e479-bb63-4588-a4f7-745e6f2ca56d" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=708bf0ab-883f-4c3b-8a1b-c1ff8281dbda" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=315b8ee2-cd5b-4c41-98c8-75b591f7e28b" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=1af481fa-cb71-481c-a8be-c4aa1d74b349" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Private) License Id=86e1c7fc-d9b8-475a-b221-291b33382ca9" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Public) License Id=3476e197-86d1-40d3-b546-bf14ee9e1526" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=e51bf147-4539-4f3d-abc6-42d17e9528d4" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=9a6796eb-fae8-457c-8ffb-0649a7d2d4cf" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=155cd71d-94d1-4395-89a6-3bb195bb266a" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=8120066a-0a4e-453b-89e3-60683c30e2b5" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=3bda3c31-7cb8-4b8b-84d8-1e0fac2c2021" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=d16127b8-ec16-4e41-bf5c-f814543862a0" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=015b36a0-dd73-429f-9157-4792ff23f866" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=6273b418-42d3-48d9-8bef-6bb732af9203" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=da95dc1a-038e-479a-a2cb-afaef81c7b2e" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=2f2986aa-a8db-45f4-a3c4-6c77c9173b10" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=5fc1f69b-a13e-4d85-bd28-903bf5b97787" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=0a67720a-7495-4a7c-a4fe-a4e50cf3c81c" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=ab5df71b-faae-483b-9d4f-1f633b5b3480" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=886b70da-de84-4b6f-87ac-d7a426d51e2b" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=a2e203f9-2cea-4b03-b844-2b4c16e692ed" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=9d1d6cf1-3cb1-4c1f-9ff3-c6be17aaf285" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=4d98d811-4300-44ea-af84-692804440b5c" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=d72e4d47-832c-408c-b55c-157ae2d142cd" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=423573a0-80e9-433d-a3d6-f0f62fcb508b" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=abb2bd55-9fff-4918-a1a6-49073e17d7d0" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=cc0f776f-d269-4295-ae02-6efce51a350f" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=264c1254-9f8e-42ed-b27b-9e41e100c12e" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=5beb8fdb-76a0-473b-8b30-8a847161baa5" Information 2018-01-05 14:56:04 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=84f0dfe5-d909-4dca-b04d-f521dd8dc927" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=63505e58-bfe0-4b99-a2c1-847ab3f44c20" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=83599008-8d7c-421a-bb24-5dbcdffe1bae" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=74dde3c5-aecb-4e6f-8af6-7e00be4b2abc" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=a3a4948b-da43-4cea-bd3f-8769c0f3efa8" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=56703aa8-1e87-435a-b25f-3e7af92ff077" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=9a6f92bf-4b45-4ca0-bb7c-795fb663c749" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=d91d582b-0dde-4929-a17e-a5fa69ecdae7" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=b4f49d3b-b3f2-4fab-b3dc-79661483d395" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=4ad34af6-528c-4732-87c6-c8b632b3fe19" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=881ed12d-56ab-44ba-87c4-79737486b71d" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=dd9b3800-8f48-4c47-bc2c-27ad5ab56423" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=feba0196-5c9e-496c-8058-624018e23a07" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=47a158c1-aef7-4d43-b4a3-7de1f1c28986" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=0cb29b1e-a59c-459e-bf69-6a7848972a42" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=299ae870-efdb-433a-a369-b3316fd0979e" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=fb1f6520-0a18-4e3d-b797-f519ddaaac28" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=d309aa2d-881d-42bc-89e6-f9af08334d23" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=edee724c-2d25-4490-9ba2-962ff83ee025" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Private) License Id=c4f10d8e-16da-4086-9a87-25641381b6db" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Public) License Id=02030ad9-7387-4a5a-9197-71753683a0d8" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=c9bbb2a5-98d5-4717-8192-9b78ddafaf27" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=1fc1fdea-f5dc-44b9-989e-1138900b5c81" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=460a588e-0f23-4f41-bf98-de0204652d59" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=a211ccb7-59de-40d5-b853-50b7ad3a0d81" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=1e0a72c5-dbbb-455a-863e-c3179f235058" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=051aac7c-dfca-445b-bda9-16612cbf0957" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=d9da1c09-47b0-421f-badb-410e3c80a804" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=cbdd94be-0fa5-4c97-93c1-dd293814b4be" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=8dbe6778-ee28-4063-b79d-de0391b72263" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=76becc32-771e-4a40-b0a5-1a9f6fedb679" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=11f474cf-81e4-4a80-a095-f983f35fe27a" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=257e7abb-e41e-4fcc-81df-e9822597b28c" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=d4de5e37-acb1-41e4-a122-6e2daede8bd4" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=bfa54865-13ff-4a69-9c2c-1d72f9c90756" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=7c927cf8-42f7-467a-a5b4-f227aa9466bf" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=9633cdfc-648c-42f1-a70a-4ec53dfc64bb" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=10230f06-2e55-4749-b15c-65041d859bac" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=2e56ceda-01ed-475e-9611-e207c1bef3c5" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=a31a78d8-8057-43e8-9d42-e3f490c8d7c9" Information 2018-01-05 14:56:03 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=214417ea-24e2-4865-b5ea-158c23bfa47d" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=3b1305c1-8612-441f-9c6f-08f7a562ff81" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=f6fd82e3-b21b-4337-ab07-3d38f53ed1e1" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=a66cb79b-95f3-47df-b5dd-81acbc0c1f13" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=e9068ce2-d033-416c-a7ef-7cecec9eb7d1" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=53735844-9079-42a7-904a-66567bcbcd8b" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=52bb789d-022c-4b65-a89b-55cd5e8f1ccf" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=28c67dc3-f2a9-471c-b580-18a0ff3d405e" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=c81605d8-1181-43cd-bcf1-74e425d3db8e" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=6958859d-1876-4522-9ace-ed446e9357a4" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=8345147b-9581-489c-93f2-a0a637c3be98" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=501caf71-b540-4569-8d46-2446420fd1bd" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=dde63d7a-138c-4706-aa91-c0dd26ec8786" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=ce4d9047-cfd9-47cf-9a77-41ce520ebd02" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=08a030f2-854e-4d67-ba33-c5f714a2b79c" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=75a18fd2-a12b-481e-9d12-744b76b7de61" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=00ec895e-2c27-4044-8d7f-40ebcdb1c90a" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=c4601df4-c6d9-439c-8655-99e795984af1" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=de2b2435-5d05-4522-9db9-843ff762eafe" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=b71cc0d5-c1c8-48a2-b082-7d1a4bef07c8" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=b1434b74-2c87-467b-9ec4-a3e7c9a28b76" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=61dcbcea-c188-4dcb-baec-202eaecdb0c0" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=b64c3936-517a-4049-b68d-b2ce9746c029" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=b1e1a4fd-af75-4641-a63f-a70dd192d013" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=dfd8339d-2436-4d2f-9c18-c5718426c80b" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=2393bd77-4e09-4399-86fb-ab3a38684f0c" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=e7bff33f-2acc-43d9-929d-63edb1bf8b34" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=3fa93ccf-8a77-4091-a906-c0ac3cc25117" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=9bcc01e3-fd11-4647-a3fe-df89041910bc" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=58a14da3-c63e-4d52-8493-bf61f4c3719a" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=ae6a68fd-9370-4af5-8aa3-f8558567b185" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=667c42da-56d1-4ffa-9671-2e6ef65e713d" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=8d2f47af-f4f4-43fe-836e-891ae9b0019d" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=5da074e7-47ab-4edc-8e50-8347ddb8ee84" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=c10cf081-38ee-4631-b8aa-21b082867b7e" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=5b57d39d-cf6e-461c-a4d8-86a8986376b8" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=d451d20f-4cc1-4b99-aecc-604bcc129a6e" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=2821de25-b6e9-4d33-bb4e-95306e55aca2" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=54e6bf17-2ce6-4578-a808-74059e61c23e" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=3e45b60d-0b88-4cba-89eb-da832aecca92" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=c4eec5f1-1b23-42f2-88c6-3180bff679de" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=0d3f17f9-52e6-4643-98bb-8a44a13e62b3" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=f4736335-3e83-4b67-ba2e-35bf1105b71f" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=cef400f7-f7a3-4aaa-9798-cc6d9804044e" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=89028777-6098-4d35-a753-1ef95f6d03f8" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=9c539af4-8772-429b-b8cc-3a150096e73e" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=ad6ff193-17d1-40a3-88ad-dee33b09068b" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=041f0b68-be42-4615-95b2-e270016d6d1b" Information 2018-01-05 14:56:02 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=4ea736b0-9c93-4216-913e-ab92e2bc3a72" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=32e5b089-8ee4-4115-8de5-d3b5ed60cfb0" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=55bb2c85-1371-4e21-b920-aeaf2c8bc9f6" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=2d2d1a31-fe97-40de-b589-f661fd0a3e45" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=21fef3c7-431b-445d-b535-bbc11c39a3e2" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=5dd38355-8348-4888-8362-0ab601fb302e" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=bb9d5607-3c91-413d-8f5c-9a9e52cf2ceb" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=8b23c9f0-f933-44a6-be58-f282fd931032" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=37bc7803-487d-448a-9298-9a0e95263e67" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=94c8c5ea-54c9-4737-9b05-af5fedaa5c29" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=49c898cc-8ab6-4008-bdfd-b991c3311618" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=51b62db0-46f6-4082-b313-614da6910cd7" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=84ac8da0-941f-43a0-ae4d-771a6103ad28" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=389099c2-757a-4d1d-a50a-a5331d90af07" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=05b8e7c4-381b-4625-baf6-a008d7002001" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=1e0a731a-5157-4298-9cf3-8b2a9585e867" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=10a8d239-0715-4ae1-9a2e-6285390fca50" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=ea8f71b3-d32b-488b-aa40-9696e189f1c5" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=eb739b98-76d5-4143-998a-bc41f28a46ee" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=b57daaeb-e652-43f1-803b-423062280544" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=23a41619-6fcf-4363-9305-c83572c4ed8e" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=ef33c9dd-04ff-4708-950a-7c28ca5c0932" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=55d829d7-40a9-4ae1-ad26-113458e78b81" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=e45dbc3f-8aba-40c9-81ac-0267207673bb" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=9647ae15-e107-4b31-b970-9be7cef4d8cc" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=70db80d8-7b07-43cf-80f2-752dae077b85" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=711479e2-a4e7-47f5-8381-562009ac0184" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=b3f3294d-a518-4b64-80d5-ace5b39fb86d" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=89a5ac1b-742b-4d96-ae36-797dd1a767b9" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=0f8e9240-6d4e-41ff-a2f2-aa09c7f2c952" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=29fab23f-3bef-4ca7-928c-dc8087483501" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=97064d83-39fc-4ace-8c76-b89df2c24343" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=e5542467-8b3e-478f-93b7-70fa0362cc40" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=85e97acf-8a4f-47f7-ab9b-8513dbd8a1a3" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=b353ca33-c55a-4449-92a9-79e445757f3a" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=11f49533-053b-4616-a8ff-dccd589763b9" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=d035d25a-aa78-44fd-9f65-e50c88149c66" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=05f57af2-bce8-4eca-a35e-f3c801122fcf" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=932a3abf-5813-4d4f-8d77-061b6dbd93b4" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=6689630d-f1a6-4114-a826-c437bc1986e1" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=ef6f5910-0482-4e4e-8f3b-847f58867220" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=ff0ca72c-cc7d-4670-9db2-1bd62c32194c" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=1711dc80-cb30-4a92-85e7-3c15159c9a76" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=6271eeed-668b-4ba2-bf8e-251ff05c5a87" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=666ce866-901f-47b3-a574-2c12e8bb1ba6" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=d501a71c-23c4-4e74-9f98-1f1cddd458db" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=b7055acc-eb70-4f91-b3a7-58b6fe813d77" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=1407a06a-b33c-44c0-899d-56d7a2510e24" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=2160c88f-9fba-41b6-bc5a-ac9d1e1bf6c0" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=7d0d868a-2816-42ce-8dbe-98e02cc90ef6" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=45934be1-a7d2-419f-a883-50761c45440c" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=170df3a4-1300-4bf3-8621-df1dc1cf7716" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=9d3e48f4-03f3-478e-ba59-d210a26d5b1a" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=31bd344c-0305-41e9-9bc1-037d05f5c215" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=f791e3e4-8d4d-4e98-8f30-13f47754477a" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=259ecaf1-d3b6-48ae-bf99-f98a3d92af22" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=1026883d-818f-42d9-83df-7222423dce54" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=ca88a5d8-9283-40b9-8efe-36c1b039a47b" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=71cbb1b6-3b85-4206-99dd-323ae9618019" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=78dcd13c-0e56-4e80-8eb3-d13b957c8040" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=de34fbd4-6085-41df-be3e-ba1303eff890" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=7df3894e-2179-4b65-b104-53017dc94eb4" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=a136f008-94a9-4939-937b-1a8a49de68c8" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=6e9ad507-ac75-4341-8ea9-494b11782d8a" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=ac400e24-40fc-4a94-8b95-d68c3f43dace" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=87d9bff8-5549-4997-9ed8-aefb16030f86" Information 2018-01-05 14:56:01 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=cd0bffab-dfe2-4545-9771-ee4a5e34b98e" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=7855aab5-8f98-48b8-b1a4-fef7fdbf2fc4" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=fd1a11e7-0021-4404-979d-ee15eebc3feb" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=9d80dacc-6225-452e-9ba2-8cfd9add3b97" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=f780cfd8-7398-4e35-94ea-0a06ffe00924" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Private) License Id=06e1abce-8f72-4a0c-bce0-9766036686f8" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Public) License Id=62e33bc3-6ed5-4f1f-8ad5-43aaa96c17d0" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=0b93c5fd-1919-4983-b45d-75df8c148d65" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=c1903347-0727-48c4-91ed-1440ce9d222c" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=8d05bdcc-e91c-4306-b70b-aefc3b4e8385" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=718d9a1a-af7f-47d2-b259-6b9c14469b76" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=5cab11b6-df41-4fe6-9734-a56f95de4b74" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=9187e353-4544-4e44-afe4-114945df3cea" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=b1606db1-528c-46d9-bc24-0b825aaf4eb3" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=3d1c4f73-c58b-409e-8879-9b5f781bca56" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=8758aec8-b26a-4e47-812b-a3d20f18659d" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=d5a54b9e-2497-4777-b762-5abc78831e2c" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=cbfdc78d-b83b-4cda-bb37-1bbc7c7aab7f" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=12f6f955-6bb8-4e97-9156-8c977cb4c706" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=b2cc8f6a-78d4-4fe9-af9c-b583b31f23db" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=96710906-4b72-4b46-ae11-da492acbb28d" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=fb2a12bf-6e52-47a1-a44d-8037fc5ebb21" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=a081ec44-aea3-4ce5-9c7d-7bfd080aea0d" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=aaae40d2-b240-48d9-b0c4-c36624584f8c" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=d5cdd5e1-f4e9-4b93-b817-3bf19a707864" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=8fd671c0-71e1-4ed6-a762-2fa0b9141ff7" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=097be533-a230-4d86-b673-6efad9e703ed" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=733505dd-ba4a-4cea-89c7-705c9f86303b" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=3ba9a78d-66a5-4d7c-b6ac-9a559d61047c" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=aaabe775-8765-4ea8-88ce-8cae7b9fbd07" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=e532f1a7-6032-4cdb-a60e-602b3c8f5b69" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=05ef31d8-c980-4a92-9326-eb51fac7684c" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=c0936a76-203a-45f1-bdcb-316765859f94" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=78059b8a-49a1-4443-874e-d1753c969c54" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=700f66ce-6043-44de-9242-886e70507037" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=cfba60a7-6a35-4d35-8ed8-61d3f338db73" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=a5c90579-1e9d-4610-b1f1-f0311de3cf4a" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=24e9d68c-d075-4b84-a4a2-21404a412597" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=f720863f-c46f-4c95-9d8c-ca7958b11ef1" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=14b3f6f3-b001-4727-82e9-b71b78a7b59b" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=83e81e6d-f8f7-4ddd-aabf-da6bb036dda3" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=0e8f406b-fe07-418b-8319-ac77bd27e0a5" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=ac7e2030-89a1-48a8-9f69-ca836fd4c5c1" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=146143f7-4d06-4045-95e2-3f9cf907f832" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=d5da5be0-687c-4d60-b8d7-856750d744ae" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=83d5fe65-f2fc-4be4-ae0c-412630c98c9d" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=5519899c-c019-4457-a4d1-a1bf6dc601d1" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=1c19af25-2556-4275-ac22-7b91599f8052" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=4a2220f3-728b-4e7d-8f90-ace7e5ed9b2e" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=2dae4476-2116-4ad6-a014-9224d4c922c4" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=63ff2959-12b6-4e3e-a90b-f9d8dbedda8e" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=90343732-872c-4f48-a93a-026b6e7ee4d0" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=366ddf90-e91d-4b94-9552-18bce5fbeb18" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=e8a8a238-74b4-4271-b522-7d95ca197f79" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=aafd194c-3cbe-44b8-9013-139c5843bb80" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=b7e782e5-da1d-4a9e-9d20-937e1131a7c6" Information 2018-01-05 14:56:00 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=1287143a-4406-47c8-bfe0-a7dc2f891a84" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=a7108a5c-256f-47ef-bf2d-23e209317c10" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=3e329173-4534-4df2-992b-1f2e1633eed7" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=9df4056b-ae65-4a28-a724-a641f6eb7f09" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=7c287538-cc89-428e-90e3-687baa06bf3e" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=c7d377d2-3035-42f6-9e3b-9a7e5d23ed8f" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=35511d7f-7cf5-4eb6-b4de-ab8a0b9cb9d5" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=2d75a3f8-9c5c-40ba-9e64-b7df6fc0388c" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=7e38c37d-074f-40cf-ac76-d45e6cad4c7a" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Private) License Id=59f3791c-9ac6-44e1-8264-c21a3374173e" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL volume License (Public) License Id=f0de305e-b2e8-41f2-bf55-383d31187a16" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=3b37ee4c-b9ea-4106-8b0f-503d01264886" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=4a054754-b0a0-4c3a-9aa0-b236bbb50387" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=138f2a34-831f-47d7-b68c-c193b40de50b" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=e5b083bd-3472-4c53-8eab-82ca088a2db5" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=3f4131a8-4272-40f9-a17d-3feaa6bef2f2" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=29c0c4d9-2255-4390-80aa-de4d3b6d489f" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=ba28b3d5-b2d9-45c3-bb06-b005cc2d02f8" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=1f0eb507-9775-49d8-9404-d9028412461c" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=657c9df4-35ac-4980-a687-0e55961f6ee5" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=2240f464-0867-4a48-87ea-a6197aa935fe" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=4e2adf13-e2a4-464c-a2f8-df9974c016ec" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=858e22c4-feab-4d0d-ae4b-e490934ffa94" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=3bcf1386-13d6-4177-b9e0-a2cad237b5ee" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=ce92820c-e7a6-4b07-b47e-5d9bb0fb9c54" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=534cc61d-d735-442e-8337-858073a43703" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=8169e6cc-6ce9-48e9-93a7-35cb31a6dd94" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=9f4d57ff-87e7-4840-a8df-489a1fe2b64c" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=9d4d9b0b-88d6-4b6f-92d4-6317bf127f7b" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=280ffe79-93c0-4720-ae90-49808b3ea70d" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=d4db8b7d-c5c0-45fc-a3ce-4d869f7a4fd9" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=d6a88d93-04de-4a17-bc17-7bd6ac11351d" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=7c5544d1-44a9-4c22-a892-7ec2cf1463ff" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=bd4726b1-02b6-4a5b-bc60-9212951851b9" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=f5809ed1-f4fd-4611-a358-76dae7de693c" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=2568220e-2f5a-4a59-90c4-7f7798eb3f94" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=334b8163-6a94-4b26-8993-8d938762d1b8" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=00a8701e-5c88-4607-b9c7-4dbdef7e2632" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=64ec6132-189e-4b0e-9a1f-be2e2b2fa418" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=d197c5f2-a5e1-418c-af9e-2fe89a02121b" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=ee5ccd91-2f46-41cc-968d-3a670a80abd4" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=d6514fb5-adaf-493c-8041-4c98b4ed5091" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=14749c80-26c8-47a5-b01a-1a4be01d98ad" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=3662341b-10a8-47e9-9351-9b8b1f7fc704" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=76709895-37a2-4186-86b0-deb377f59238" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=29d7e7f6-fb2b-4b26-8adb-d87da1027990" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=a71d30ac-0de9-4668-a90a-a141a3e6cc8f" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=1eade59b-3a13-4d00-b400-ab2e5408ac2f" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=22bf0443-58a7-4b2a-97f1-66d35c077e7f" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=79089503-8328-4021-9e7c-2276a10872b0" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=e193777a-b118-4de8-a22f-d1342c983816" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=16d61642-a9e2-477b-abb4-dfefd685ad07" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=da749a7b-27a9-47c2-95d4-4a05d454d98e" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=d7a07ebd-58d3-45a8-bc3c-142658023daa" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=586533c7-88b2-4829-9da9-cd3f113e473f" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=7ee984ae-62e0-4ca6-917c-afb50b270e3f" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=c7e9063f-5684-42cb-a8c3-3e881af259c3" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=d247f2f4-1503-4454-bb90-8b16396ad52c" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=cbaf7a96-931f-4bbc-9f51-dbc91f4fb89e" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=cb80986c-aa81-437c-8402-2dfd02c05b24" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=591e63b9-234b-4f6e-bf03-19fd2362a27b" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=9e4b6b60-c55a-467d-8844-98718949e786" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=72879a57-fa85-462a-947d-75a7f67d57e0" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=dcf7aa6a-8aa1-4e95-9ded-e74e38aed669" Information 2018-01-05 14:55:59 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=09f86091-df1d-48b3-84b5-43b41ccaff6f" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=11679d0c-0e83-47b3-8009-5ea78abd6cae" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=c1e2989c-b547-4f56-b702-f0a07364eb0a" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=f9316cae-1009-49a6-9758-e9a8b45a12cd" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=b356a8a8-a005-43b8-9ebd-ab0568831c62" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=77369364-de99-4843-abcb-5838534d137e" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=e2f1f3b1-ca59-48b7-ad87-971c0bbab68a" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=8d7ab53d-8f20-43ed-9686-3ffa4cbfc240" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=cdb68b00-92ea-4a30-9780-2de1ba0b5f9f" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=ed1b3c01-999c-4721-acdf-fec13510c3ef" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=ae7edaca-98e8-43f4-8c58-33a5305a46fb" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=a83db301-9916-443c-9408-5ba3e39f28ee" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=e562f0ca-cade-4dc6-ac0b-7af3af93f25a" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=9cfce348-be24-4931-8e71-3af394557b72" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=a59c8583-82da-4b3c-b155-26c07c7b7d70" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=3646089b-d4f5-436d-95bc-051dce0c74bd" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=dedb8de7-460a-42d4-a2e5-e0e968b5d5b7" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=20b57d84-0c80-4090-9eea-53c9ed8b64d3" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=1a137685-3d26-4a6a-8c63-7c1ca96eed0b" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=c5d9dafb-9f4b-4b34-96ab-127662f6b68c" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=e24f8f5b-4b37-4d17-94d5-cf8f89e3eef3" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=e4dcca78-6a54-47be-872c-61a0a4453926" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=52b70e8b-9d30-4028-8f59-68d2b0d45ab2" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=55f67a50-aa89-4ba4-908f-d5fe9c8eb899" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=493e4dd2-86a2-42e3-9b9f-61f4b2cb88d9" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=c964e811-faa3-4ba9-bd4d-c226e347302e" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=7d747c44-3983-4a39-b00a-5446f04112db" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=a67d8390-7946-4bd4-b35f-59ef4a174049" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=17928abd-2045-4580-ba63-f8d39a881da7" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=f7573c08-35b9-47d4-97a8-f860c7c60e7f" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=c00dafa1-fb7f-447d-bd5f-0dad370195c9" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=d37ebee8-55dc-4c90-a71e-cbb1aee3e827" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=e365b5de-8c80-4f7b-84c5-0f594cc6a605" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=e3f2e66f-26cb-47e0-8e1f-fb06d6eb2624" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=dcd9b797-9d9d-4feb-9808-2a4ee4311d71" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=bbfa3a28-407e-46fc-8e77-e03093811221" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=caa97fdd-ee4d-40eb-98d6-d2fe7dd36410" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=bb6d827e-56e5-4e0a-abfd-16b6cf5eab13" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=02082175-80da-4d40-9ad5-96b45c4e3613" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=f458cefa-3d58-4fd2-ae2e-8cd40e63f51e" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=f1569400-2988-417b-876a-8b302c65245c" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=a9432e4a-d864-4060-b30f-7e36dc0248dd" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=1928d605-1ae1-4c34-bb1d-cae9c0651959" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=671e9626-3c86-40ff-9d2e-99e6cbedf943" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=2367ae30-09b1-4acc-baf8-4e8f867d97b3" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=8f9ce041-303d-4447-94af-59a058153b2c" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=2fb048b9-b133-4b28-adce-9b00f277cc86" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=2471077a-4a47-4765-b000-6e06d246b8f5" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=36e1da8f-5458-4fcf-9091-953a240a1de6" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=b548f817-f8de-4330-ae7d-acd9d5aafb7b" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=fc784b08-119b-4cb0-a019-8589cc04cc37" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=e4b0ce4b-ac6b-40b4-8e44-e22d7ddd1db1" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=51ba2700-980d-462e-a1a0-64dcd48d4325" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=a6f14f0a-e626-4bd3-80ca-547e9d163ae7" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=206f4deb-ade5-46e0-a1cb-9011304c970b" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=5d815f8c-6e7f-42c5-b0f8-22f6f53373f8" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=9699fd88-ddb6-4718-bd1c-5e25c94241b5" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=d229f66f-b5d6-44f6-81e9-cbed1da128b1" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=1deedd7b-26bd-44e4-b566-ce70415cb232" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=88b4e595-0d44-43e7-a413-1069b4f3b086" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=2caeb5b9-a76a-4b21-8782-498b8e6049d7" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=a57af415-90ce-47a5-8db6-2ce154f1c410" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=b38f8cc6-3f90-4a0d-9c3e-674aec2b194a" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=edb0045a-0128-4c83-88f1-37d4af76f445" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=13e593af-b01c-4f6d-8794-e76f611c62bf" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=d02251f8-cee7-4703-8f49-c72e80656af7" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=17d71e03-4af8-4f59-92e3-d6f063f79e08" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=096a08c1-0b2e-4669-8c9b-089e7b8be7de" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=a30c9260-f49f-4beb-ac51-ba46eefa3e96" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=2412f901-6f17-4353-a674-b4351d95d616" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=0620996e-3245-450a-8f1e-4b7eaccdc671" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=267bd938-a742-41e0-8f69-811f5fd7778f" Information 2018-01-05 14:55:58 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=5c842a28-040d-494c-9534-c94103021bf2" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=6b856613-3511-479b-9cb8-6a9d7e7ae397" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=6d921371-aa61-41df-b28d-18370509c127" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=bd963cc0-c563-4480-9041-e5a309bc1f15" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=9f65fbcd-bc4d-40e1-a8ee-06d5f600ca85" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=ffddca4b-4ef5-407c-8b64-08ff18caecd6" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=a24d9a97-7f77-4bb1-a231-b5855ce58d0f" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=ea11ef8b-bd1b-41cb-96bb-cc149be732a5" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=7da2f2ce-029f-4310-b0b9-87d3cba8e16d" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=f38f0db7-b8dd-4fb3-934e-d98f0dc935fc" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=aa143cee-ad8e-45f2-bfc5-5d6b84069ca3" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=619a67f9-7b7c-4ff5-8251-c723eee24d1a" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=c6cb5b51-6d66-426b-a7de-6639173e34bc" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Private) License Id=c77d635a-4969-4e68-ab25-330491fbb265" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL store License (Public) License Id=a53d9cd8-e4aa-479a-aecb-1590a9a91bed" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Private) License Id=c7c65851-6425-4ced-85f4-88dd6280687c" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL phone License (Public) License Id=eb79c557-66b9-4b33-8b49-e9ec66987883" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Private) License Id=02cfaceb-9657-4b4d-870f-f22b2897c3de" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) UL oob License (Public) License Id=bf76f26a-c589-49bf-a2d0-3bd484587205" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Private) License Id=0cf4ff55-eac7-46cc-9d44-59bc5f7faf8d" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=Windows(R) Publishing License (Public) License Id=34390336-c1e4-4fcd-b9ec-a9044f551522" Information 2018-01-05 14:55:57 Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license. License Title=XrML 2.1 License - Product Key Configuration License Id=06a4dd30-84b7-4fd2-b859-f1eddb0858f5" Information 2018-01-05 14:55:50 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-05 14:55:49 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2018-01-05 14:55:48 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Warning 2018-01-05 14:55:34 Microsoft-Windows-WMI 63 None A provider, MDMSettingsProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:34 Microsoft-Windows-WMI 63 None A provider, MDMSettingsProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:34 Microsoft-Windows-WMI 63 None A provider, MDMSettingsProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:32 Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:32 Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:32 Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:31 Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:31 Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:31 Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:23 Microsoft-Windows-WMI 63 None A provider, UserProfileConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:23 Microsoft-Windows-WMI 63 None A provider, UserProfileConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:23 Microsoft-Windows-WMI 63 None A provider, UserProfileConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:23 Microsoft-Windows-WMI 63 None A provider, Win32_OfflineFilesConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:23 Microsoft-Windows-WMI 63 None A provider, Win32_OfflineFilesConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:23 Microsoft-Windows-WMI 63 None A provider, Win32_OfflineFilesConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:21 Microsoft-Windows-WMI 63 None A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:21 Microsoft-Windows-WMI 63 None A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:21 Microsoft-Windows-WMI 63 None A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:21 Microsoft-Windows-WMI 63 None A provider, NetEventPacketCapture, has been registered in the Windows Management Instrumentation namespace root\standardcimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:21 Microsoft-Windows-WMI 63 None A provider, NetEventPacketCapture, has been registered in the Windows Management Instrumentation namespace root\standardcimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:21 Microsoft-Windows-WMI 63 None A provider, NetEventPacketCapture, has been registered in the Windows Management Instrumentation namespace root\standardcimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:20 Microsoft-Windows-WMI 63 None A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace root\microsoft\windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:20 Microsoft-Windows-WMI 63 None A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace root\microsoft\windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:20 Microsoft-Windows-WMI 63 None A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace root\microsoft\windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:20 Microsoft-Windows-WMI 63 None A provider, MINT, has been registered in the Windows Management Instrumentation namespace root\PEH to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:20 Microsoft-Windows-WMI 63 None A provider, MINT, has been registered in the Windows Management Instrumentation namespace root\PEH to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:20 Microsoft-Windows-WMI 63 None A provider, MINT, has been registered in the Windows Management Instrumentation namespace root\PEH to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:19 Microsoft-Windows-WMI 63 None A provider, AssignedAccess, has been registered in the Windows Management Instrumentation namespace root\standardcimv2\embedded to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:19 Microsoft-Windows-WMI 63 None A provider, AssignedAccess, has been registered in the Windows Management Instrumentation namespace root\standardcimv2\embedded to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:17 Microsoft-Windows-WMI 63 None A provider, Win32_FolderRedirectionConfiguration, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:17 Microsoft-Windows-WMI 63 None A provider, Win32_FolderRedirectionConfiguration, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:17 Microsoft-Windows-WMI 63 None A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:17 Microsoft-Windows-WMI 63 None A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:15 Microsoft-Windows-WMI 63 None A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:15 Microsoft-Windows-WMI 63 None A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:14 Microsoft-Windows-WMI 63 None A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:14 Microsoft-Windows-WMI 63 None A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:13 Microsoft-Windows-WMI 63 None A provider, ProfileAssociationProviderCimV2, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:13 Microsoft-Windows-WMI 63 None A provider, ProfileAssociationProviderCimV2, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:13 Microsoft-Windows-WMI 63 None A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace root\interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:13 Microsoft-Windows-WMI 63 None A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace root\interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:13 Microsoft-Windows-WMI 63 None A provider, PowerWmiProvider, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:13 Microsoft-Windows-WMI 63 None A provider, PowerWmiProvider, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:12 Microsoft-Windows-WMI 63 None A provider, PowerWmiProvider, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:12 Microsoft-Windows-WMI 63 None A provider, PowerMeterProvider, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:12 Microsoft-Windows-WMI 63 None A provider, PowerMeterProvider, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:12 Microsoft-Windows-WMI 63 None A provider, PowerMeterProvider, has been registered in the Windows Management Instrumentation namespace root\cimv2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Information 2018-01-05 14:55:12 ESENT 916 General svchost (3108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Warning 2018-01-05 14:55:06 Microsoft-Windows-WMI 63 None A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:55:06 Microsoft-Windows-WMI 63 None A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Information 2018-01-05 14:54:56 ESENT 916 General svchost (2304,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:54:55 ESENT 916 General svchost (3152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Warning 2018-01-05 14:54:51 Microsoft-Windows-WMI 63 None A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:51 Microsoft-Windows-WMI 63 None A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:50 Microsoft-Windows-WMI 63 None A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:50 Microsoft-Windows-WMI 63 None A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:50 Microsoft-Windows-WMI 63 None A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:50 Microsoft-Windows-WMI 63 None A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:49 Microsoft-Windows-WMI 63 None A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:49 Microsoft-Windows-WMI 63 None A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:49 Microsoft-Windows-WMI 63 None A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:49 Microsoft-Windows-WMI 63 None A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:48 Microsoft-Windows-WMI 63 None A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Information 2018-01-05 14:54:49 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:49 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-05 14:54:48 Microsoft-Windows-WMI 63 None A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:47 Microsoft-Windows-WMI 63 None A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Warning 2018-01-05 14:54:47 Microsoft-Windows-WMI 63 None A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Information 2018-01-05 14:54:48 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:48 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:48 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:48 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:48 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 54970793 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:48 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:48 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:47 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-05 14:54:47 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-05 14:54:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-05 14:54:37 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-05 14:54:35 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-05 14:54:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-05 14:54:35 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-05 14:54:34 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Warning 2018-01-05 14:54:02 Microsoft-Windows-WMI 65 None Windows Management Instrumentation (WMI) Service is starting to restore the WMI repository Information 2018-01-05 14:54:01 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-05 14:53:59 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-05 14:53:58 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-05 14:53:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-05 14:53:58 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-05 14:24:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 14:20:34 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 13:39:14 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-05 13:38:29 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 13:36:18 ESENT 326 General "svchost (5100,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000005:0002:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001546 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.024611 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.009555 +J(0) [5] - [6] - [7] 0.002771 -0.001999 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 36K, PF:60K # 32K, P:60K) [8] 0.000787 -0.000383 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.000521 -0.000304 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [10] 0.000031 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-05 13:36:18 ESENT 105 General "svchost (5100,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000004:000C:0000 - 00000004:000E:0000 - 00000000:0000:0000 - 00000004:000E:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.004489 +J(0) +M(C:0K, Fs:172, WS:688K # 688K, PF:3404K # 3408K, P:3404K) [2] 0.000543 +J(0) +M(C:8K, Fs:88, WS:348K # 348K, PF:304K # 300K, P:304K) [3] 0.000028 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000207 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:164K # 164K, P:164K) [5] 0.011989 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:20K # 20K, P:20K) [6] 0.007491 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.007649 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.076231 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52728/33) +M(C:0K, Fs:151, WS:320K # 320K, PF:224K # 228K, P:224K) [9] - [10] 0.002282 +J(0) +M(C:0K, Fs:15, WS:-4K # 52K, PF:0K # 56K, P:0K) [11] 0.000056 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.003274 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.102211 -0.000763 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4713/4) +M(C:0K, Fs:69, WS:152K # 176K, PF:160K # 168K, P:160K) [14] 0.000032 +J(0) [15] 0.000026 +J(0) [16] 0.007449 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-05 13:36:18 ESENT 302 Logging/Recovery svchost (5100,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-05 13:36:18 ESENT 301 Logging/Recovery "svchost (5100,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-05 13:36:18 ESENT 300 Logging/Recovery svchost (5100,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-05 13:36:18 ESENT 916 General svchost (5100,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 13:36:18 ESENT 102 General svchost (5100,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-05 13:36:15 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 13:23:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 13:20:31 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 12:22:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 12:20:31 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 11:21:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 11:20:31 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 10:30:04 ESENT 916 General svchost (2096,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 10:27:19 Windows Error Reporting 1001 None "Fault bucket 1625594757454159715, type 5 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244007 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: Update;taskhostw P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289} P10: 0 Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9517.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER953E.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER959D.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.16299.98_9fc3c6aa5d93c0f398ba3e72402b939e111660_00000000_082f9aa5 Analysis symbol: Rechecking for solution: 0 Report Id: a0ab08d4-bbd1-4265-8583-6516349ff08a Report Status: 268435456 Hashed bucket: 299eedc029988ff5a68f45d1b2cadf63" Information 2018-01-05 10:27:18 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244007 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: Update;taskhostw P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289} P10: 0 Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9517.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER953E.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER959D.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.16299.98_9fc3c6aa5d93c0f398ba3e72402b939e111660_00000000_cab_141b95a4 Analysis symbol: Rechecking for solution: 0 Report Id: a0ab08d4-bbd1-4265-8583-6516349ff08a Report Status: 4 Hashed bucket: " Information 2018-01-05 10:27:18 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244007 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: Update;taskhostw P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289} P10: 0 Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: a0ab08d4-bbd1-4265-8583-6516349ff08a Report Status: 1074003968 Hashed bucket: " Information 2018-01-05 10:27:14 Windows Error Reporting 1001 None "Fault bucket 1995013981566663339, type 5 Event Name: StoreAgentScanForUpdatesFailure0 Response: Not available Cab Id: 0 Problem signature: P1: Update; P2: 80244007 P3: 16299 P4: 125 P5: Windows.Desktop P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81A0.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81D3.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8232.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Update;_6f257443202dc1c69a6493abfdc55bd17d9f67_00000000_04cf873c Analysis symbol: Rechecking for solution: 0 Report Id: bb83a60b-3ed4-4178-b252-d439e6dec0f5 Report Status: 268435456 Hashed bucket: 234443a7f4fa924cdbafb6a56d37faab" Information 2018-01-05 10:27:13 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: StoreAgentScanForUpdatesFailure0 Response: Not available Cab Id: 0 Problem signature: P1: Update; P2: 80244007 P3: 16299 P4: 125 P5: Windows.Desktop P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81A0.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81D3.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8232.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Update;_6f257443202dc1c69a6493abfdc55bd17d9f67_00000000_cab_248b824a Analysis symbol: Rechecking for solution: 0 Report Id: bb83a60b-3ed4-4178-b252-d439e6dec0f5 Report Status: 4 Hashed bucket: " Information 2018-01-05 10:26:45 Windows Error Reporting 1001 None "Fault bucket 1708554825203598480, type 5 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244007 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: UpdateOrchestrator P9: {8B24B027-1DEE-BABB-9A95-3517DFB9C552} P10: 0 Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1028.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER104B.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER10AA.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.16299.98_bc1f2d93322e6a29320dac7c4e3ee4e811be549_00000000_009b15c5 Analysis symbol: Rechecking for solution: 0 Report Id: e8e64b69-5b25-4883-8699-25728091cdc4 Report Status: 268435456 Hashed bucket: 84e697720664599627b6018fab8a4490" Information 2018-01-05 10:26:44 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244007 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: UpdateOrchestrator P9: {8B24B027-1DEE-BABB-9A95-3517DFB9C552} P10: 0 Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1028.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER104B.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER10AA.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.16299.98_bc1f2d93322e6a29320dac7c4e3ee4e811be549_00000000_cab_0f1f10c4 Analysis symbol: Rechecking for solution: 0 Report Id: e8e64b69-5b25-4883-8699-25728091cdc4 Report Status: 4 Hashed bucket: " Information 2018-01-05 10:26:44 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244007 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: UpdateOrchestrator P9: {8B24B027-1DEE-BABB-9A95-3517DFB9C552} P10: 0 Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: e8e64b69-5b25-4883-8699-25728091cdc4 Report Status: 1074003968 Hashed bucket: " Information 2018-01-05 10:24:52 Windows Error Reporting 1001 None "Fault bucket 1184728102613354107, type 5 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244022 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: Update;taskhostw P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289} P10: 0 Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER57E9.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER580A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5888.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.16299.98_1e6171fe5ad9da4f6d51d95c6f1e795d894966aa_00000000_1de15c9c Analysis symbol: Rechecking for solution: 0 Report Id: 7f41bc7e-1a5d-487e-8ff9-bedd24efd94a Report Status: 268435456 Hashed bucket: 45f83c76f00859aeb070ffeeafb1067b" Information 2018-01-05 10:24:51 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244022 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: Update;taskhostw P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289} P10: 0 Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER57E9.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER580A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5888.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.16299.98_1e6171fe5ad9da4f6d51d95c6f1e795d894966aa_00000000_cab_1b0158a4 Analysis symbol: Rechecking for solution: 0 Report Id: 7f41bc7e-1a5d-487e-8ff9-bedd24efd94a Report Status: 4 Hashed bucket: " Information 2018-01-05 10:24:51 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WindowsUpdateFailure3 Response: Not available Cab Id: 0 Problem signature: P1: 10.0.16299.98 P2: 80244022 P3: 00000000-0000-0000-0000-000000000000 P4: Scan P5: 0 P6: 0 P7: 0 P8: Update;taskhostw P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289} P10: 0 Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 7f41bc7e-1a5d-487e-8ff9-bedd24efd94a Report Status: 1074003968 Hashed bucket: " Information 2018-01-05 10:24:48 Windows Error Reporting 1001 None "Fault bucket 1345937960145427097, type 5 Event Name: StoreAgentScanForUpdatesFailure0 Response: Not available Cab Id: 0 Problem signature: P1: Update; P2: 80244022 P3: 16299 P4: 125 P5: Windows.Desktop P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4490.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER450C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER458A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Update;_c24d885e0534f4d68f92a46ded8cbcb7e4875eb_00000000_07a14cfc Analysis symbol: Rechecking for solution: 0 Report Id: 56155374-d3de-44f7-92ca-8d9237c9067d Report Status: 268435456 Hashed bucket: 3e90834840222c6252adbb71942e9a99" Information 2018-01-05 10:24:47 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: StoreAgentScanForUpdatesFailure0 Response: Not available Cab Id: 0 Problem signature: P1: Update; P2: 80244022 P3: 16299 P4: 125 P5: Windows.Desktop P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4490.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER450C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER458A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Update;_c24d885e0534f4d68f92a46ded8cbcb7e4875eb_00000000_cab_1db145b8 Analysis symbol: Rechecking for solution: 0 Report Id: 56155374-d3de-44f7-92ca-8d9237c9067d Report Status: 4 Hashed bucket: " Information 2018-01-05 10:23:54 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:54Z. Reason: RulesEngine. Information 2018-01-05 10:22:59 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-05 10:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-05 10:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 10:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 10:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 10:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 10:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 10:22:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-05 10:22:27 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 10:22:27 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-05 10:20:55 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-05 10:20:39 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 10:20:22 ESENT 916 General svchost (3228,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 10:20:14 ESENT 916 General taskhostw (6504,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-05 10:19:59 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-05 10:19:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-05 10:19:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-05 10:19:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-05 10:19:58 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-05 10:19:54 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-05 10:19:54 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-05 10:19:52 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-04 21:46:19 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-04 21:46:18 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3680 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3680 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3680 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-04 21:46:18 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 692 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8860 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 568 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-04 21:46:19 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 21:46:18 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-04 21:46:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-04 21:46:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-04 21:46:06 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-04 21:46:06 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-04 21:46:00 ESENT 916 General DllHost (8624,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 21:31:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 21:24:07 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 20:49:00 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 20:32:07 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 20:30:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 19:45:00 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-04 19:39:00 Application Hang 1002 (101) "The program SetupTv.exe version 1.18.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 20e8 Start Time: 01d3858a637f7506 Termination Time: 89 Application Path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Report Id: d08b312e-41ae-4acc-9fab-ea9a0082197c Faulting package full name: Faulting package-relative application ID: " Information 2018-01-04 19:39:00 Windows Error Reporting 1001 None "Fault bucket 1314011837039586171, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: 586e P5: 134217984 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER394D.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER397C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A58.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER498B.tmp.appcompat.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SetupTv.exe_2cdc4e6de2ce6f94c673b5839f85b175d647e0_acb3f77f_1fa6515a Analysis symbol: Rechecking for solution: 0 Report Id: d08b312e-41ae-4acc-9fab-ea9a0082197c Report Status: 268435456 Hashed bucket: 8444469bc0f74189c23c4ecdc9672b7b" Information 2018-01-04 19:32:13 ESENT 916 General MicrosoftEdge (6180,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 19:29:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 19:24:40 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 18:53:00 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 18:32:27 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 18:32:27 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 18:28:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 18:24:06 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 17:57:00 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 17:27:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 17:19:00 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 16:26:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 16:24:07 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 15:25:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 15:19:01 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 15:08:49 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 14:24:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 14:22:45 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 13:23:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 13:22:58 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 12:24:41 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 12:22:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 11:23:31 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 11:21:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 10:24:11 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 10:24:11 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 10:21:51 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 10:20:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 09:19:55 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 09:19:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 08:36:24 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 08:18:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 07:50:26 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 07:18:00 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:58:00 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:46:56 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-04 06:44:59 ESENT 326 General "Music.UI (8500,D,50) {AD2232C5-EB92-44B4-A226-415E84686091}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:009B:0268 Internal Timing Sequence: [1] 0.000007 +J(0) [2] 0.002933 +J(0) +M(C:0K, Fs:20, WS:16K # 0K, PF:12K # 0K, P:12K) [3] 0.025243 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:21, WS:72K # 0K, PF:80K # 0K, P:80K) [4] 0.000973 +J(0) [5] - [6] - [7] 0.001906 -0.001175 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 0K, PF:120K # 0K, P:120K) [8] 0.000560 -0.000034 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:35, WS:124K # 0K, PF:200K # 0K, P:200K) [9] 0.000295 -0.000018 (3) CM +J(CM:3, PgRf:40, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:8K # 0K, PF:64K # 0K, P:64K) [10] 0.000069 -0.000006 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000101 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-04 06:44:59 ESENT 105 General "Music.UI (8500,D,0) {AD2232C5-EB92-44B4-A226-415E84686091}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0097:0000 - 00000001:0099:0000 - 00000000:0000:0000 - 00000001:0099:0000 (00000000:0000:0000) cReInits = 12 Internal Timing Sequence: [1] 0.005853 +J(0) +M(C:0K, Fs:184, WS:720K # 720K, PF:2868K # 2700K, P:2868K) [2] 0.000658 +J(0) +M(C:16K, Fs:95, WS:380K # 380K, PF:288K # 288K, P:288K) [3] 0.000029 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000262 +J(0) +M(C:112K, Fs:34, WS:132K # 132K, PF:156K # 156K, P:156K) [5] 0.007101 +J(0) +M(C:0K, Fs:181, WS:628K # 628K, PF:-28K # 0K, P:-28K) [6] 0.004493 +J(0) +M(C:0K, Fs:93, WS:368K # 368K, PF:32K # 4K, P:32K) [7] 0.008873 +J(0) +M(C:0K, Fs:864, WS:3444K # 3444K, PF:2220K # 2220K, P:2220K) [8] 0.053548 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616035/5535) +M(C:0K, Fs:2380, WS:5756K # 5756K, PF:1952K # 1956K, P:1952K) [9] - [10] 0.003806 +J(0) +M(C:0K, Fs:18, WS:-1972K # 40K, PF:-2004K # 12K, P:-2004K) [11] 0.000057 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.012303 +J(0) +M(C:0K, Fs:120, WS:480K # 0K, PF:204K # 0K, P:204K) [13] 0.055846 -0.001176 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:1104, WS:2216K # 2712K, PF:364K # 600K, P:364K) [14] 0.000031 +J(0) [15] 0.000028 +J(0) [16] 0.000521 +J(0) +M(C:0K, Fs:23, WS:84K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-04 06:44:59 ESENT 302 Logging/Recovery Music.UI (8500,U,0) {AD2232C5-EB92-44B4-A226-415E84686091}: The database engine has successfully completed recovery steps. Information 2018-01-04 06:44:59 ESENT 335 Logging/Recovery "Music.UI (8500,R,0) {AD2232C5-EB92-44B4-A226-415E84686091}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-04 06:44:59 ESENT 301 Logging/Recovery "Music.UI (8500,R,0) {AD2232C5-EB92-44B4-A226-415E84686091}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-04 06:44:59 ESENT 300 Logging/Recovery Music.UI (8500,R,0) {AD2232C5-EB92-44B4-A226-415E84686091}: The database engine is initiating recovery steps. Information 2018-01-04 06:44:59 ESENT 916 General Music.UI (8500,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:44:59 ESENT 102 General Music.UI (8500,P,0) {AD2232C5-EB92-44B4-A226-415E84686091}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-04 06:44:30 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-04 06:43:06 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-04 06:38:25 ESENT 916 General svchost (3644,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:35:52 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-04 06:32:52 System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore. Information 2018-01-04 06:22:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:58Z. Reason: RulesEngine. Information 2018-01-04 06:20:10 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-04 06:20:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:52:10Z. Reason: RulesEngine. Information 2018-01-04 06:19:40 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-04 06:19:39 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 254923)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-04 06:19:39 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-04 06:19:38 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-04 06:18:22 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-04 06:18:19 ESENT 916 General svchost (8616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:18:18 ESENT 916 General DllHost (8624,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:17:54 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-04 06:17:54 ESENT 326 General "SearchIndexer (7244,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000015A:00EB:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.008870 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.029726 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:124K # 0K, PF:152K # 0K, P:152K) [4] 0.000695 +J(0) [5] - [6] - [7] 0.077163 -0.001618 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:212K # 0K, PF:660K # 0K, P:660K) [8] 0.001160 -0.000673 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.001129 -0.000787 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000111 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-04 06:17:53 ESENT 105 General "SearchIndexer (7244,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.005279 +J(0) +M(C:0K, Fs:222, WS:872K # 872K, PF:5476K # 5468K, P:5476K) [2] 0.000834 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000067 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000190 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006163 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004489 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.032968 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.006298 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:11, WS:-988K # 28K, PF:-1020K # 12K, P:-1020K) [14] 0.000035 +J(0) [15] 0.000115 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000589 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-04 06:17:53 ESENT 916 General SearchIndexer (7244,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:17:53 ESENT 102 General SearchIndexer (7244,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-04 06:17:51 ESENT 916 General taskhostw (4512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:17:48 TV Server 0 None Service started successfully. Information 2018-01-04 06:17:37 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 06:17:37 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 06:17:37 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-04 06:17:34 ESENT 916 General svchost (3696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:17:31 ESENT 916 General svchost (3228,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:17:28 ESENT 916 General svchost (3644,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:17:23 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:23 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:22 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:22 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:22 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:22 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:22 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 43029547 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:22 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:22 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:21 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-04 06:17:21 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:17:20 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-04 06:17:16 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-04 06:17:16 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-04 06:17:16 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-04 06:17:16 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-04 06:17:10 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-04 06:17:10 ESENT 916 General svchost (2128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 06:17:10 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-04 06:17:09 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-04 06:17:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-04 06:17:08 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-04 06:17:07 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-04 06:16:38 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-04 06:16:37 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 06:16:35 TV Server 0 None Service has been successfully shut down. Information 2018-01-04 06:16:34 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 22 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 720 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2316 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 576 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2044 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2044 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2018-01-04 06:16:34 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-04 06:16:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-04 06:16:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-04 05:51:57 Windows Error Reporting 1001 None "Fault bucket 2258839027882119895, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 2183477680309011978 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: c1bd P5: 134217984 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C57.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C86.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D13.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER3DBD.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B2C.tmp.hdmp \\?\C:\Users\Eglobal\AppData\Local\Temp\WER72AA.tmp.xml \\?\C:\Users\Eglobal\AppData\Local\Temp\WER72BB.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SetupTv.exe_77076401baa39f5e0b1cff7b75a771e1f606d74_acb3f77f_cab_0ac4e4e9 Analysis symbol: Rechecking for solution: 0 Report Id: 5cb38eb7-30c6-4f15-89b1-56496286f857 Report Status: 268435464 Hashed bucket: 00ff0a4290880c6fff590220c5b3d2d7" Error 2018-01-04 05:51:28 Application Hang 1002 (101) "The program SetupTv.exe version 1.18.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 198 Start Time: 01d385174dbc2b6d Termination Time: 21 Application Path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Report Id: 5cb38eb7-30c6-4f15-89b1-56496286f857 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-04 05:28:39 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:39Z. Reason: RulesEngine. Information 2018-01-04 05:28:20 ESENT 326 General "Music.UI (1968,D,50) {40EE6A5E-41BA-488C-8237-681B2407883F}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0098:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001114 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.010500 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:13, WS:44K # 0K, PF:56K # 0K, P:56K) [4] 0.000561 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.001921 -0.001345 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:120K # 0K, P:120K) [8] 0.001210 -0.000036 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:36, WS:132K # 0K, PF:204K # 0K, P:204K) [9] 0.000513 -0.000014 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:16K # 0K, PF:64K # 0K, P:64K) [10] 0.000074 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000138 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000016 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-04 05:28:20 ESENT 105 General "Music.UI (1968,D,0) {40EE6A5E-41BA-488C-8237-681B2407883F}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0091:0000 - 00000001:0096:0000 - 00000000:0000:0000 - 00000001:0096:0000 (00000000:0000:0000) cReInits = 11 Internal Timing Sequence: [1] 0.003449 +J(0) +M(C:0K, Fs:336, WS:1316K # 1316K, PF:2856K # 2932K, P:2856K) [2] 0.000585 +J(0) +M(C:16K, Fs:114, WS:456K # 456K, PF:292K # 216K, P:292K) [3] 0.000028 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.001522 +J(0) +M(C:112K, Fs:76, WS:304K # 304K, PF:200K # 200K, P:200K) [5] 0.006183 +J(0) +M(C:0K, Fs:228, WS:908K # 908K, PF:324K # 324K, P:324K) [6] 0.003989 +J(0) +M(C:0K, Fs:83, WS:328K # 328K, PF:80K # 80K, P:80K) [7] 0.012964 +J(0) +M(C:0K, Fs:1326, WS:5284K # 5284K, PF:3308K # 3308K, P:3308K) [8] 0.062021 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:603867/5527) +M(C:0K, Fs:1921, WS:4700K # 4700K, PF:1872K # 1880K, P:1872K) [9] - [10] 0.004059 +J(0) +M(C:0K, Fs:33, WS:-1916K # 124K, PF:-2012K # 24K, P:-2012K) [11] 0.000055 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.004363 +J(0) +M(C:0K, Fs:4, WS:16K # 0K, PF:4K # 0K, P:4K) [13] 0.063900 -0.001144 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:1093, WS:1752K # 1788K, PF:232K # 244K, P:232K) [14] 0.000051 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000027 +J(0) [16] 0.000458 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-04 05:28:20 ESENT 302 Logging/Recovery Music.UI (1968,U,0) {40EE6A5E-41BA-488C-8237-681B2407883F}: The database engine has successfully completed recovery steps. Information 2018-01-04 05:28:20 ESENT 335 Logging/Recovery "Music.UI (1968,R,0) {40EE6A5E-41BA-488C-8237-681B2407883F}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-04 05:28:20 ESENT 301 Logging/Recovery "Music.UI (1968,R,0) {40EE6A5E-41BA-488C-8237-681B2407883F}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-04 05:28:20 ESENT 300 Logging/Recovery Music.UI (1968,R,0) {40EE6A5E-41BA-488C-8237-681B2407883F}: The database engine is initiating recovery steps. Information 2018-01-04 05:28:20 ESENT 916 General Music.UI (1968,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:28:20 ESENT 102 General Music.UI (1968,P,0) {40EE6A5E-41BA-488C-8237-681B2407883F}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-04 05:28:11 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-04 05:27:23 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:23Z. Reason: RulesEngine. Information 2018-01-04 05:27:12 ESENT 916 General svchost (8924,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:26:38 ESENT 916 General svchost (4384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:26:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:30Z. Reason: RulesEngine. Information 2018-01-04 05:23:37 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-04 05:23:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:37Z. Reason: RulesEngine. Information 2018-01-04 05:23:07 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-04 05:23:07 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 254980)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-04 05:23:06 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-04 05:23:05 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-04 05:23:04 ESENT 916 General svchost (4384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:21:44 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-04 05:21:38 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-04 05:21:37 ESENT 326 General "SearchIndexer (7844,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000015A:00B1:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001254 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.026261 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:18, WS:40K # 0K, PF:44K # 0K, P:44K) [4] 0.000487 +J(0) [5] - [6] - [7] 0.071178 -0.001535 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:17, WS:68K # 0K, PF:512K # 0K, P:512K) [8] 0.001342 -0.000821 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:224K # 0K, P:224K) [9] 0.000917 -0.000570 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:32K # 0K, P:32K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000126 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-04 05:21:37 ESENT 105 General "SearchIndexer (7844,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000157:0001:0000 - 00000158:0001:0000 - 0000015A:00AF:0000 - 0000015A:00AF:0000 (00000000:0000:0000) Internal Timing Sequence: [1] 0.007543 +J(0) +M(C:0K, Fs:222, WS:868K # 868K, PF:5480K # 5476K, P:5480K) [2] 0.000774 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 380K, P:384K) [3] 0.001208 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000248 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006688 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.005154 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.040616 +J(0) +M(C:0K, Fs:277, WS:1108K # 1108K, PF:1024K # 1024K, P:1024K) [8] 0.141238 -0.002302 (36) CM +J(CM:36, PgRf:131, Rd:72/36, Dy:0/0, Lg:999058/326) +M(C:0K, Fs:709, WS:2712K # 2712K, PF:3832K # 3832K, P:3832K) + 1 lgens [9] 0.270245 -0.001920 (110) CM +J(CM:110, PgRf:2089, Rd:75/110, Dy:33/3020, Lg:2747012/4351) +M(C:0K, Fs:1048, WS:4016K # 4016K, PF:2756K # 2756K, P:2756K) + 2 lgens [10] 0.002295 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000207 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:5, WS:-200K # 0K, PF:-248K # 0K, P:-248K) [12] 0.100727 -0.000013 (34) CM +J(CM:34, PgRf:0, Rd:0/34, Dy:0/0, Lg:0/0) +M(C:0K, Fs:275, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.068610 -0.000548 (1) CM +J(CM:1, PgRf:2, Rd:0/1, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:299, WS:-5452K # 0K, PF:-5460K # 0K, P:-5460K) [14] 0.000032 +J(0) [15] 0.000049 +J(0) [16] 0.000572 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-04 05:21:37 ESENT 302 Logging/Recovery SearchIndexer (7844,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-04 05:21:36 ESENT 301 Logging/Recovery "SearchIndexer (7844,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.075895 -0.000517 (32) CM +J(CM:32, PgRf:134, Rd:32/32, Dy:1/1, Lg:1014731/326) +M(C:0K, Fs:304, WS:1144K # 1136K, PF:1076K # 1076K, P:1076K)." Information 2018-01-04 05:21:36 ESENT 301 Logging/Recovery "SearchIndexer (7844,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00159.jtx. Previous Log Processing Stats: [1] 0.100964 -0.000638 (34) CM +J(CM:34, PgRf:140, Rd:32/34, Dy:0/0, Lg:1027100/339) +M(C:0K, Fs:295, WS:1108K # 1144K, PF:1028K # 1028K, P:1028K)." Information 2018-01-04 05:21:36 ESENT 301 Logging/Recovery "SearchIndexer (7844,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00158.jtx. Previous Log Processing Stats: [1] 0.096552 -0.002302 (36) CM +J(CM:36, PgRf:131, Rd:72/36, Dy:0/0, Lg:999058/326) +M(C:0K, Fs:415, WS:1612K # 1612K, PF:2832K # 2828K, P:2832K)." Information 2018-01-04 05:21:36 ESENT 301 Logging/Recovery "SearchIndexer (7844,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00157.jtx. Previous Log Processing Stats: " Information 2018-01-04 05:21:36 ESENT 300 Logging/Recovery SearchIndexer (7844,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-04 05:21:36 ESENT 916 General SearchIndexer (7844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:21:36 ESENT 102 General SearchIndexer (7844,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-04 05:21:28 ESENT 916 General taskhostw (5348,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:21:19 ESENT 916 General svchost (6188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:21:19 TV Server 0 None Service started successfully. Information 2018-01-04 05:21:04 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-04 05:21:04 ESENT 916 General svchost (2896,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:21:01 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 05:21:00 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 05:21:00 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-04 05:21:00 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-04 05:20:58 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-04 05:20:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-04 05:20:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-04 05:20:51 ESENT 916 General svchost (2932,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:20:46 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 40273780 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:46 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: The log sequence numbers 34487942 and 34487942 in ibdata files do not match the log sequence number 40273780 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:45 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:44 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-04 05:20:44 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-04 05:20:43 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-04 05:20:44 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-04 05:20:43 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-04 05:20:40 Microsoft-Windows-WMI 5611 None The Windows Management Instrumentation service has detected an inconsistent system shutdown. Information 2018-01-04 05:20:40 ESENT 916 General svchost (2084,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-04 05:20:38 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-04 05:20:36 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-04 05:20:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-04 05:20:36 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-03 22:19:04 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 22:11:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 21:23:04 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 21:10:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 20:23:04 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 20:09:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 19:23:04 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 19:09:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 18:24:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-03 18:24:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-03 18:23:05 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 18:08:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 17:59:21 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 17:07:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 16:23:05 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 16:06:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 15:08:34 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 15:05:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 14:57:51 ESENT 916 General svchost (8000,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 14:14:28 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 14:04:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 13:34:11 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-03 13:32:18 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 13:29:00 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on (C:) Information 2018-01-03 13:29:00 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on (C:) Information 2018-01-03 13:03:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 13:01:50 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-03 12:59:09 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-03 12:59:00 ESENT 916 General svchost (2068,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 12:58:55 ESENT 326 General "svchost (6892,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000004:000D:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001777 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.039020 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.010950 +J(0) [5] - [6] - [7] 0.002645 -0.001872 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 36K, PF:60K # 32K, P:60K) [8] 0.005968 -0.005526 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.003036 -0.002706 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000048 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000116 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-03 12:58:55 ESENT 105 General "svchost (6892,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000004:0008:0000 - 00000004:000B:0000 - 00000000:0000:0000 - 00000004:000B:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.024995 +J(0) +M(C:0K, Fs:176, WS:692K # 692K, PF:3424K # 3424K, P:3424K) [2] 0.000638 +J(0) +M(C:8K, Fs:87, WS:344K # 344K, PF:300K # 300K, P:300K) [3] 0.000031 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000224 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:164K # 164K, P:164K) [5] 0.008189 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.006510 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.021796 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.153832 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40560/25) +M(C:0K, Fs:134, WS:320K # 320K, PF:228K # 232K, P:228K) [9] - [10] 0.001368 +J(0) +M(C:0K, Fs:3, WS:-48K # 8K, PF:-8K # 48K, P:-8K) [11] 0.000050 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.048402 +J(0) +M(C:0K, Fs:12, WS:48K # 4K, PF:4K # 0K, P:4K) [13] 0.102039 -0.000724 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 136K, PF:160K # 172K, P:160K) [14] 0.000040 +J(0) [15] 0.000027 +J(0) [16] 0.005198 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-03 12:58:55 ESENT 302 Logging/Recovery svchost (6892,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-03 12:58:54 ESENT 301 Logging/Recovery "svchost (6892,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-03 12:58:54 ESENT 300 Logging/Recovery svchost (6892,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-03 12:58:54 ESENT 916 General svchost (6892,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 12:58:54 ESENT 102 General svchost (6892,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-03 12:58:16 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-03 12:57:57 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 12:52:45 ESENT 326 General "Music.UI (7004,D,50) {EDCE0BDD-E87C-4730-B179-D01FA434D696}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0092:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001719 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.023173 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:36K # 0K, PF:36K # 0K, P:36K) [4] 0.000488 +J(0) [5] - [6] - [7] 0.001617 -0.001033 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 0K, PF:120K # 0K, P:120K) [8] 0.000468 -0.000043 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:36, WS:132K # 0K, PF:204K # 0K, P:204K) [9] 0.000229 -0.000012 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 0K, PF:64K # 0K, P:64K) [10] 0.000024 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000122 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-03 12:52:45 ESENT 105 General "Music.UI (7004,D,0) {EDCE0BDD-E87C-4730-B179-D01FA434D696}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:008E:0000 - 00000001:0090:0000 - 00000000:0000:0000 - 00000001:0090:0000 (00000000:0000:0000) cReInits = 10 Internal Timing Sequence: [1] 0.002125 +J(0) +M(C:0K, Fs:209, WS:820K # 820K, PF:2932K # 2932K, P:2932K) [2] 0.000726 +J(0) +M(C:16K, Fs:90, WS:340K # 340K, PF:204K # 260K, P:204K) [3] 0.000034 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 8K, P:64K) [4] 0.000288 +J(0) +M(C:112K, Fs:32, WS:128K # 128K, PF:160K # 160K, P:160K) [5] 0.007159 +J(0) +M(C:0K, Fs:109, WS:404K # 404K, PF:180K # 180K, P:180K) [6] 0.024185 +J(0) +M(C:0K, Fs:426, WS:1692K # 1692K, PF:764K # 764K, P:764K) [7] 0.037416 +J(0) +M(C:0K, Fs:3022, WS:11860K # 11860K, PF:4776K # 4776K, P:4776K) [8] 0.070180 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:579531/5513) +M(C:0K, Fs:1917, WS:4528K # 4532K, PF:1744K # 1752K, P:1744K) [9] - [10] 0.004247 +J(0) +M(C:0K, Fs:52, WS:-1840K # 192K, PF:-2024K # 12K, P:-2024K) [11] 0.000064 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.005406 +J(0) +M(C:0K, Fs:7, WS:28K # 0K, PF:0K # 0K, P:0K) [13] 0.050800 -0.001608 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:911, WS:1248K # 1172K, PF:60K # 60K, P:60K) [14] 0.000030 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [15] 0.000024 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [16] 0.000499 +J(0) +M(C:0K, Fs:18, WS:64K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-03 12:52:45 ESENT 302 Logging/Recovery Music.UI (7004,U,0) {EDCE0BDD-E87C-4730-B179-D01FA434D696}: The database engine has successfully completed recovery steps. Information 2018-01-03 12:52:45 ESENT 335 Logging/Recovery "Music.UI (7004,R,0) {EDCE0BDD-E87C-4730-B179-D01FA434D696}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-03 12:52:45 ESENT 301 Logging/Recovery "Music.UI (7004,R,0) {EDCE0BDD-E87C-4730-B179-D01FA434D696}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-03 12:52:45 ESENT 300 Logging/Recovery Music.UI (7004,R,0) {EDCE0BDD-E87C-4730-B179-D01FA434D696}: The database engine is initiating recovery steps. Information 2018-01-03 12:52:45 ESENT 916 General Music.UI (7004,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 12:52:45 ESENT 102 General Music.UI (7004,P,0) {EDCE0BDD-E87C-4730-B179-D01FA434D696}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-03 12:23:04 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 12:02:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 11:23:04 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 11:01:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 10:21:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-03 10:21:36 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-03 10:13:50 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 10:00:00 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 09:00:04 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-03 08:59:22 ESENT 916 General svchost (3140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 08:59:19 ESENT 916 General taskhostw (8044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 08:59:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-03 08:59:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-03 08:59:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-03 08:59:06 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-03 08:59:05 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-03 08:59:03 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-03 08:59:03 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-03 08:59:02 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-03 06:26:06 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-03 06:26:05 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-03 06:26:05 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:26:05 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8772 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8772 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8772 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-03 06:26:05 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 32 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 708 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 7148 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3436 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3396 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-03 06:26:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-03 06:26:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-03 06:26:02 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-03 06:25:57 ESENT 916 General DllHost (8124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:24:04 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-03 06:24:04 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:52:04Z. Reason: RulesEngine. Information 2018-01-03 06:23:03 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-03 06:23:03 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 256360)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-03 06:22:58 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-03 06:22:54 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-03 06:21:54 ESENT 916 General svchost (8900,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:21:54 ESENT 916 General DllHost (8124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:21:25 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-03 06:21:04 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-03 06:21:03 TV Server 0 None Service started successfully. Information 2018-01-03 06:21:03 ESENT 326 General "SearchIndexer (7624,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000010E:005B:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.010477 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.082580 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000542 +J(0) [5] - [6] - [7] 0.034897 -0.001634 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.008669 -0.001597 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.002435 -0.001941 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000043 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-03 06:21:03 ESENT 105 General "SearchIndexer (7624,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.003383 +J(0) +M(C:0K, Fs:213, WS:836K # 836K, PF:5464K # 5464K, P:5464K) [2] 0.000645 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000053 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000177 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:220K # 220K, P:220K) [5] 0.008230 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.010580 +J(0) +M(C:0K, Fs:35, WS:136K # 136K, PF:40K # 40K, P:40K) [7] 0.099038 +J(0) +M(C:0K, Fs:340, WS:1360K # 1360K, PF:1044K # 1044K, P:1044K) [8] - [9] - [10] - [11] - [12] - [13] 0.005449 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000031 +J(0) [15] 0.000107 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000571 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-03 06:21:02 ESENT 916 General SearchIndexer (7624,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:21:02 ESENT 102 General SearchIndexer (7624,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-03 06:20:54 ESENT 916 General taskhostw (3544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:20:49 ESENT 916 General svchost (3932,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:20:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-03 06:20:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-03 06:20:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-03 06:20:45 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-03 06:20:43 ESENT 916 General svchost (3948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:20:36 ESENT 916 General svchost (3140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:20:27 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 34487942 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:27 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:26 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-03 06:20:26 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:20:25 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-03 06:20:21 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-03 06:20:21 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-03 06:20:21 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-03 06:20:21 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-03 06:20:17 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-03 06:20:17 ESENT 916 General svchost (2092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:20:16 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-03 06:20:16 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-03 06:20:14 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-03 06:20:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-03 06:20:14 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-03 06:19:43 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-03 06:19:43 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-03 06:19:41 TV Server 0 None Service has been successfully shut down. Information 2018-01-03 06:19:40 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-03 06:19:40 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 4848 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5628 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 7448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3996 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children " Information 2018-01-03 06:19:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-03 06:19:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-03 06:12:59 ESENT 916 General svchost (1368,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 06:12:52 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-03 06:10:04 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-03 06:07:18 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5. Information 2018-01-03 06:07:18 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5. Information 2018-01-03 06:07:06 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5. Information 2018-01-03 06:06:52 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=df51cea8a68a44c6ba40f1a20a&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Information 2018-01-03 06:06:51 ESENT 916 General svchost (3492,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-03 06:06:10 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {0f3bf9bc-7da6-4a98-b03c-42ef25a2d0e9}" Information 2018-01-03 05:45:54 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-03 05:45:33 ESENT 916 General svchost (1368,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 05:44:33 ESENT 916 General svchost (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 05:34:34 ESENT 326 General "Music.UI (3280,D,50) {A1E350CE-3B71-4036-B290-A026487492A6}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:008F:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001283 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.013740 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:112, WS:428K # 0K, PF:44K # 0K, P:44K) [4] 0.000615 +J(0) [5] - [6] - [7] 0.001884 -0.001127 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:40K # 0K, PF:124K # 0K, P:124K) [8] 0.024545 -0.001618 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:256, WS:800K # 0K, PF:320K # 0K, P:320K) [9] 0.000332 -0.000011 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 0K, PF:64K # 0K, P:64K) [10] 0.000026 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000101 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000001 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-03 05:34:34 ESENT 105 General "Music.UI (3280,D,0) {A1E350CE-3B71-4036-B290-A026487492A6}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:008B:0000 - 00000001:008D:0000 - 00000000:0000:0000 - 00000001:008D:0000 (00000000:0000:0000) cReInits = 9 Internal Timing Sequence: [1] 0.009855 +J(0) +M(C:0K, Fs:643, WS:2540K # 2540K, PF:3032K # 3032K, P:3032K) [2] 0.000627 +J(0) +M(C:16K, Fs:106, WS:420K # 420K, PF:332K # 332K, P:332K) [3] 0.000037 +J(0) +M(C:0K, Fs:4, WS:20K # 20K, PF:64K # 64K, P:64K) [4] 0.000295 +J(0) +M(C:112K, Fs:46, WS:176K # 176K, PF:208K # 208K, P:208K) [5] 0.007411 +J(0) +M(C:0K, Fs:148, WS:552K # 568K, PF:276K # 336K, P:276K) [6] 0.006679 +J(0) +M(C:0K, Fs:311, WS:1236K # 1220K, PF:180K # 120K, P:180K) [7] 0.032902 +J(0) +M(C:0K, Fs:616, WS:2448K # 2448K, PF:2220K # 2220K, P:2220K) [8] 0.100943 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:567363/5505) +M(C:0K, Fs:1418, WS:2868K # 2872K, PF:1016K # 1024K, P:1016K) [9] - [10] 0.004023 +J(0) +M(C:0K, Fs:21, WS:-1960K # 52K, PF:-2044K # 0K, P:-2044K) [11] 0.000062 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.023660 +J(0) +M(C:0K, Fs:206, WS:812K # 0K, PF:416K # 0K, P:416K) [13] 0.056875 -0.001249 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:960, WS:1688K # 2516K, PF:260K # 676K, P:260K) [14] 0.000035 +J(0) +M(C:0K, Fs:14, WS:52K # 0K, PF:0K # 0K, P:0K) [15] 0.000030 +J(0) +M(C:0K, Fs:12, WS:48K # 0K, PF:0K # 0K, P:0K) [16] 0.000580 +J(0) +M(C:0K, Fs:27, WS:100K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-03 05:34:34 ESENT 302 Logging/Recovery Music.UI (3280,U,0) {A1E350CE-3B71-4036-B290-A026487492A6}: The database engine has successfully completed recovery steps. Information 2018-01-03 05:34:34 ESENT 335 Logging/Recovery "Music.UI (3280,R,0) {A1E350CE-3B71-4036-B290-A026487492A6}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-03 05:34:34 ESENT 301 Logging/Recovery "Music.UI (3280,R,0) {A1E350CE-3B71-4036-B290-A026487492A6}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-03 05:34:34 ESENT 300 Logging/Recovery Music.UI (3280,R,0) {A1E350CE-3B71-4036-B290-A026487492A6}: The database engine is initiating recovery steps. Information 2018-01-03 05:34:34 ESENT 916 General Music.UI (3280,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 05:34:34 ESENT 102 General Music.UI (3280,P,0) {A1E350CE-3B71-4036-B290-A026487492A6}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-03 05:34:23 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-03 05:33:39 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:39Z. Reason: RulesEngine. Information 2018-01-03 05:30:29 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-03 05:30:00 ESENT 916 General svchost (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 05:29:46 ESENT 916 General svchost (3112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 05:29:42 ESENT 916 General taskhostw (2988,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-03 05:29:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-03 05:29:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-03 05:29:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-03 05:29:31 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-03 05:29:29 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-03 05:29:28 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-03 05:29:28 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-03 05:29:28 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-02 22:52:56 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-02 22:52:55 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 10220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 10220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 10220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-02 22:52:55 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 684 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2436 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 5628 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 564 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3408 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-02 22:52:55 ESENT 916 General svchost (3528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 22:52:54 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-02 22:52:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-02 22:52:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-02 22:52:52 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-02 22:52:43 ESENT 916 General svchost (1524,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 22:52:42 ESENT 916 General DllHost (10052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 22:44:00 ESENT 916 General svchost (3528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-02 22:33:59 Application Hang 1002 (101) "The program kodi.exe version 17.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 25e8 Start Time: 01d3840eb839dc2c Termination Time: 85 Application Path: C:\Program Files (x86)\Kodi\kodi.exe Report Id: e00e01bd-02ba-402b-831b-2ba0ff76227e Faulting package full name: Faulting package-relative application ID: " Information 2018-01-02 22:33:58 Windows Error Reporting 1001 None "Fault bucket 1682383188427145404, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: 5cd8 P5: 134217728 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC17D.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1AA.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC218.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERE206.tmp.appcompat.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_kodi.exe_9a71bd37af216993308cead06b56df9c2f617d93_4a57e4ee_038eea31 Analysis symbol: Rechecking for solution: 0 Report Id: e00e01bd-02ba-402b-831b-2ba0ff76227e Report Status: 268435456 Hashed bucket: 964fa0b09ee4e9e9e7590698a24a00bc" Information 2018-01-02 22:19:25 ESENT 916 General svchost (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 21:43:00 ESENT 916 General svchost (3528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 21:31:08 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Windows\Temp\AvgSetup\e5a52368-2606-47ce-9f93-9918f159f9df\install\zen\zen_x64.msi. Client Process Id: 7832. Information 2018-01-02 21:31:08 MsiInstaller 1033 None Windows Installer installed the product. Product Name: AVG. Product Version: 1.231.2. Product Language: 1033. Manufacturer: AVG Technologies. Installation success or error status: 0. Information 2018-01-02 21:31:08 MsiInstaller 11707 None SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Installation completed successfully. Information 2018-01-02 21:30:19 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Windows\Temp\AvgSetup\e5a52368-2606-47ce-9f93-9918f159f9df\install\zen\zen_x64.msi. Client Process Id: 7832. Information 2018-01-02 21:18:48 ESENT 916 General svchost (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:56:54 ESENT 916 General svchost (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:54:11 ESENT 916 General DllHost (10052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:49:37 ESENT 916 General DllHost (10052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:45:30 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-02 20:45:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:30Z. Reason: RulesEngine. Information 2018-01-02 20:44:26 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-02 20:44:25 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 256938)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-02 20:44:25 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-02 20:44:23 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-02 20:44:22 ESENT 916 General svchost (8236,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:42:54 ESENT 916 General MicrosoftEdge (2288,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:42:54 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-02 20:42:32 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-02 20:42:31 ESENT 326 General "SearchIndexer (4320,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000010D:00FD:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001834 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.036382 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:128K # 0K, PF:136K # 0K, P:136K) [4] 0.000599 +J(0) [5] - [6] - [7] 0.027605 -0.001678 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:56, WS:220K # 0K, PF:664K # 0K, P:664K) [8] 0.001341 -0.000851 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000963 -0.000605 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000037 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000109 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-02 20:42:31 ESENT 105 General "SearchIndexer (4320,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.006731 +J(0) +M(C:0K, Fs:216, WS:848K # 848K, PF:5464K # 5468K, P:5464K) [2] 0.000843 +J(0) +M(C:10240K, Fs:104, WS:412K # 412K, PF:392K # 388K, P:392K) [3] 0.002247 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000255 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005769 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005131 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.017818 +J(0) +M(C:0K, Fs:337, WS:1344K # 1344K, PF:1088K # 1096K, P:1088K) [8] - [9] - [10] - [11] - [12] - [13] 0.012904 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:11, WS:-988K # 28K, PF:-1020K # 4K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000108 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000606 +J(0) +M(C:0K, Fs:4, WS:8K # 0K, PF:4K # 0K, P:4K)." Information 2018-01-02 20:42:31 ESENT 916 General SearchIndexer (4320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:42:31 ESENT 102 General SearchIndexer (4320,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-02 20:42:28 ESENT 916 General taskhostw (3792,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:42:28 TV Server 0 None Service started successfully. Information 2018-01-02 20:42:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:42:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:42:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:42:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:42:12 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-02 20:42:11 ESENT 916 General svchost (3528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:42:10 ESENT 916 General svchost (3492,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:42:06 ESENT 916 General svchost (3112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:41:55 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:55 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:55 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:55 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:55 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:55 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 34481578 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:54 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:53 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-02 20:41:53 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:53 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-02 20:41:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-02 20:41:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-02 20:41:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-02 20:41:52 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-02 20:41:49 ESENT 916 General svchost (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:41:48 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-02 20:41:47 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-02 20:41:44 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-02 20:41:48 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-02 20:41:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-02 20:41:44 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-02 20:41:14 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-02 20:41:14 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:41:12 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-02 20:41:11 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 31 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 708 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 6268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 588 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 876 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2208 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3500 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2692 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-02 20:41:12 TV Server 0 None Service has been successfully shut down. Information 2018-01-02 20:41:11 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-02 20:41:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-02 20:41:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-02 20:41:05 ESENT 916 General DllHost (10144,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:40:03 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4. Information 2018-01-02 20:40:03 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4. Information 2018-01-02 20:39:47 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4. Information 2018-01-02 20:39:33 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"" ; Description = Revo Uninstaller's restore point - Kodi)." Information 2018-01-02 20:39:33 ESENT 916 General svchost (3508,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-02 20:38:59 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {cba6473a-0350-48d3-b391-e45684c5e3f1}" Information 2018-01-02 20:32:52 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:27:20 ESENT 916 General svchost (10132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:27:20 ESENT 916 General DllHost (10144,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:21:53 ESENT 916 General MicrosoftEdge (8528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:21:22 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:22Z. Reason: RulesEngine. Information 2018-01-02 20:20:37 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-02 20:20:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:34Z. Reason: RulesEngine. Information 2018-01-02 20:20:04 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-02 20:20:04 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 256963)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-02 20:20:04 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-02 20:20:02 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-02 20:20:01 ESENT 916 General svchost (8468,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:18:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:18:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:18:38 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-02 20:18:29 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-02 20:18:24 ESENT 326 General "SearchIndexer (7496,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000010D:00AC:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.090853 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.319108 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:128K # 0K, PF:148K # 0K, P:148K) [4] 0.000512 +J(0) [5] - [6] - [7] 0.281701 -0.001477 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.009678 -0.005316 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 140K, P:260K) [9] 0.010677 -0.005418 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000104 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000159 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000015 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-02 20:18:24 ESENT 105 General "SearchIndexer (7496,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.008053 +J(0) +M(C:0K, Fs:219, WS:860K # 860K, PF:5472K # 5476K, P:5472K) [2] 0.000807 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 384K, P:388K) [3] 0.010172 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.002056 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.042576 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [6] 0.004476 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.075721 +J(0) +M(C:0K, Fs:321, WS:1284K # 1284K, PF:1080K # 1088K, P:1080K) [8] - [9] - [10] - [11] - [12] - [13] 0.042000 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:13, WS:-984K # 32K, PF:-1020K # 8K, P:-1020K) [14] 0.000049 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000112 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000538 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-02 20:18:24 ESENT 916 General SearchIndexer (7496,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:18:24 ESENT 102 General SearchIndexer (7496,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-02 20:18:21 ESENT 916 General taskhostw (5844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:18:18 TV Server 0 None Service started successfully. Information 2018-01-02 20:17:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:17:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:17:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:17:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 20:17:56 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-02 20:17:54 ESENT 916 General svchost (3508,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:17:52 ESENT 916 General svchost (3160,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:17:49 ESENT 916 General svchost (3556,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:17:45 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-02 20:17:45 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-02 20:17:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-02 20:17:40 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 34478306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-02 20:17:40 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:40 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:39 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-02 20:17:39 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:17:37 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-02 20:17:31 ESENT 916 General svchost (2208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:17:31 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-02 20:17:30 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-02 20:17:30 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-02 20:17:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-02 20:17:29 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-02 20:17:28 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-02 20:16:53 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-02 20:16:52 MySQL 100 None "Binlog end For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:16:52 MySQL 100 None "Forcefully disconnecting 0 remaining clients For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:16:52 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:16:52 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:16:52 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:16:52 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-02 20:16:50 TV Server 0 None Service has been successfully shut down. Information 2018-01-02 20:16:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-02 20:16:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 2508 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 2952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 1864 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-02 20:16:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-02 20:16:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-02 20:16:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-02 20:16:44 ESENT 916 General svchost (9900,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:10:32 ESENT 916 General DllHost (8300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:09:46 ESENT 916 General MicrosoftEdge (1260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 20:00:10 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-02 19:57:24 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3. Information 2018-01-02 19:57:24 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3. Information 2018-01-02 19:57:12 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3. Information 2018-01-02 19:56:57 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"" ; Description = Revo Uninstaller's restore point - Kodi)." Information 2018-01-02 19:56:57 ESENT 916 General svchost (3572,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-02 19:56:18 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {1caa49c4-1d17-47e2-a180-9945985df0d3}" Information 2018-01-02 19:53:05 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 1221777739592774787 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3346.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER38F5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3910.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER396F.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER45E7.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER47AD.tmp.hdmp \\?\C:\Users\Eglobal\AppData\Local\Temp\WER939B.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_cab_265ef8c3 Analysis symbol: Rechecking for solution: 0 Report Id: fc72a08a-2876-4a31-8373-485f6396da19 Report Status: 268435464 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2018-01-02 19:47:52 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x237c Faulting application start time: 0x01d383f87f296e2c Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: fc72a08a-2876-4a31-8373-485f6396da19 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-02 19:46:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 19:32:38 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3444.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3909.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3924.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3992.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_1fa44038 Analysis symbol: Rechecking for solution: 0 Report Id: 4ff5b3fa-fb74-4dcf-8b4b-67ecb2bb17f0 Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2018-01-02 19:32:34 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0xa3c Faulting application start time: 0x01d383f5edc926eb Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 4ff5b3fa-fb74-4dcf-8b4b-67ecb2bb17f0 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-02 19:19:41 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 18:45:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 18:44:44 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER55AD.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5DFC.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E17.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E76.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_116c656a Analysis symbol: Rechecking for solution: 0 Report Id: c77baaff-3b98-4b19-91e0-115b2e44e04d Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2018-01-02 18:44:39 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x124 Faulting application start time: 0x01d383f040d59425 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: c77baaff-3b98-4b19-91e0-115b2e44e04d Faulting package full name: Faulting package-relative application ID: " Information 2018-01-02 18:23:41 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 17:44:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 17:27:41 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 16:43:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 16:18:45 ESENT 916 General svchost (1880,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 16:18:43 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 15:59:54 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:54Z. Reason: RulesEngine. Information 2018-01-02 15:59:05 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 15:42:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 15:27:42 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 15:14:36 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA95.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5A3.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5BE.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF61D.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_26600483 Analysis symbol: Rechecking for solution: 0 Report Id: ab0a0431-5649-4b00-bd55-02c5f9ecb8e7 Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2018-01-02 15:14:29 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x2078 Faulting application start time: 0x01d383ad9f34c5b0 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: ab0a0431-5649-4b00-bd55-02c5f9ecb8e7 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-02 15:08:11 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 14:57:50 ESENT 916 General svchost (5268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 14:41:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 14:38:54 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 14:38:54 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-02 14:36:02 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2018-01-02 14:35:45 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 14:18:23 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 13:40:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 13:27:41 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 12:39:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 12:21:10 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 11:38:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 11:23:07 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 10:45:57 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:57Z. Reason: RulesEngine. Information 2018-01-02 10:41:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:36Z. Reason: RulesEngine. Information 2018-01-02 10:40:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:20Z. Reason: RulesEngine. Information 2018-01-02 10:39:51 ESENT 916 General svchost (5448,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 10:37:48 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-02 10:37:21 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 10:37:02 ESENT 916 General taskhostw (1140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 10:37:00 ESENT 916 General svchost (3084,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 10:36:55 ESENT 916 General svchost (3084,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 10:36:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-02 10:36:51 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-02 10:36:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-02 10:36:51 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-02 10:36:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-02 10:36:48 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-02 10:36:48 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-02 10:36:47 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-02 02:12:26 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-02 02:12:25 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2018-01-02 02:12:25 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 29 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 684 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 2952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3544 (\Device\HarddiskVolume2\Program Files\Reimage\Reimage Protector\ReiGuard.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\TypedURLs Process 564 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2018-01-02 02:12:25 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 02:12:25 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-02 02:12:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-02 02:12:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-02 02:12:12 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2018-01-02 02:12:08 ESENT 916 General svchost (9208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 01:27:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 01:25:16 Windows Error Reporting 1001 None "Fault bucket 1955122973886307947, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: ntdll.dll P5: 10.0.16299.64 P6: ac8afc81 P7: c0000008 P8: 0002d078 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB279.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB78C.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7A9.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB818.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_c63282c99a2888c76532952088cb99ccd7f8be83_4a57e4ee_2180bf19 Analysis symbol: Rechecking for solution: 0 Report Id: 191fc680-fc69-4538-b449-c23588c74564 Report Status: 268435456 Hashed bucket: cd4dc583e6f8856beb21fdfc6eb2de6b" Error 2018-01-02 01:25:13 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.6.0.0, time stamp: 0x5a2d50f5 Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0xac8afc81 Exception code: 0xc0000008 Fault offset: 0x0002d078 Faulting process id: 0x4c4 Faulting application start time: 0x01d38360249f5a1c Faulting application path: G:\Kodi 17.6\App\kodi.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 191fc680-fc69-4538-b449-c23588c74564 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-02 01:25:13 Windows Error Reporting 1001 None "Fault bucket 1633569881330325801, type 5 Event Name: BEX Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: StackHash_b963 P5: 0.0.0.0 P6: 00000000 P7: PCH_97_FROM_ntdll+0x0006ED1C P8: c0000409 P9: 00000015 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7754.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81D6.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81F1.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8250.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER8264.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_kodi.exe_b9cfcfb07a1b6ed683b535255f1da62874187578_4a57e4ee_cab_10588462\memory.hdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_b9cfcfb07a1b6ed683b535255f1da62874187578_4a57e4ee_1f70b016 Analysis symbol: Rechecking for solution: 0 Report Id: 3c416196-ded2-4cb9-9684-2c88b3bdee5a Report Status: 268435456 Hashed bucket: 74f5bd5bdd8ef618b6ab9b26ec789929" Information 2018-01-02 01:25:05 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: BEX Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: StackHash_b963 P5: 0.0.0.0 P6: 00000000 P7: PCH_97_FROM_ntdll+0x0006ED1C P8: c0000409 P9: 00000015 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7754.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81D6.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER81F1.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8250.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER8264.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_kodi.exe_b9cfcfb07a1b6ed683b535255f1da62874187578_4a57e4ee_cab_10588462\memory.hdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_kodi.exe_b9cfcfb07a1b6ed683b535255f1da62874187578_4a57e4ee_cab_10588462 Analysis symbol: Rechecking for solution: 0 Report Id: 3c416196-ded2-4cb9-9684-2c88b3bdee5a Report Status: 4 Hashed bucket: " Error 2018-01-02 01:24:58 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.6.0.0, time stamp: 0x5a2d50f5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x038a81e0 Faulting process id: 0x20fc Faulting application start time: 0x01d383601c0e3c60 Faulting application path: G:\Kodi 17.6\App\kodi.exe Faulting module path: unknown Report Id: 3c416196-ded2-4cb9-9684-2c88b3bdee5a Faulting package full name: Faulting package-relative application ID: " Information 2018-01-02 01:22:24 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-02 01:19:31 ESENT 326 General "svchost (7404,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000004:0009:0268 Internal Timing Sequence: [1] 0.000012 +J(0) [2] 0.002470 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.048360 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.001913 +J(0) [5] - [6] - [7] 0.002965 -0.002301 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:20, WS:76K # 44K, PF:72K # 44K, P:72K) [8] 0.001759 -0.001291 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 120K, PF:200K # 196K, P:200K) [9] 0.000567 -0.000344 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000031 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000109 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-02 01:19:31 ESENT 105 General "svchost (7404,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000004:0004:0000 - 00000004:0007:0000 - 00000000:0000:0000 - 00000004:0007:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.004110 +J(0) +M(C:0K, Fs:174, WS:692K # 692K, PF:3408K # 3408K, P:3408K) [2] 0.000652 +J(0) +M(C:8K, Fs:87, WS:344K # 344K, PF:300K # 300K, P:300K) [3] 0.000032 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000222 +J(0) +M(C:0K, Fs:26, WS:96K # 96K, PF:168K # 168K, P:168K) [5] 0.007787 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:16K # 16K, P:16K) [6] 0.009035 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.010230 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.068201 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/15) +M(C:0K, Fs:122, WS:332K # 332K, PF:288K # 288K, P:288K) [9] - [10] 0.045812 +J(0) +M(C:0K, Fs:12, WS:-12K # 44K, PF:-56K # 4K, P:-56K) [11] 0.000070 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.085144 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.445279 -0.000923 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 96K, PF:160K # 168K, P:160K) [14] 0.000033 +J(0) [15] 0.000030 +J(0) [16] 0.001694 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-02 01:19:31 ESENT 302 Logging/Recovery svchost (7404,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2018-01-02 01:19:30 ESENT 301 Logging/Recovery "svchost (7404,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2018-01-02 01:19:30 ESENT 300 Logging/Recovery svchost (7404,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2018-01-02 01:19:30 ESENT 916 General svchost (7404,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 01:19:30 ESENT 102 General svchost (7404,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-02 01:18:29 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-02 01:07:08 SideBySide 33 None "Activation context generation failed for ""C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.16299.15_none_e10a04e314dd6b63\Narrator.exe"". Dependent Assembly SRH,type=""win32"",version=""1.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2018-01-02 01:06:54 ESENT 916 General DllHost (2252,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 00:26:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-02 00:18:29 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 23:25:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 23:18:30 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 23:00:08 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCEC2.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4A0.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4BB.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD51A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_01c7dbd0 Analysis symbol: Rechecking for solution: 0 Report Id: 75160c08-df38-48cb-80cc-d1401718fd2d Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2018-01-01 23:00:04 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x20d0 Faulting application start time: 0x01d383444994a4e4 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 75160c08-df38-48cb-80cc-d1401718fd2d Faulting package full name: Faulting package-relative application ID: " Information 2018-01-01 22:24:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 22:18:29 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 21:23:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 21:18:29 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 20:22:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 20:18:29 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 20:09:50 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE270.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE9C5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE9F0.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA7E.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_1d5bf2aa Analysis symbol: Rechecking for solution: 0 Report Id: 4ff73fb3-3640-4f72-9d90-9b83a062fc27 Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2018-01-01 20:09:45 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x15a4 Faulting application start time: 0x01d38314fb896c35 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 4ff73fb3-3640-4f72-9d90-9b83a062fc27 Faulting package full name: Faulting package-relative application ID: " Information 2018-01-01 19:22:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 19:18:29 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 18:21:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 18:18:29 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 17:20:00 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 17:18:30 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:33:04 ESENT 326 General "Music.UI (8612,D,50) {F0CA0A30-0FEB-4A98-B3FB-74D2E69D608D}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:008C:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001386 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.012569 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:123, WS:452K # 0K, PF:64K # 0K, P:64K) [4] 0.000535 +J(0) [5] - [6] - [7] 0.001912 -0.001258 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:22, WS:88K # 0K, PF:128K # 0K, P:128K) [8] 0.000567 -0.000036 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:45, WS:172K # 0K, PF:232K # 0K, P:232K) [9] 0.000270 -0.000014 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:12, WS:36K # 0K, PF:68K # 0K, P:68K) [10] 0.000024 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000280 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000008 +J(0) [13] 0.0 +J(0) [14] 0.000024 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-01 16:33:04 ESENT 105 General "Music.UI (8612,D,0) {F0CA0A30-0FEB-4A98-B3FB-74D2E69D608D}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0088:0000 - 00000001:008A:0000 - 00000000:0000:0000 - 00000001:008A:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.002450 +J(0) +M(C:0K, Fs:181, WS:712K # 712K, PF:2936K # 2936K, P:2936K) [2] 0.012284 +J(0) +M(C:16K, Fs:1489, WS:5924K # 5924K, PF:2272K # 2272K, P:2272K) [3] 0.000040 +J(0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 64K, P:64K) [4] 0.000248 +J(0) +M(C:112K, Fs:39, WS:156K # 156K, PF:136K # 136K, P:136K) [5] 0.007243 +J(0) +M(C:0K, Fs:287, WS:1164K # 1164K, PF:120K # 120K, P:120K) [6] 0.003938 +J(0) +M(C:0K, Fs:175, WS:664K # 664K, PF:116K # 116K, P:116K) [7] 0.009792 +J(0) +M(C:0K, Fs:851, WS:3392K # 3392K, PF:2212K # 2212K, P:2212K) [8] 0.035776 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/5) +M(C:0K, Fs:1242, WS:4516K # 4516K, PF:1820K # 1828K, P:1820K) [9] - [10] 0.004174 +J(0) +M(C:0K, Fs:10, WS:-2008K # 0K, PF:-2036K # 0K, P:-2036K) [11] 0.000059 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002029 +J(0) +M(C:0K, Fs:17, WS:68K # 0K, PF:12K # 0K, P:12K) [13] 0.057789 -0.001188 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:1030, WS:1728K # 1808K, PF:244K # 260K, P:244K) [14] 0.000034 +J(0) [15] 0.000029 +J(0) [16] 0.000485 +J(0) +M(C:0K, Fs:3, WS:8K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-01 16:33:04 ESENT 302 Logging/Recovery Music.UI (8612,U,0) {F0CA0A30-0FEB-4A98-B3FB-74D2E69D608D}: The database engine has successfully completed recovery steps. Information 2018-01-01 16:33:04 ESENT 301 Logging/Recovery "Music.UI (8612,R,0) {F0CA0A30-0FEB-4A98-B3FB-74D2E69D608D}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-01 16:33:04 ESENT 300 Logging/Recovery Music.UI (8612,R,0) {F0CA0A30-0FEB-4A98-B3FB-74D2E69D608D}: The database engine is initiating recovery steps. Information 2018-01-01 16:33:04 ESENT 916 General Music.UI (8612,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:33:04 ESENT 102 General Music.UI (8612,P,0) {F0CA0A30-0FEB-4A98-B3FB-74D2E69D608D}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-01 16:32:54 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-01 16:32:23 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:22:31 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-01 16:22:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:31Z. Reason: RulesEngine. Information 2018-01-01 16:21:17 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-01 16:21:17 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258641)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-01 16:21:16 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-01 16:21:15 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-01 16:20:25 ESENT 916 General svchost (3572,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:19:39 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-01 16:19:15 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-01 16:19:14 ESENT 326 General "SearchIndexer (1748,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000AA:00A1:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001123 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.082491 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:17, WS:36K # 0K, PF:60K # 0K, P:60K) [4] 0.000594 +J(0) [5] - [6] - [7] 0.056531 -0.001557 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:108K # 0K, PF:512K # 0K, P:512K) [8] 0.002158 -0.001641 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:224K # 0K, P:224K) [9] 0.000890 -0.000574 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [10] 0.000072 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-01 16:19:14 ESENT 105 General "SearchIndexer (1748,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 000000AA:006F:0000 - 000000AA:009F:0000 - 00000000:0000:0000 - 000000AA:009F:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.010722 +J(0) +M(C:0K, Fs:221, WS:868K # 868K, PF:5476K # 5468K, P:5476K) [2] 0.000925 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000059 +J(0) +M(C:0K, Fs:5, WS:20K # 20K, PF:64K # 64K, P:64K) [4] 0.000214 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.032491 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004587 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004395 +J(0) +M(C:0K, Fs:279, WS:1112K # 1112K, PF:1040K # 1040K, P:1040K) [8] 0.147825 -0.030895 (36) CM +J(CM:36, PgRf:150, Rd:0/36, Dy:36/270, Lg:636163/4812) +M(C:0K, Fs:923, WS:2684K # 2684K, PF:2640K # 2640K, P:2640K) [9] - [10] 0.002113 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000122 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.110961 -0.000023 (36) CM +J(CM:36, PgRf:0, Rd:0/36, Dy:0/0, Lg:0/0) +M(C:0K, Fs:145, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.284850 -0.035619 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-1952K # 0K, PF:-1996K # 0K, P:-1996K) [14] 0.000033 +J(0) [15] 0.000051 +J(0) [16] 0.000595 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-01 16:19:14 ESENT 302 Logging/Recovery SearchIndexer (1748,U,0) Windows: The database engine has successfully completed recovery steps. Information 2018-01-01 16:19:13 ESENT 301 Logging/Recovery "SearchIndexer (1748,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2018-01-01 16:19:13 ESENT 300 Logging/Recovery SearchIndexer (1748,R,0) Windows: The database engine is initiating recovery steps. Information 2018-01-01 16:19:13 ESENT 916 General SearchIndexer (1748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:19:13 ESENT 102 General SearchIndexer (1748,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-01 16:19:13 TV Server 0 None Service started successfully. Information 2018-01-01 16:19:06 ESENT 916 General taskhostw (5096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:18:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 16:18:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 16:18:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 16:18:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 16:18:56 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-01 16:18:54 ESENT 916 General taskhostw (5096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:18:51 ESENT 916 General svchost (3084,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:18:51 ESENT 916 General svchost (3564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:18:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-01 16:18:41 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:41 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:41 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:41 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:41 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:41 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 31457570 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:40 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-01 16:18:39 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:39 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-01 16:18:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-01 16:18:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 16:18:33 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-01 16:18:33 ESENT 916 General svchost (1820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:18:33 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-01 16:18:32 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-01 16:18:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-01 16:18:30 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-01 16:18:29 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-01 16:18:00 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-01 16:18:00 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:00 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:00 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:18:00 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:17:57 TV Server 0 None Service has been successfully shut down. Information 2018-01-01 16:17:56 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-01 16:17:56 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 41 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 700 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 1424 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 1968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 580 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4656 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 1968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-01 16:17:56 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 16:17:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-01 16:17:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-01 16:17:21 ESENT 916 General DllHost (7320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:17:20 ESENT 916 General MicrosoftEdge (7604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:15:07 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-01 16:15:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:52:07Z. Reason: RulesEngine. Information 2018-01-01 16:14:37 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-01 16:14:37 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258648)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-01 16:14:36 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-01 16:14:35 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-01 16:14:33 ESENT 916 General svchost (5204,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:13:59 ESENT 916 General svchost (4624,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:13:22 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-01 16:12:44 TV Server 0 None Service started successfully. Information 2018-01-01 16:12:44 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-01 16:12:42 ESENT 326 General "SearchIndexer (6976,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000AA:0070:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001406 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.043425 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:148K # 0K, P:148K) [4] 0.000474 +J(0) [5] - [6] - [7] 0.116430 -0.012308 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001193 -0.000738 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.001825 -0.001494 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-01 16:12:42 ESENT 105 General "SearchIndexer (6976,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.008992 +J(0) +M(C:0K, Fs:221, WS:864K # 864K, PF:5476K # 5472K, P:5476K) [2] 0.000861 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 384K, P:388K) [3] 0.001315 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000232 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.004838 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.007256 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.176287 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.006911 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1024K # 12K, P:-1024K) [14] 0.000033 +J(0) [15] 0.000100 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000526 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-01 16:12:42 ESENT 916 General SearchIndexer (6976,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:12:42 ESENT 102 General SearchIndexer (6976,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-01 16:12:39 ESENT 916 General taskhostw (3468,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:12:32 ESENT 916 General svchost (4680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:12:29 ESENT 916 General svchost (3360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:12:26 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:26 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:26 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:26 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:26 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:26 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:26 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 31457090 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:25 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-01 16:12:24 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:12:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 16:12:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 16:12:23 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-01 16:12:21 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-01 16:12:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-01 16:12:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-01 16:12:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-01 16:12:09 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 16:12:05 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-01 16:12:05 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-01 16:12:05 ESENT 916 General svchost (1968,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 16:12:05 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-01 16:12:02 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-01 16:12:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-01 16:12:03 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-01 16:11:32 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-01 16:11:32 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:11:32 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:11:32 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:11:32 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 16:11:29 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 2648 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8100 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 6728 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children " Information 2018-01-01 16:11:30 TV Server 0 None Service has been successfully shut down. Information 2018-01-01 16:11:29 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 16:11:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-01 16:11:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-01 16:03:16 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-01 16:00:33 Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2. Information 2018-01-01 16:00:33 Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2. Information 2018-01-01 16:00:17 Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2. Information 2018-01-01 16:00:05 System Restore 8194 None "Successfully created restore point (Process = C:\Program Files\Reimage\Reimage Repair\Reimage.exe Files\Reimage\Reimage Repair\Reimage.exe"" http://www.reimageplus.com/GUI/GUI1872/layout.php?consumer=1&gui_branch=0&trackutil=&MinorSessionID=b5cf064b523b49528dd44eb5f7&lang_code=en&bundle=0 /cil=DISABLED /Close=0 /Locale=1033 /Product:reimage; Description = Reimage Repair Restore Point)." Information 2018-01-01 16:00:05 ESENT 916 General svchost (4136,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2018-01-01 15:59:28 VSS 8194 None "Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {8146e5a9-36c0-42aa-909e-01fc375eb1f5}" Information 2018-01-01 15:51:00 ESENT 916 General svchost (4156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 15:50:40 ESENT 326 General "Music.UI (6992,D,50) {728971B4-6D40-4B58-A094-E762F662BAC6}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0089:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001117 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.011809 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:36K # 0K, PF:28K # 0K, P:28K) [4] 0.000516 +J(0) [5] - [6] - [7] 0.001613 -0.001064 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:7, WS:28K # 0K, PF:120K # 0K, P:120K) [8] 0.000769 -0.000035 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:32, WS:128K # 0K, PF:200K # 0K, P:200K) [9] 0.000229 -0.000007 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:8K # 0K, PF:64K # 0K, P:64K) [10] 0.000071 -0.000006 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000100 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-01 15:50:40 ESENT 105 General "Music.UI (6992,D,0) {728971B4-6D40-4B58-A094-E762F662BAC6}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:007F:0000 - 00000001:0087:0000 - 00000000:0000:0000 - 00000001:0087:0000 (00000000:0000:0000) cReInits = 7 Internal Timing Sequence: [1] 0.002104 +J(0) +M(C:0K, Fs:138, WS:536K # 536K, PF:2904K # 2904K, P:2904K) [2] 0.003602 +J(0) +M(C:16K, Fs:173, WS:692K # 692K, PF:380K # 380K, P:380K) [3] 0.000053 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000314 +J(0) +M(C:112K, Fs:36, WS:140K # 140K, PF:164K # 164K, P:164K) [5] 0.006069 +J(0) +M(C:0K, Fs:127, WS:504K # 504K, PF:136K # 136K, P:136K) [6] 0.004245 +J(0) +M(C:0K, Fs:117, WS:464K # 464K, PF:124K # 124K, P:124K) [7] 0.007897 +J(0) +M(C:0K, Fs:1669, WS:6552K # 6588K, PF:2600K # 2684K, P:2600K) [8] 0.073942 -0.003801 (6) CM +J(CM:6, PgRf:6, Rd:0/6, Dy:6/8, Lg:543027/5489) +M(C:0K, Fs:1866, WS:5548K # 5512K, PF:3044K # 2960K, P:3044K) [9] - [10] 0.004697 +J(0) +M(C:0K, Fs:21, WS:-1960K # 44K, PF:-2036K # 8K, P:-2036K) [11] 0.000081 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.040930 -0.000004 (6) CM +J(CM:6, PgRf:0, Rd:0/6, Dy:0/0, Lg:0/0) +M(C:0K, Fs:411, WS:1368K # 0K, PF:160K # 0K, P:160K) [13] 0.067046 -0.000038 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:533, WS:-416K # 1008K, PF:-436K # 0K, P:-436K) [14] 0.000033 +J(0) [15] 0.000026 +J(0) [16] 0.000469 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-01 15:50:40 ESENT 302 Logging/Recovery Music.UI (6992,U,0) {728971B4-6D40-4B58-A094-E762F662BAC6}: The database engine has successfully completed recovery steps. Information 2018-01-01 15:50:40 ESENT 335 Logging/Recovery "Music.UI (6992,R,0) {728971B4-6D40-4B58-A094-E762F662BAC6}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-01 15:50:40 ESENT 301 Logging/Recovery "Music.UI (6992,R,0) {728971B4-6D40-4B58-A094-E762F662BAC6}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-01 15:50:40 ESENT 300 Logging/Recovery Music.UI (6992,R,0) {728971B4-6D40-4B58-A094-E762F662BAC6}: The database engine is initiating recovery steps. Information 2018-01-01 15:50:40 ESENT 916 General Music.UI (6992,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 15:50:40 ESENT 102 General Music.UI (6992,P,0) {728971B4-6D40-4B58-A094-E762F662BAC6}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-01 15:50:27 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-01 15:42:19 ESENT 916 General svchost (6984,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 15:37:27 ESENT 916 General DllHost (9084,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 15:32:48 ESENT 916 General svchost (2052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 15:29:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 15:29:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 15:06:47 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2018-01-01 15:03:47 System Restore 8196 None System Restore has been enabled (Process = C:\Windows\system32\wbem\wmiprvse.exe; Volume = ). Information 2018-01-01 15:03:34 System Restore 8196 None System Restore has been enabled (Process = C:\Windows\system32\wbem\wmiprvse.exe; Volume = ). Information 2018-01-01 15:02:48 System Restore 8196 None System Restore has been enabled (Process = C:\Windows\system32\wbem\wmiprvse.exe; Volume = ). Information 2018-01-01 15:02:35 System Restore 8194 None Successfully created restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Reimage Restore Point). Information 2018-01-01 15:02:32 ESENT 916 General svchost (4136,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 15:00:52 System Restore 8196 None System Restore has been enabled (Process = C:\Windows\system32\wbem\wmiprvse.exe; Volume = ). Information 2018-01-01 14:59:58 System Restore 8196 None System Restore has been enabled (Process = C:\Windows\system32\wbem\wmiprvse.exe; Volume = ). Information 2018-01-01 14:57:09 ESENT 916 General MicrosoftEdge (8448,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:55:25 ESENT 916 General SystemSettings (6704,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:55:25 ESENT 916 General SystemSettings (6704,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:55:25 ESENT 916 General SystemSettings (6704,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:55:10 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-01 14:55:09 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-01 14:54:23 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:54:19 ESENT 916 General taskhostw (9372,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:54:15 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:54:10 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-01 14:54:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2018-01-01 14:54:09 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-01 14:54:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 14:54:08 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-01 14:54:08 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:52:07Z. Reason: RulesEngine. Information 2018-01-01 14:54:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2018-01-01 14:54:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-01 14:54:06 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-01 14:54:06 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-01 14:53:33 TV Server 0 None PowerEvent handled successfully by the service. Information 2018-01-01 14:53:32 ESENT 916 General svchost (4156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:53:32 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-01 14:53:32 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 41 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 648 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2052 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3228 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-01 14:53:32 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 14:53:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-01 14:53:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-01 14:53:26 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Error 2018-01-01 14:52:54 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2154 Start Time: 01d383078b08aac2 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 483b5086-2032-4741-baca-28aba135a505 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2018-01-01 14:52:54 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE1E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE4B.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFED9.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_0d1f03d9 Analysis symbol: Rechecking for solution: 0 Report Id: 483b5086-2032-4741-baca-28aba135a505 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2018-01-01 14:52:51 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2018-01-01 14:52:32 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-01 14:52:32 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258730)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-01 14:52:31 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-01 14:52:30 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-01 14:51:54 ESENT 916 General MicrosoftEdge (8868,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:51:42 ESENT 916 General svchost (4136,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:51:04 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Error 2018-01-01 14:50:52 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1760 Start Time: 01d38307749425b1 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 800a4371-7af0-405a-be82-ee145bc1607b Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2018-01-01 14:50:52 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F4B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F89.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2055.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_20652584 Analysis symbol: Rechecking for solution: 0 Report Id: 800a4371-7af0-405a-be82-ee145bc1607b Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2018-01-01 14:50:48 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2018-01-01 14:50:49 ESENT 326 General "Music.UI (3784,D,50) {1E094731-F119-40DF-98C7-A23365F5271A}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0080:0268 Internal Timing Sequence: [1] 0.000007 +J(0) [2] 0.001122 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.020396 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:188, WS:724K # 0K, PF:200K # 0K, P:200K) [4] 0.000579 +J(0) [5] - [6] - [7] 0.001760 -0.001070 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:20, WS:80K # 0K, PF:120K # 0K, P:120K) [8] 0.000477 -0.000030 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:35, WS:132K # 0K, PF:200K # 0K, P:200K) [9] 0.000240 -0.000013 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:12K # 0K, PF:64K # 0K, P:64K) [10] 0.000024 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000106 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-01 14:50:49 ESENT 105 General "Music.UI (3784,D,0) {1E094731-F119-40DF-98C7-A23365F5271A}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:007C:0000 - 00000001:007E:0000 - 00000000:0000:0000 - 00000001:007E:0000 (00000000:0000:0000) cReInits = 6 Internal Timing Sequence: [1] 0.006030 +J(0) +M(C:0K, Fs:414, WS:1620K # 1620K, PF:3004K # 3060K, P:3004K) [2] 0.000723 +J(0) +M(C:16K, Fs:126, WS:504K # 504K, PF:312K # 256K, P:312K) [3] 0.000039 +J(0) +M(C:0K, Fs:3, WS:8K # 8K, PF:68K # 68K, P:68K) [4] 0.008871 +J(0) +M(C:112K, Fs:612, WS:2432K # 2432K, PF:548K # 548K, P:548K) [5] 0.018932 +J(0) +M(C:0K, Fs:861, WS:3304K # 3304K, PF:388K # 408K, P:388K) [6] 0.006021 +J(0) +M(C:0K, Fs:155, WS:612K # 612K, PF:204K # 184K, P:204K) [7] 0.027799 +J(0) +M(C:0K, Fs:1101, WS:4368K # 4368K, PF:3068K # 3068K, P:3068K) [8] 0.087495 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:506523/5452) +M(C:0K, Fs:1653, WS:4712K # 4716K, PF:2356K # 2364K, P:2356K) [9] - [10] 0.003888 +J(0) +M(C:0K, Fs:1, WS:-2040K # 0K, PF:-2044K # 0K, P:-2044K) [11] 0.000061 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.017971 +J(0) +M(C:0K, Fs:140, WS:380K # 0K, PF:132K # 0K, P:132K) [13] 0.073755 -0.001156 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:1188, WS:2140K # 2536K, PF:224K # 356K, P:224K) [14] 0.000032 +J(0) [15] 0.000028 +J(0) [16] 0.000527 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-01 14:50:49 ESENT 302 Logging/Recovery Music.UI (3784,U,0) {1E094731-F119-40DF-98C7-A23365F5271A}: The database engine has successfully completed recovery steps. Information 2018-01-01 14:50:49 ESENT 335 Logging/Recovery "Music.UI (3784,R,0) {1E094731-F119-40DF-98C7-A23365F5271A}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2018-01-01 14:50:49 ESENT 301 Logging/Recovery "Music.UI (3784,R,0) {1E094731-F119-40DF-98C7-A23365F5271A}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2018-01-01 14:50:49 ESENT 300 Logging/Recovery Music.UI (3784,R,0) {1E094731-F119-40DF-98C7-A23365F5271A}: The database engine is initiating recovery steps. Information 2018-01-01 14:50:49 ESENT 916 General Music.UI (3784,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:50:49 ESENT 102 General Music.UI (3784,P,0) {1E094731-F119-40DF-98C7-A23365F5271A}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-01 14:50:37 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:50:35 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-01 14:50:34 TV Server 0 None Service started successfully. Information 2018-01-01 14:50:31 ESENT 326 General "SearchIndexer (7276,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000A4:0038:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.005386 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.026733 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000526 +J(0) [5] - [6] - [7] 0.076461 -0.001513 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001122 -0.000644 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000855 -0.000552 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000037 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-01 14:50:31 ESENT 105 General "SearchIndexer (7276,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004758 +J(0) +M(C:0K, Fs:219, WS:860K # 860K, PF:5476K # 5472K, P:5476K) [2] 0.004654 +J(0) +M(C:10240K, Fs:104, WS:412K # 412K, PF:392K # 392K, P:392K) [3] 0.000064 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000186 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.008091 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004521 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.004716 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.006938 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000114 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000602 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-01 14:50:31 ESENT 916 General SearchIndexer (7276,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:50:31 ESENT 102 General SearchIndexer (7276,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-01 14:50:27 ESENT 916 General taskhostw (3360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:50:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 14:50:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 14:50:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 14:50:20 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-01 14:50:18 ESENT 916 General svchost (4156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:50:04 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 31456570 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:04 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:03 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-01 14:50:02 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:50:02 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-01 14:50:01 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:49:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-01 14:49:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-01 14:49:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-01 14:49:53 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 14:49:50 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-01 14:49:50 ESENT 916 General svchost (2052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:49:49 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-01 14:49:49 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-01 14:49:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-01 14:49:47 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-01 14:49:47 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-01 14:49:18 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-01 14:49:17 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:49:17 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:49:17 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:49:15 TV Server 0 None Service has been successfully shut down. Information 2018-01-01 14:49:15 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 39 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 672 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\SystemCertificates Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 1824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 552 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 1824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-01 14:49:15 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 14:49:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2018-01-01 14:49:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-01 14:44:59 ESENT 916 General SystemSettings (7932,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:44:59 ESENT 916 General SystemSettings (7932,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:44:59 ESENT 916 General SystemSettings (7932,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:42:06 ESENT 916 General svchost (1824,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:36:49 ESENT 916 General SystemSettings (7932,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:36:49 ESENT 916 General SystemSettings (7932,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:36:49 ESENT 916 General SystemSettings (7932,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:35:57 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-01 14:31:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:55Z. Reason: RulesEngine. Information 2018-01-01 14:31:09 ESENT 916 General svchost (168,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:30:14 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2018-01-01 14:30:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:52:14Z. Reason: RulesEngine. Information 2018-01-01 14:29:44 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2018-01-01 14:29:44 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258753)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-01 14:29:43 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2018-01-01 14:29:42 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2018-01-01 14:28:38 ESENT 916 General svchost (3352,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:28:18 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2018-01-01 14:28:01 ESENT 916 General svchost (7936,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:27:55 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2018-01-01 14:27:53 ESENT 326 General "SearchIndexer (7304,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000A3:00AC:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001514 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.021562 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000537 +J(0) [5] - [6] - [7] 0.060503 -0.001670 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:200K # 0K, PF:644K # 0K, P:644K) [8] 0.001406 -0.000757 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 112K, P:256K) [9] 0.000769 -0.000504 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000031 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000106 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2018-01-01 14:27:53 ESENT 105 General "SearchIndexer (7304,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.011353 +J(0) +M(C:0K, Fs:176, WS:684K # 684K, PF:4976K # 4976K, P:4976K) [2] 0.000922 +J(0) +M(C:10240K, Fs:105, WS:420K # 420K, PF:388K # 388K, P:388K) [3] 0.004505 +J(0) +M(C:0K, Fs:68, WS:268K # 268K, PF:576K # 580K, P:576K) [4] 0.000534 +J(0) +M(C:0K, Fs:26, WS:100K # 100K, PF:228K # 224K, P:228K) [5] 0.006770 +J(0) +M(C:0K, Fs:33, WS:128K # 128K, PF:72K # 72K, P:72K) [6] 0.040893 +J(0) +M(C:0K, Fs:81, WS:324K # 324K, PF:32K # 32K, P:32K) [7] 0.029172 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.005664 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000112 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000604 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2018-01-01 14:27:53 ESENT 916 General SearchIndexer (7304,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:27:53 ESENT 102 General SearchIndexer (7304,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2018-01-01 14:27:51 TV Server 0 None Service started successfully. Information 2018-01-01 14:27:47 ESENT 916 General taskhostw (3960,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:27:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 14:27:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 14:27:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2018-01-01 14:27:34 SecurityCenter 1 None The Windows Security Center Service has started. Information 2018-01-01 14:27:30 ESENT 916 General svchost (3412,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:27:29 ESENT 916 General svchost (2440,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:27:18 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:18 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:18 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:18 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:18 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:18 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:17 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 31456080 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:17 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:17 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:17 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:17 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:16 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:16 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:16 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:16 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:16 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2018-01-01 14:27:16 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:16 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2018-01-01 14:27:16 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:27:16 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2018-01-01 14:27:15 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 14:27:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2018-01-01 14:27:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2018-01-01 14:27:10 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2018-01-01 14:27:10 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2018-01-01 14:27:10 ESENT 916 General svchost (1824,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:27:09 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2018-01-01 14:27:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2018-01-01 14:27:08 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2018-01-01 14:27:07 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2018-01-01 14:26:38 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2018-01-01 14:26:37 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:26:37 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:26:37 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:26:37 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2018-01-01 14:26:35 TV Server 0 None Service has been successfully shut down. Information 2018-01-01 14:26:34 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2018-01-01 14:26:34 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 23 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 4276 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 9756 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1012 (\Device\HarddiskVolume2\Program Files\Reimage\Reimage Protector\ReiGuard.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\TypedURLs Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 1160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2018-01-01 14:26:35 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2018-01-01 14:26:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2018-01-01 14:26:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2018-01-01 14:22:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 14:12:57 Windows Error Reporting 1001 None "Fault bucket 129573114525, type 5 Event Name: RADAR_PRE_LEAK_WOW64 Response: Not available Cab Id: 0 Problem signature: P1: REI_AVIRA.exe P2: 1.3.0.1 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDRE533.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE534.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5A1.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE61F.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 1c025f83-c7fd-4be4-a32e-4381f197678c Report Status: 268435456 Hashed bucket: eebc05749cbd0a3e7992e05fff7887d4" Information 2018-01-01 13:56:22 ESENT 916 General MicrosoftEdge (2976,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 13:55:03 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2018-01-01 13:50:08 Service1 0 None Service stopped successfully. Information 2018-01-01 13:41:29 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 13:21:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 12:41:29 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 12:20:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 11:41:29 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 11:19:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 11:11:39 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 11:11:37 ESENT 916 General svchost (4876,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 10:18:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 09:17:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 08:16:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 07:15:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 07:02:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:42Z. Reason: RulesEngine. Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 07:02:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 07:02:09 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2018/01/01 06:02" Information 2018-01-01 07:02:08 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.71.27.219:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2018/01/01 06:02, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2018-01-01 06:52:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-31T05:51:51Z. Reason: RulesEngine. Information 2018-01-01 06:52:21 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/30:05:52:20;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2018-01-01 06:52:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2018-01-01 06:52:11 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2018-01-01 06:52:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2018-01-01 06:52:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 06:52:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 06:52:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 06:52:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 06:52:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 06:52:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2018-01-01 06:52:08 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2018/01/01 05:52" Information 2018-01-01 06:52:07 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.249.131.79:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2018/01/01 05:52, 1, 1, 258788, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2018-01-01 06:14:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 05:13:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 04:50:20 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-30T22:59:20Z. Reason: RulesEngine. Information 2018-01-01 04:12:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 03:58:52 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 03:11:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 03:01:59 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-30T22:58:59Z. Reason: RulesEngine. Information 2018-01-01 02:41:29 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 02:10:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 01:09:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 01:00:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 00:36:49 ESENT 916 General svchost (1288,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 00:20:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-30T22:58:51Z. Reason: RulesEngine. Information 2018-01-01 00:20:05 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2018-01-01 00:08:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 23:59:51 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-30T22:58:51Z. Reason: RulesEngine. Information 2017-12-31 23:59:21 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/29:22:59:20;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-31 23:59:12 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 23:59:09 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/31 22:59" Information 2017-12-31 23:59:08 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.222.245.20:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/31 22:59, 1, 1, 257809, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-31 23:07:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 22:40:29 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-31 22:39:18 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 22:37:29 ESENT 326 General "svchost (6168,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000004:0005:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001924 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.029483 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K) [4] 0.001566 +J(0) [5] - [6] - [7] 0.001853 -0.001209 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 40K, PF:60K # 36K, P:60K) [8] 0.000984 -0.000556 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.000780 -0.000449 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000048 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000119 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-31 22:37:29 ESENT 105 General "svchost (6168,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000003:000E:0000 - 00000004:0001:0000 - 00000004:0003:0000 - 00000004:0003:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.002652 +J(0) +M(C:0K, Fs:115, WS:456K # 456K, PF:2864K # 2864K, P:2864K) [2] 0.000993 +J(0) +M(C:8K, Fs:96, WS:376K # 376K, PF:856K # 856K, P:856K) [3] 0.000040 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000248 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:160K # 160K, P:160K) [5] 0.012092 +J(0) +M(C:0K, Fs:51, WS:204K # 204K, PF:16K # 16K, P:16K) [6] 0.008705 +J(0) +M(C:0K, Fs:31, WS:120K # 120K, PF:16K # 16K, P:16K) [7] 0.005214 +J(0) +M(C:0K, Fs:36, WS:144K # 144K, PF:68K # 68K, P:68K) [8] 0.030454 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/34) +M(C:0K, Fs:125, WS:216K # 260K, PF:88K # 156K, P:88K) + 1 lgens [9] 0.035966 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/5) +M(C:0K, Fs:57, WS:152K # 108K, PF:148K # 84K, P:148K) [10] 0.001982 +J(0) +M(C:0K, Fs:9, WS:-28K # 20K, PF:0K # 56K, P:0K) [11] 0.000056 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.001911 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.058750 -0.000859 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 104K, PF:160K # 168K, P:160K) [14] 0.000064 +J(0) [15] 0.000040 +J(0) [16] 0.001952 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-31 22:37:29 ESENT 302 Logging/Recovery svchost (6168,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-31 22:37:29 ESENT 301 Logging/Recovery "svchost (6168,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: [1] 0.017896 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/34) +M(C:0K, Fs:74, WS:88K # 64K, PF:4K # 4K, P:4K)." Information 2017-12-31 22:37:29 ESENT 301 Logging/Recovery "svchost (6168,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS00003.log. Previous Log Processing Stats: " Information 2017-12-31 22:37:29 ESENT 300 Logging/Recovery svchost (6168,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-31 22:37:29 ESENT 916 General svchost (6168,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 22:37:29 ESENT 102 General svchost (6168,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-31 22:06:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 21:05:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 20:05:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 19:04:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 18:03:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 17:02:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 16:51:55 ESENT 326 General "Music.UI (9104,D,50) {F358DEE1-00DA-4DC6-9735-5EC0882BD710}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:007D:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001390 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.014413 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:7, WS:20K # 0K, PF:20K # 0K, P:20K) [4] 0.000677 +J(0) [5] - [6] - [7] 0.002455 -0.001781 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 0K, PF:124K # 0K, P:124K) [8] 0.000453 -0.000027 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:35, WS:132K # 0K, PF:200K # 0K, P:200K) [9] 0.000225 -0.000012 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 0K, PF:64K # 0K, P:64K) [10] 0.000024 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000107 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-31 16:51:55 ESENT 105 General "Music.UI (9104,D,0) {F358DEE1-00DA-4DC6-9735-5EC0882BD710}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0076:0000 - 00000001:007B:0000 - 00000000:0000:0000 - 00000001:007B:0000 (00000000:0000:0000) cReInits = 5 Internal Timing Sequence: [1] 0.007344 +J(0) +M(C:0K, Fs:476, WS:1872K # 1872K, PF:3080K # 3136K, P:3080K) [2] 0.000597 +J(0) +M(C:16K, Fs:102, WS:408K # 408K, PF:300K # 244K, P:300K) [3] 0.000032 +J(0) +M(C:0K, Fs:3, WS:12K # 12K, PF:64K # 64K, P:64K) [4] 0.000364 +J(0) +M(C:112K, Fs:54, WS:208K # 208K, PF:180K # 180K, P:180K) [5] 0.010192 +J(0) +M(C:0K, Fs:839, WS:3276K # 3276K, PF:460K # 460K, P:460K) [6] 0.004678 +J(0) +M(C:0K, Fs:187, WS:740K # 740K, PF:44K # 52K, P:44K) [7] 0.024997 +J(0) +M(C:0K, Fs:1911, WS:7512K # 7512K, PF:4672K # 4664K, P:4672K) [8] 0.045037 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:494355/5444) +M(C:0K, Fs:1065, WS:2700K # 2700K, PF:1140K # 1144K, P:1140K) [9] - [10] 0.005252 +J(0) +M(C:0K, Fs:60, WS:-1812K # 56K, PF:-2036K # 12K, P:-2036K) [11] 0.000060 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.007575 +J(0) +M(C:0K, Fs:102, WS:404K # 0K, PF:48K # 0K, P:48K) [13] 0.062733 -0.001920 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:1131, WS:1912K # 2504K, PF:172K # 216K, P:172K) [14] 0.000029 +J(0) [15] 0.000032 +J(0) [16] 0.000674 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-31 16:51:55 ESENT 302 Logging/Recovery Music.UI (9104,U,0) {F358DEE1-00DA-4DC6-9735-5EC0882BD710}: The database engine has successfully completed recovery steps. Information 2017-12-31 16:51:55 ESENT 335 Logging/Recovery "Music.UI (9104,R,0) {F358DEE1-00DA-4DC6-9735-5EC0882BD710}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2017-12-31 16:51:55 ESENT 301 Logging/Recovery "Music.UI (9104,R,0) {F358DEE1-00DA-4DC6-9735-5EC0882BD710}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2017-12-31 16:51:55 ESENT 300 Logging/Recovery Music.UI (9104,R,0) {F358DEE1-00DA-4DC6-9735-5EC0882BD710}: The database engine is initiating recovery steps. Information 2017-12-31 16:51:54 ESENT 916 General Music.UI (9104,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 16:51:54 ESENT 102 General Music.UI (9104,P,0) {F358DEE1-00DA-4DC6-9735-5EC0882BD710}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-31 16:51:45 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-31 16:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 16:01:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 15:56:49 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-31 15:56:49 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-31 15:50:11 ESENT 916 General svchost (2444,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 15:39:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 15:08:41 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 15:00:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 14:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 13:59:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 13:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 12:58:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 12:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 12:05:41 ESENT 326 General "Music.UI (9608,D,50) {790D810D-042A-4C96-9DEA-3D288FED7542}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0077:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001431 +J(0) +M(C:0K, Fs:19, WS:12K # 0K, PF:8K # 0K, P:8K) [3] 0.016213 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:28, WS:88K # 0K, PF:28K # 0K, P:28K) [4] 0.000780 +J(0) [5] - [6] - [7] 0.002858 -0.001986 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:55, WS:208K # 0K, PF:168K # 0K, P:168K) [8] 0.000497 -0.000029 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:37, WS:140K # 0K, PF:208K # 0K, P:208K) [9] 0.000254 -0.000013 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 0K, PF:68K # 0K, P:68K) [10] 0.000026 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000098 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-31 12:05:41 ESENT 105 General "Music.UI (9608,D,0) {790D810D-042A-4C96-9DEA-3D288FED7542}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0073:0000 - 00000001:0075:0000 - 00000000:0000:0000 - 00000001:0075:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.002970 +J(0) +M(C:0K, Fs:166, WS:656K # 656K, PF:2908K # 2908K, P:2908K) [2] 0.000683 +J(0) +M(C:16K, Fs:90, WS:352K # 352K, PF:296K # 296K, P:296K) [3] 0.000033 +J(0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 64K, P:64K) [4] 0.001066 +J(0) +M(C:112K, Fs:95, WS:356K # 356K, PF:100K # 100K, P:100K) [5] 0.012385 +J(0) +M(C:0K, Fs:286, WS:1132K # 1132K, PF:228K # 228K, P:228K) [6] 0.045291 +J(0) +M(C:0K, Fs:2081, WS:8104K # 8104K, PF:2964K # 3040K, P:2964K) [7] 0.008265 +J(0) +M(C:0K, Fs:564, WS:2252K # 2252K, PF:2140K # 2064K, P:2140K) [8] 0.057932 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:470019/5430) +M(C:0K, Fs:696, WS:1532K # 1532K, PF:616K # 624K, P:616K) [9] - [10] 0.015880 +J(0) +M(C:0K, Fs:84, WS:-1712K # 0K, PF:-2008K # 28K, P:-2008K) [11] 0.000618 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.003226 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.055479 -0.004190 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:798, WS:788K # 1136K, PF:-12K # 0K, P:-12K) [14] 0.000033 +J(0) [15] 0.000028 +J(0) [16] 0.000766 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-31 12:05:41 ESENT 302 Logging/Recovery Music.UI (9608,U,0) {790D810D-042A-4C96-9DEA-3D288FED7542}: The database engine has successfully completed recovery steps. Information 2017-12-31 12:05:41 ESENT 335 Logging/Recovery "Music.UI (9608,R,0) {790D810D-042A-4C96-9DEA-3D288FED7542}: Replay of a Create for database ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb"" at log position (00000001,0001,0268) was deferred due to AttachFuture. Additional information: " Information 2017-12-31 12:05:41 ESENT 301 Logging/Recovery "Music.UI (9608,R,0) {790D810D-042A-4C96-9DEA-3D288FED7542}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2017-12-31 12:05:41 ESENT 300 Logging/Recovery Music.UI (9608,R,0) {790D810D-042A-4C96-9DEA-3D288FED7542}: The database engine is initiating recovery steps. Information 2017-12-31 12:05:41 ESENT 916 General Music.UI (9608,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 12:05:41 ESENT 102 General Music.UI (9608,P,0) {790D810D-042A-4C96-9DEA-3D288FED7542}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-31 11:57:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 11:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 10:56:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 10:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 09:55:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 09:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 08:54:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 08:41:27 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 08:08:52 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 07:58:32 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T23:37:32Z. Reason: RulesEngine. Information 2017-12-31 07:57:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T23:37:31Z. Reason: RulesEngine. Information 2017-12-31 07:54:46 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-31 07:54:17 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 07:54:02 ESENT 916 General taskhostw (10160,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 07:53:59 ESENT 916 General svchost (3208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 07:53:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-31 07:53:50 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-31 07:53:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-31 07:53:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-31 07:53:48 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-31 07:53:46 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-31 07:53:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-31 07:53:46 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-31 01:48:45 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-31 01:48:43 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8088 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-31 01:48:43 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 39 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 656 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 9756 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 1760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 536 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3472 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 1760 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3684 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3456 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-31 01:48:44 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 01:48:44 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-31 01:48:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-31 01:48:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-31 01:48:31 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-31 01:47:32 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER17F2.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DC1.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E2A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EB8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_060d2761 Analysis symbol: Rechecking for solution: 0 Report Id: 56ccdb44-25e0-480b-8ea1-f7dc838327e7 Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2017-12-31 01:47:28 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x1ddc Faulting application start time: 0x01d381cfc071359a Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 56ccdb44-25e0-480b-8ea1-f7dc838327e7 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-31 01:38:00 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 01:35:44 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D40.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER52EF.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER531A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER53A8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_03b25abb Analysis symbol: Rechecking for solution: 0 Report Id: 8749e2c6-8b18-4dbd-9c48-1bdb18fa023c Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2017-12-31 01:35:40 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x520 Faulting application start time: 0x01d381cdda85d4dc Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 8749e2c6-8b18-4dbd-9c48-1bdb18fa023c Faulting package full name: Faulting package-relative application ID: " Information 2017-12-31 01:21:31 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER460C.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F16.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F32.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FCF.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_207156e2 Analysis symbol: Rechecking for solution: 0 Report Id: 3d3b002d-30e5-4f5c-80a0-807443bba212 Report Status: 268435456 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2017-12-31 01:21:27 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x10ec Faulting application start time: 0x01d381ca900bbb0d Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 3d3b002d-30e5-4f5c-80a0-807443bba212 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-31 00:50:37 Windows Error Reporting 1001 None "Fault bucket 133563791673, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe P2: praid:ContentProcess P3: 11.0.16299.15 P4: 59cda7cd P5: fa9b P6: 133120 P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF12B.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER571.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5BD.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER65A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_eeac7a5ae1baa0e977a214fbf761ccc8787994_b3b02568_211d0b7a Analysis symbol: Rechecking for solution: 0 Report Id: 1e580fe3-5bf0-434d-a6c5-4ca93f617e11 Report Status: 268435456 Hashed bucket: c2a598f6209cb307f1d6370482e499f8" Error 2017-12-31 00:50:29 Application Error 1000 (100) "Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd Faulting module name: win32u.dll, version: 10.0.16299.15, time stamp: 0x1900dcc9 Exception code: 0xcfffffff Fault offset: 0x0000000000009164 Faulting process id: 0x20fc Faulting application start time: 0x01d381c8a9ee4767 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\Windows\System32\win32u.dll Report Id: 1e580fe3-5bf0-434d-a6c5-4ca93f617e11 Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess" Information 2017-12-31 00:48:23 ESENT 916 General DllHost (8696,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:48:14 ESENT 916 General MicrosoftEdge (2368,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:47:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T23:36:42Z. Reason: RulesEngine. Information 2017-12-31 00:47:12 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-31 00:47:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-31 00:47:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:47:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:47:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:47:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:47:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:47:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:47:10 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/30 23:47" Information 2017-12-31 00:47:09 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.146.168.245:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/30 23:47, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-31 00:42:10 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-31 00:40:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T23:37:18Z. Reason: RulesEngine. Information 2017-12-31 00:39:07 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-31 00:39:06 ESENT 916 General svchost (2780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:38:29 ESENT 916 General svchost (3644,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:38:11 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-31 00:38:11 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T23:37:11Z. Reason: RulesEngine. Information 2017-12-31 00:37:43 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-31 00:37:41 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/28:23:37:40;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-31 00:37:28 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-31 00:37:27 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-31 00:37:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-31 00:37:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:37:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:37:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:37:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:37:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:37:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-31 00:37:23 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/30 23:37" Information 2017-12-31 00:37:22 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.43.3.76:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/30 23:37, 1, 1, 259162, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-31 00:37:20 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-31 00:37:18 ESENT 326 General "SearchIndexer (4024,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000A3:003B:0268 Internal Timing Sequence: [1] 0.000012 +J(0) [2] 0.001935 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.045270 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:46, WS:144K # 0K, PF:144K # 0K, P:144K) [4] 0.000744 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.029910 -0.002314 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:49, WS:196K # 0K, PF:640K # 0K, P:640K) [8] 0.001297 -0.000809 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 108K, P:256K) [9] 0.000929 -0.000595 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000038 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-31 00:37:18 ESENT 105 General "SearchIndexer (4024,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002752 +J(0) +M(C:0K, Fs:167, WS:648K # 648K, PF:5488K # 5488K, P:5488K) [2] 0.000712 +J(0) +M(C:10240K, Fs:116, WS:468K # 468K, PF:376K # 376K, P:376K) [3] 0.000042 +J(0) +M(C:0K, Fs:8, WS:24K # 24K, PF:68K # 68K, P:68K) [4] 0.000266 +J(0) +M(C:0K, Fs:46, WS:184K # 184K, PF:224K # 224K, P:224K) [5] 0.009912 +J(0) +M(C:0K, Fs:43, WS:172K # 172K, PF:24K # 32K, P:24K) [6] 0.006497 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 12K, P:20K) [7] 0.021808 +J(0) +M(C:0K, Fs:273, WS:1092K # 1092K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.008938 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000030 +J(0) [15] 0.000100 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000816 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-31 00:37:18 ESENT 916 General SearchIndexer (4024,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:37:18 ESENT 102 General SearchIndexer (4024,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-31 00:37:16 TV Server 0 None Service started successfully. Information 2017-12-31 00:37:15 ESENT 916 General taskhostw (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:37:09 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-31 00:37:09 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259163)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-31 00:37:07 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-31 00:37:05 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-31 00:37:01 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:36:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-31 00:36:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-31 00:36:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-31 00:36:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-31 00:36:59 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-31 00:36:54 ESENT 916 General svchost (3208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:36:44 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 24955361 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:44 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 Service1 0 None Service started successfully. Information 2017-12-31 00:36:43 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:43 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-31 00:36:43 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:42 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-31 00:36:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-31 00:36:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-31 00:36:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-31 00:36:41 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-31 00:36:36 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-31 00:36:35 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-31 00:36:36 ESENT 916 General svchost (1760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:36:35 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-31 00:36:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-31 00:36:33 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-31 00:36:32 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-31 00:36:03 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-31 00:36:03 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-31 00:36:03 Service1 0 None Service has been successfully shut down. Information 2017-12-31 00:36:00 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 656 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2572 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5044 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1568 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1568 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1568 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1568 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1568 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3712 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-31 00:36:01 TV Server 0 None Service has been successfully shut down. Information 2017-12-31 00:36:00 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-31 00:36:00 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-31 00:36:00 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-31 00:35:52 ESENT 916 General svchost (3348,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:35:52 ESENT 916 General DllHost (8820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-31 00:30:00 ESENT 916 General svchost (3720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 23:59:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T21:28:43Z. Reason: RulesEngine. Information 2017-12-30 23:59:13 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-30 23:59:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-30 23:59:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 23:59:10 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/30 22:59" Information 2017-12-30 23:59:08 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.180.220.103:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/30 22:59, 1, 1, 259120, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-30 23:43:23 ESENT 916 General svchost (1568,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 23:29:00 ESENT 916 General svchost (3720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:39:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T21:29:33Z. Reason: RulesEngine. Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:39:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:39:00 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/30 21:38" Information 2017-12-30 22:38:59 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.185.195.113:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/30 21:38, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-30 22:32:12 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T21:29:12Z. Reason: RulesEngine. Information 2017-12-30 22:31:27 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T21:29:27Z. Reason: RulesEngine. Information 2017-12-30 22:30:55 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-30 22:30:09 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-30 22:30:09 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T21:29:09Z. Reason: RulesEngine. Information 2017-12-30 22:29:39 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/28:21:29:38;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-30 22:29:34 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-30 22:29:30 ESENT 916 General svchost (8592,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:29:26 ESENT 916 General svchost (3672,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:29:20 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-30 22:29:20 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-30 22:29:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-30 22:29:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:29:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:29:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:29:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:29:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:29:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 22:29:17 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-30 22:29:17 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/30 21:29" Information 2017-12-30 22:29:15 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.95.216.166:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/30 21:29, 1, 1, 258935, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-30 22:29:14 ESENT 326 General "SearchIndexer (7820,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000A3:000B:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.011270 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.028713 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:45, WS:148K # 0K, PF:140K # 0K, P:140K) [4] 0.000721 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.016279 -0.002187 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001454 -0.000963 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000899 -0.000570 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-30 22:29:14 ESENT 105 General "SearchIndexer (7820,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002202 +J(0) +M(C:0K, Fs:152, WS:596K # 596K, PF:4960K # 4960K, P:4960K) [2] 0.000634 +J(0) +M(C:10240K, Fs:111, WS:440K # 440K, PF:888K # 888K, P:888K) [3] 0.000033 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000192 +J(0) +M(C:0K, Fs:27, WS:108K # 108K, PF:224K # 224K, P:224K) [5] 0.033035 +J(0) +M(C:0K, Fs:123, WS:488K # 488K, PF:28K # 36K, P:28K) [6] 0.005330 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 8K, P:16K) [7] 0.025056 +J(0) +M(C:0K, Fs:274, WS:1092K # 1092K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.008593 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000109 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000815 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-30 22:29:14 ESENT 916 General SearchIndexer (7820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:29:14 ESENT 102 General SearchIndexer (7820,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-30 22:29:10 ESENT 916 General taskhostw (5364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:29:06 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-30 22:29:06 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258935)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-30 22:29:06 TV Server 0 None Service started successfully. Information 2017-12-30 22:29:04 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-30 22:28:56 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-30 22:28:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 22:28:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 22:28:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 22:28:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 22:28:50 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-30 22:28:48 ESENT 916 General svchost (3720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:28:44 ESENT 916 General svchost (3360,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:28:34 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-30 22:28:34 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 24954811 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-30 22:28:33 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:33 Service1 0 None Service started successfully. Information 2017-12-30 22:28:33 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:33 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:33 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:33 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:33 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:33 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:33 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-30 22:28:33 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:28:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-30 22:28:32 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-30 22:28:32 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-30 22:28:26 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-30 22:28:25 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-30 22:28:26 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-30 22:28:26 ESENT 916 General svchost (1568,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:28:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-30 22:28:24 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-30 22:28:23 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-30 22:27:53 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-30 22:27:53 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:27:53 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:27:53 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:27:53 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-30 22:27:51 TV Server 0 None Service has been successfully shut down. Information 2017-12-30 22:27:50 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-30 22:27:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-30 22:27:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-30 22:23:12 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 22:09:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 21:42:33 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 21:08:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 21:00:59 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-30 20:59:06 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 20:58:30 ESENT 916 General svchost (9000,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 20:58:17 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-30 20:58:04 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 20:57:24 ESENT 916 General svchost (1996,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 20:53:40 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1764.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C19.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C34.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CA3.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER2949.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AD1.tmp.hdmp \\?\C:\Users\Eglobal\AppData\Local\Temp\WER8304.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_2799836a Analysis symbol: Rechecking for solution: 0 Report Id: f7f3c87f-d816-4246-95cc-2c004c0f4a26 Report Status: 2147487752 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2017-12-30 20:53:12 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x228c Faulting application start time: 0x01d381a6f923dbdb Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: f7f3c87f-d816-4246-95cc-2c004c0f4a26 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-30 20:46:46 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD37.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE288.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2A3.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE312.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WEREFC8.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF14F.tmp.hdmp \\?\C:\Users\Eglobal\AppData\Local\Temp\WER3176.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d0e07047c87f78cc0f0cbe82940c9fb7f75d88_8617eb1c_0ef331cd Analysis symbol: Rechecking for solution: 0 Report Id: 522317bd-43a9-476c-8bd2-9fbd9b006a0d Report Status: 2147487752 Hashed bucket: fc810635511769491e56804cc2e7e068" Error 2017-12-30 20:46:24 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x1dac Faulting application start time: 0x01d381a63cd45dc9 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 522317bd-43a9-476c-8bd2-9fbd9b006a0d Faulting package full name: Faulting package-relative application ID: " Information 2017-12-30 20:42:33 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 20:40:39 Windows Error Reporting 1001 None "Fault bucket 2186075736310800488, type 5 Event Name: BEX64 Response: Not available Cab Id: 2134902133011711545 Problem signature: P1: Kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER744B.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F88.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7FA5.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8014.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER8CD7.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8E40.tmp.hdmp \\?\C:\Users\Eglobal\AppData\Local\Temp\WERE47F.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Kodi.exe_4e7e1be572c71ef182ba6a6b61f1721050a96c_af62e356_cab_004d9799 Analysis symbol: Rechecking for solution: 0 Report Id: d7428865-662f-4c9a-a098-fffea93f943a Report Status: 268435464 Hashed bucket: fc810635511769491e56804cc2e7e068" Information 2017-12-30 20:40:06 Windows Error Reporting 1001 None "Fault bucket 1434619917687640080, type 4 Event Name: APPCRASH Response: Not available Cab Id: 1284877326795877277 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a471f21 P4: kodi.exe P5: 17.9.701.0 P6: 5a471f21 P7: c0000005 P8: 000000000021e989 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE6AA.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC59.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC86.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERECE4.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERF998.tmp.appcompat.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERFB3F.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_d5d78f6011ddda6fece51bf27dd415a4b0e8f642_8617eb1c_cab_1ee11885 Analysis symbol: Rechecking for solution: 0 Report Id: 1c517c37-d16e-42e0-b84a-de3823b61184 Report Status: 268435464 Hashed bucket: 40493eaa584ffc6833e8cb36d578d010" Error 2017-12-30 20:39:53 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Exception code: 0xc0000005 Fault offset: 0x000000000021e989 Faulting process id: 0xb80 Faulting application start time: 0x01d381a5ecf08e1f Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Program Files\Kodi\kodi.exe Report Id: 1c517c37-d16e-42e0-b84a-de3823b61184 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-30 20:38:18 Application Error 1000 (100) "Faulting application name: Kodi.exe, version: 17.9.701.0, time stamp: 0x5a471f21 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x2004 Faulting application start time: 0x01d381a431decc78 Faulting application path: C:\Program Files\Kodi\Kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: d7428865-662f-4c9a-a098-fffea93f943a Faulting package full name: Faulting package-relative application ID: " Information 2017-12-30 20:22:31 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <627F8D7827656399D27D7F9044C9FEB3F33EFA9A>. Information 2017-12-30 20:08:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 19:57:14 ESENT 916 General svchost (1996,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 19:50:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 19:50:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 19:42:33 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 19:07:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 18:40:32 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 18:06:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 18:03:46 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T16:52:46Z. Reason: RulesEngine. Information 2017-12-30 18:03:15 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-30 18:03:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-30 18:03:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 18:03:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 18:03:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 18:03:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 18:03:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 18:03:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 18:03:12 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/30 17:03" Information 2017-12-30 18:03:11 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.80.56.108:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/30 17:03, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-30 17:59:13 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T16:53:13Z. Reason: RulesEngine. Information 2017-12-30 17:58:23 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 17:53:57 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-29T16:52:56Z. Reason: RulesEngine. Information 2017-12-30 17:53:26 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/28:16:53:25;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-30 17:53:15 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-30 17:53:14 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-30 17:53:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-30 17:53:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 17:53:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 17:53:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 17:53:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 17:53:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 17:53:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-30 17:53:11 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/30 16:53" Information 2017-12-30 17:53:10 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.50.243.81:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/30 16:53, 1, 1, 258127, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-30 17:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 17:05:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 16:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 16:04:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 15:47:47 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 15:47:47 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 15:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 15:08:11 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 15:03:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 14:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 14:02:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 13:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 13:01:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 12:38:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 12:00:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 11:45:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 11:45:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-30 11:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 10:59:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 10:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 09:58:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 09:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 08:57:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 08:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 07:56:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 07:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 07:19:56 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 06:55:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 06:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 05:54:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 05:40:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 04:53:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 04:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 04:36:45 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T22:58:45Z. Reason: RulesEngine. Information 2017-12-30 04:16:57 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T22:58:57Z. Reason: RulesEngine. Information 2017-12-30 03:52:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 03:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 02:51:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 02:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 01:50:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 01:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 00:49:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-30 00:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 23:59:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T22:58:55Z. Reason: RulesEngine. Information 2017-12-29 23:59:25 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/27:22:59:23;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-29 23:59:13 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-29 23:59:13 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-29 23:59:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-29 23:59:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 23:59:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 23:59:10 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/29 22:59" Information 2017-12-29 23:59:08 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.125.175.86:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/29 22:59, 1, 1, 258834, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-29 23:48:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 23:38:30 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 22:47:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 22:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 22:01:33 MsiInstaller 1034 None Windows Installer removed the product. Product Name: SyncToy. Product Version: 1.4. Product Language: 1033. Manufacturer: Microsoft. Removal success or error status: 0. Information 2017-12-29 22:01:33 MsiInstaller 11724 None Product: SyncToy -- Removal completed successfully. Information 2017-12-29 22:01:26 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎29T21:01:24.448053200Z. Information 2017-12-29 22:01:26 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Windows\Installer\6ce223.msi. Client Process Id: 6248. Information 2017-12-29 22:01:24 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎29T21:01:24.448053200Z. Information 2017-12-29 22:01:24 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Windows\Installer\6ce223.msi. Client Process Id: 6248. Information 2017-12-29 22:00:13 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎29T20:55:52.585253000Z. Information 2017-12-29 22:00:13 MsiInstaller 1042 None Ending a Windows Installer transaction: {ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}. Client Process Id: 6492. Information 2017-12-29 22:00:13 MsiInstaller 1034 None Windows Installer removed the product. Product Name: SlimCleaner Plus. Product Version: 2.5.10. Product Language: 1033. Manufacturer: Slimware Utilities Holdings, Inc.. Removal success or error status: 0. Information 2017-12-29 22:00:13 MsiInstaller 11724 None Product: SlimCleaner Plus -- Removal completed successfully. Information 2017-12-29 21:55:53 Microsoft-Windows-RestartManager 10005 None Machine restart is required. Warning 2017-12-29 21:55:53 Microsoft-Windows-RestartManager 10010 None Application 'C:\Program Files\SlimCleaner Plus\UninstallStub.exe' (pid 2716) cannot be restarted - Application SID does not match Conductor SID.. Information 2017-12-29 21:55:53 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎29T20:55:53.110615400Z. Information 2017-12-29 21:55:53 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎29T20:55:53.110615400Z. Information 2017-12-29 21:55:52 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎29T20:55:52.585253000Z. Information 2017-12-29 21:55:52 MsiInstaller 1040 None Beginning a Windows Installer transaction: {ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}. Client Process Id: 6492. Information 2017-12-29 21:55:06 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎29T20:54:59.311327000Z. Information 2017-12-29 21:55:06 MsiInstaller 1042 None Ending a Windows Installer transaction: {447f53e5-5872-4b3d-88a3-d0e0fea8bdb2}. Client Process Id: 8972. Information 2017-12-29 21:55:06 MsiInstaller 1034 None Windows Installer removed the product. Product Name: DriverUpdate. Product Version: 5.2.0. Product Language: 1033. Manufacturer: Slimware Utilities Holdings, Inc.. Removal success or error status: 0. Information 2017-12-29 21:55:06 MsiInstaller 11724 None Product: DriverUpdate -- Removal completed successfully. Information 2017-12-29 21:55:00 Microsoft-Windows-RestartManager 10005 None Machine restart is required. Warning 2017-12-29 21:55:00 Microsoft-Windows-RestartManager 10010 None Application 'C:\Program Files\DriverUpdate\UninstallStub.exe' (pid 9716) cannot be restarted - Application SID does not match Conductor SID.. Information 2017-12-29 21:55:00 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎29T20:54:59.833676800Z. Information 2017-12-29 21:54:59 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎29T20:54:59.833676800Z. Information 2017-12-29 21:54:59 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎29T20:54:59.311327000Z. Information 2017-12-29 21:54:59 MsiInstaller 1040 None Beginning a Windows Installer transaction: {447f53e5-5872-4b3d-88a3-d0e0fea8bdb2}. Client Process Id: 8972. Information 2017-12-29 21:53:56 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T16:42:56Z. Reason: RulesEngine. Information 2017-12-29 21:53:05 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 21:46:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 21:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 20:45:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 20:42:31 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 19:59:47 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-29 19:56:59 ESENT 916 General svchost (1996,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 19:56:53 ESENT 326 General "svchost (9488,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000004:0001:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.002037 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.021468 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:8, WS:28K # 0K, PF:28K # 0K, P:28K) [4] 0.001372 +J(0) [5] - [6] - [7] 0.002482 -0.001553 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:19, WS:76K # 40K, PF:64K # 32K, P:64K) [8] 0.000938 -0.000488 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:200K # 196K, P:200K) [9] 0.000556 -0.000320 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000034 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-29 19:56:53 ESENT 105 General "svchost (9488,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000003:000A:0000 - 00000003:000D:0000 - 00000000:0000:0000 - 00000003:000D:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.017771 +J(0) +M(C:0K, Fs:176, WS:692K # 692K, PF:3420K # 3420K, P:3420K) [2] 0.000566 +J(0) +M(C:8K, Fs:89, WS:348K # 348K, PF:304K # 304K, P:304K) [3] 0.000029 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000208 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:160K # 160K, P:160K) [5] 0.008717 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005431 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.021109 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.130201 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:48672/30) +M(C:0K, Fs:157, WS:324K # 324K, PF:232K # 236K, P:232K) [9] - [10] 0.001408 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000051 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002826 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.121854 -0.001294 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4729/4) +M(C:0K, Fs:99, WS:212K # 236K, PF:216K # 220K, P:216K) [14] 0.000035 +J(0) [15] 0.000027 +J(0) [16] 0.002387 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-29 19:56:53 ESENT 302 Logging/Recovery svchost (9488,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-29 19:56:53 ESENT 301 Logging/Recovery "svchost (9488,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2017-12-29 19:56:53 ESENT 300 Logging/Recovery svchost (9488,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-29 19:56:52 ESENT 916 General svchost (9488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 19:56:52 ESENT 102 General svchost (9488,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-29 19:56:44 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 19:50:33 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-29 19:47:25 ESENT 916 General svchost (3780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 19:45:03 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Alt-Tab Task Switcher Powertoy for Windows XP. Product Version: 1.00.0001. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603. Information 2017-12-29 19:45:03 MsiInstaller 11708 None Product: Alt-Tab Task Switcher Powertoy for Windows XP -- Installation operation failed. Error 2017-12-29 19:44:59 MsiInstaller 10005 None Product: Alt-Tab Task Switcher Powertoy for Windows XP -- The powertoys require Windows XP or a service pack. They will not function on a version of Windows earlier or later than Windows XP. Information 2017-12-29 19:44:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 19:43:46 MsiInstaller 1033 None Windows Installer installed the product. Product Name: SyncToy. Product Version: 1.4. Product Language: 1033. Manufacturer: Microsoft. Installation success or error status: 0. Information 2017-12-29 19:43:46 MsiInstaller 11707 None Product: SyncToy -- Installation completed successfully. Information 2017-12-29 19:43:40 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎29T18:43:38.375055700Z. Information 2017-12-29 19:43:40 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\Rar$EXa9576.16499\SyncToy.msi. Client Process Id: 3324. Information 2017-12-29 19:43:38 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎29T18:43:38.375055700Z. Information 2017-12-29 19:43:38 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\Rar$EXa9576.16499\SyncToy.msi. Client Process Id: 3324. Information 2017-12-29 19:41:53 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎29T18:41:40.726020300Z. Information 2017-12-29 19:41:53 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Downloaded Installers\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}\setup.msi. Client Process Id: 1296. Information 2017-12-29 19:41:53 MsiInstaller 1033 None Windows Installer installed the product. Product Name: SlimCleaner Plus. Product Version: 2.5.10. Product Language: 1033. Manufacturer: Slimware Utilities Holdings, Inc.. Installation success or error status: 0. Information 2017-12-29 19:41:53 MsiInstaller 11707 None Product: SlimCleaner Plus -- Installation completed successfully. Information 2017-12-29 19:41:51 SlimServiceFactory 0 None "The description for Event ID 0 from source SlimServiceFactory cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-29 19:41:41 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎29T18:41:41.663582500Z. Information 2017-12-29 19:41:41 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎29T18:41:41.663582500Z. Information 2017-12-29 19:41:40 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎29T18:41:40.726020300Z. Information 2017-12-29 19:41:38 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Downloaded Installers\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}\setup.msi. Client Process Id: 1296. Information 2017-12-29 19:41:20 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎29T18:41:16.114932300Z. Information 2017-12-29 19:41:20 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Public\Documents\Downloaded Installers\{447F53E5-5872-4B3D-88A3-D0E0FEA8BDB2}\setup.msi. Client Process Id: 6812. Information 2017-12-29 19:41:20 MsiInstaller 1033 None Windows Installer installed the product. Product Name: DriverUpdate. Product Version: 5.2.0. Product Language: 1033. Manufacturer: Slimware Utilities Holdings, Inc.. Installation success or error status: 0. Information 2017-12-29 19:41:20 MsiInstaller 11707 None Product: DriverUpdate -- Installation completed successfully. Information 2017-12-29 19:41:19 SlimWare.Services Service 0 None "The description for Event ID 0 from source SlimWare.Services Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-29 19:41:16 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎29T18:41:16.599341100Z. Information 2017-12-29 19:41:16 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎29T18:41:16.599341100Z. Information 2017-12-29 19:41:16 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎29T18:41:16.114932300Z. Information 2017-12-29 19:41:15 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Public\Documents\Downloaded Installers\{447F53E5-5872-4B3D-88A3-D0E0FEA8BDB2}\setup.msi. Client Process Id: 6812. Information 2017-12-29 19:38:02 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 18:52:13 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-29 18:51:27 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-29 18:44:00 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 18:43:29 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎29T17:42:11.626140000Z. Information 2017-12-29 18:42:30 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 18:42:11 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎29T17:42:11.626140000Z. Information 2017-12-29 18:29:43 ESENT 916 General MicrosoftEdge (232,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 18:29:18 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-29 18:26:04 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-29 18:24:54 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T16:42:54Z. Reason: RulesEngine. Information 2017-12-29 18:24:07 Windows Error Reporting 1001 None "Fault bucket 1716656423059477734, type 4 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: msconfig.exe P2: 10.0.16299.15 P3: 74c1e3c8 P4: msvcrt.dll P5: 7.0.16299.125 P6: 20688290 P7: 40000015 P8: 000000000000ad32 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D7D.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F34.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F52.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3FB0.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_msconfig.exe_6c6942c14a7068b4fdd0db8c98f7c31116cf2bb5_2dcf77de_0a1a4608 Analysis symbol: Rechecking for solution: 0 Report Id: dfd09857-b27a-4bc2-825a-c6f1deb3726b Report Status: 268435456 Hashed bucket: d7af73e2e33659a4f7d2c9ebe9da54e6" Error 2017-12-29 18:24:05 Application Error 1000 (100) "Faulting application name: msconfig.exe, version: 10.0.16299.15, time stamp: 0x74c1e3c8 Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290 Exception code: 0x40000015 Fault offset: 0x000000000000ad32 Faulting process id: 0x20c8 Faulting application start time: 0x01d380c9cdddd9e1 Faulting application path: C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.16299.15_none_fd666a760ee483bb\msconfig.exe Faulting module path: C:\Windows\System32\msvcrt.dll Report Id: dfd09857-b27a-4bc2-825a-c6f1deb3726b Faulting package full name: Faulting package-relative application ID: " Information 2017-12-29 18:23:31 ESENT 916 General DllHost (816,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 18:05:03 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAAF6.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB47D.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB499.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4F7.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_1dd0ce2c Analysis symbol: Rechecking for solution: 0 Report Id: 09231a6f-4a97-44c6-afa9-b64907efadeb Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-29 18:04:53 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x1b14 Faulting application start time: 0x01d380c435812143 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 09231a6f-4a97-44c6-afa9-b64907efadeb Faulting package full name: Faulting package-relative application ID: " Information 2017-12-29 17:57:54 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:53:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T16:43:40Z. Reason: RulesEngine. Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:53:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:53:07 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/29 16:53" Information 2017-12-29 17:53:06 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.100.74.86:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/29 16:53, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-29 17:46:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T16:43:25Z. Reason: RulesEngine. Information 2017-12-29 17:45:05 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-29 17:44:25 ESENT 916 General svchost (3096,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:44:14 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-29 17:44:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-28T16:43:14Z. Reason: RulesEngine. Information 2017-12-29 17:43:44 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/27:16:43:43;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-29 17:43:41 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-29 17:43:30 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-29 17:43:29 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-29 17:43:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-29 17:43:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:43:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:43:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:43:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:43:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:43:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-29 17:43:26 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/29 16:43" Information 2017-12-29 17:43:25 ESENT 916 General svchost (7340,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:43:24 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.69.85.202:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/29 16:43, 1, 1, 257856, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-29 17:43:21 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-29 17:43:18 ESENT 326 General "SearchIndexer (6844,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000A0:00A7:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.002600 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.045440 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:20K # 0K, P:20K) [4] 0.000553 +J(0) [5] - [6] - [7] 0.047157 -0.001549 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:104K # 0K, PF:516K # 0K, P:516K) [8] 0.001294 -0.000818 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.001010 -0.000648 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 0K, P:96K) [10] 0.000040 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-29 17:43:18 ESENT 105 General "SearchIndexer (6844,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 000000A0:0064:0000 - 000000A0:00A5:0000 - 00000000:0000:0000 - 000000A0:00A5:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.004435 +J(0) +M(C:0K, Fs:220, WS:864K # 864K, PF:5476K # 5476K, P:5476K) [2] 0.000917 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000067 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000229 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:236K # 236K, P:236K) [5] 0.006585 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.005689 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.005311 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] 0.099702 -0.018267 (12) CM +J(CM:12, PgRf:350, Rd:0/12, Dy:12/727, Lg:660671/4161) +M(C:0K, Fs:794, WS:2152K # 2152K, PF:1676K # 1676K, P:1676K) [9] - [10] 0.002129 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000231 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.159660 -0.000007 (12) CM +J(CM:12, PgRf:0, Rd:0/12, Dy:0/0, Lg:0/0) +M(C:0K, Fs:64, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.141168 -0.003656 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:307, WS:-1172K # 0K, PF:-1188K # 0K, P:-1188K) [14] 0.000033 +J(0) [15] 0.000051 +J(0) [16] 0.000604 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-29 17:43:18 ESENT 302 Logging/Recovery SearchIndexer (6844,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-29 17:43:18 ESENT 301 Logging/Recovery "SearchIndexer (6844,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-29 17:43:18 ESENT 300 Logging/Recovery SearchIndexer (6844,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-29 17:43:18 ESENT 916 General SearchIndexer (6844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:43:18 ESENT 102 General SearchIndexer (6844,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-29 17:43:18 TV Server 0 None Service started successfully. Information 2017-12-29 17:43:18 ESENT 916 General taskhostw (5124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:43:13 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-29 17:43:13 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 257856)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-29 17:43:11 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-29 17:43:04 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-29 17:42:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 17:42:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 17:42:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 17:42:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 17:42:59 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-29 17:42:56 ESENT 916 General svchost (3668,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:42:53 ESENT 916 General taskhostw (5124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:42:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-29 17:42:48 ESENT 916 General svchost (3124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:42:47 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-29 17:42:46 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-29 17:42:46 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-29 17:42:41 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:41 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:40 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:40 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:40 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:40 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:40 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 24926781 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:40 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:40 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 Service1 0 None Service started successfully. Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: The log sequence numbers 22321797 and 22321797 in ibdata files do not match the log sequence number 24926781 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:39 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-29 17:42:39 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-29 17:42:38 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-29 17:42:36 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-29 17:42:35 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-29 17:42:32 ESENT 916 General svchost (2044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:42:31 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-29 17:42:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-29 17:42:30 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-29 17:42:29 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-29 17:05:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 17:04:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 17:04:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 16:41:41 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 16:05:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 15:41:41 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 15:08:15 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 15:04:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 14:41:41 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 14:03:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 13:41:41 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 13:02:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 12:41:41 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 12:01:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 11:39:00 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 11:00:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 10:52:59 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER49CD.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5587.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER55B2.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5610.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_1a195dd0 Analysis symbol: Rechecking for solution: 0 Report Id: 15d99e94-9fd9-4221-96e0-9653c0da3af9 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-29 10:52:54 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x224 Faulting application start time: 0x01d3807afd046db1 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 15d99e94-9fd9-4221-96e0-9653c0da3af9 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-29 10:41:41 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 10:10:09 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 09:59:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 09:41:41 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 09:13:33 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 09:03:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T18:08:31Z. Reason: RulesEngine. Information 2017-12-29 09:02:09 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T18:09:09Z. Reason: RulesEngine. Information 2017-12-29 09:01:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 09:01:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-29 08:59:29 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-29 08:59:00 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 08:58:45 ESENT 916 General svchost (2300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 08:58:44 ESENT 916 General taskhostw (776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 08:58:38 ESENT 916 General svchost (2300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-29 08:58:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-29 08:58:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-29 08:58:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-29 08:58:30 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-29 08:58:30 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-29 08:58:28 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-29 08:58:28 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-29 08:58:28 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-28 21:54:37 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-28 21:54:36 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2017-12-28 21:54:36 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 29 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 660 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2552 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 1960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 6188 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 540 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2017-12-28 21:54:36 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 21:54:36 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-28 21:54:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-28 21:54:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-28 21:54:23 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-28 21:54:19 ESENT 916 General svchost (5840,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 21:54:19 ESENT 916 General DllHost (4848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 21:49:21 ESENT 916 General svchost (1052,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 21:31:36 ESENT 916 General svchost (1052,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 21:26:16 ESENT 916 General svchost (6188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 21:25:49 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-28 21:25:15 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 21:10:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 20:37:57 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 20:09:00 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:54:36 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE23.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD7AA.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD7C6.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD824.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_1a56df96 Analysis symbol: Rechecking for solution: 0 Report Id: 681dbfc2-54eb-4120-8039-d4e164875b15 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-28 19:54:31 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x98c Faulting application start time: 0x01d3800831e4f217 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 681dbfc2-54eb-4120-8039-d4e164875b15 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-28 19:37:56 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:19:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T18:08:21Z. Reason: RulesEngine. Information 2017-12-28 19:18:50 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-28 19:18:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-28 19:18:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:18:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:18:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:18:49 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:18:49 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:18:49 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:18:46 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/28 18:18" Information 2017-12-28 19:18:44 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.187.96.183:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/28 18:18, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-28 19:13:50 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T18:08:50Z. Reason: RulesEngine. Information 2017-12-28 19:11:16 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T18:09:16Z. Reason: RulesEngine. Information 2017-12-28 19:10:44 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-28 19:10:39 ESENT 916 General svchost (7072,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:09:51 ESENT 916 General svchost (3444,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:09:50 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-28 19:09:50 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T18:08:50Z. Reason: RulesEngine. Information 2017-12-28 19:09:20 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/26:18:09:19;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-28 19:09:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 19:09:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 19:09:06 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-28 19:09:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-28 19:09:00 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-28 19:09:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-28 19:09:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:08:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:08:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:08:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:08:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:08:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 19:08:56 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/28 18:08" Information 2017-12-28 19:08:54 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.127.156.214:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/28 18:08, 1, 1, 259068, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-28 19:08:51 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-28 19:08:49 ESENT 326 General "SearchIndexer (7184,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 000000A0:0065:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.009610 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.031133 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:88, WS:320K # 0K, PF:140K # 0K, P:140K) [4] 0.000560 +J(0) [5] - [6] - [7] 0.039968 -0.001593 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:55, WS:216K # 0K, PF:664K # 0K, P:664K) [8] 0.001251 -0.000772 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 12K, PF:256K # 144K, P:256K) [9] 0.000850 -0.000544 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 44K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-28 19:08:49 ESENT 105 General "SearchIndexer (7184,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002462 +J(0) +M(C:0K, Fs:178, WS:696K # 696K, PF:5472K # 5472K, P:5472K) [2] 0.000845 +J(0) +M(C:10240K, Fs:143, WS:572K # 572K, PF:388K # 388K, P:388K) [3] 0.000080 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000218 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.006235 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004603 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.004655 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.014851 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:26, WS:-928K # 88K, PF:-1012K # 12K, P:-1012K) [14] 0.000056 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000141 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000876 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-28 19:08:49 ESENT 916 General SearchIndexer (7184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:08:49 ESENT 102 General SearchIndexer (7184,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-28 19:08:44 TV Server 0 None Service started successfully. Information 2017-12-28 19:08:42 ESENT 916 General taskhostw (4248,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:08:40 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-28 19:08:39 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259068)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-28 19:08:36 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-28 19:08:31 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-28 19:08:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 19:08:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 19:08:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 19:08:23 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-28 19:08:21 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:08:18 ESENT 916 General svchost (2300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:08:08 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:08 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:07 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:07 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:07 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:07 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:07 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 22321797 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:07 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:07 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 Service1 0 None Service started successfully. Warning 2017-12-28 19:08:06 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:08:06 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-28 19:08:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-28 19:08:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-28 19:08:04 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-28 19:08:04 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-28 19:08:00 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-28 19:08:00 ESENT 916 General svchost (1804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:07:59 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-28 19:07:58 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-28 19:07:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-28 19:07:57 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-28 19:07:56 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-28 19:07:28 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-28 19:07:28 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:07:28 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:07:28 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:07:28 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 19:07:26 TV Server 0 None Service has been successfully shut down. Information 2017-12-28 19:07:25 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-28 19:07:25 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 652 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2464 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1032 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3920 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-28 19:07:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-28 19:07:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-28 19:07:21 ESENT 916 General svchost (8300,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 19:07:20 ESENT 916 General DllHost (1336,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 18:52:01 ESENT 916 General DllHost (1336,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 18:47:00 ESENT 916 General svchost (3904,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 18:45:30 ESENT 916 General svchost (1032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 18:41:47 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER90F3.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B17.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B42.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BA1.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_204aa331 Analysis symbol: Rechecking for solution: 0 Report Id: 90f04d14-63e3-4ed5-8cac-6ef9ef029846 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-28 18:41:42 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x1ae0 Faulting application start time: 0x01d37ff3140cdd74 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 90f04d14-63e3-4ed5-8cac-6ef9ef029846 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-28 18:17:02 ESENT 916 General svchost (1032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 17:47:00 ESENT 916 General svchost (3904,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 17:45:30 ESENT 916 General svchost (1032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:56:41 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T15:45:41Z. Reason: RulesEngine. Information 2017-12-28 16:56:11 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-28 16:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-28 16:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:56:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:56:08 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/28 15:56" Information 2017-12-28 16:56:07 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.115.101.191:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/28 15:56, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-28 16:55:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T15:46:19Z. Reason: RulesEngine. Information 2017-12-28 16:51:24 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T15:46:24Z. Reason: RulesEngine. Information 2017-12-28 16:48:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T15:46:38Z. Reason: RulesEngine. Information 2017-12-28 16:48:05 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-28 16:47:25 ESENT 916 General svchost (3952,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:47:10 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-28 16:47:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T15:46:10Z. Reason: RulesEngine. Information 2017-12-28 16:46:43 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-28 16:46:40 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/26:15:46:39;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-28 16:46:32 ESENT 916 General svchost (8460,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:46:24 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-28 16:46:24 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-28 16:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-28 16:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:46:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:46:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:46:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:46:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:46:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 16:46:20 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/28 15:46" Information 2017-12-28 16:46:20 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-28 16:46:20 ESENT 916 General svchost (2904,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:46:19 ESENT 326 General "SearchIndexer (7744,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000009F:00F3:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001063 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.021507 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:14, WS:-740K # 0K, PF:-740K # 0K, P:-740K) [4] 0.000536 +J(0) [5] - [6] - [7] 0.096092 -0.001860 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 0K, PF:524K # 0K, P:524K) [8] 0.001272 -0.000788 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:58, WS:232K # 0K, PF:224K # 0K, P:224K) [9] 0.001036 -0.000704 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:32K # 0K, P:32K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000107 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-28 16:46:19 ESENT 105 General "SearchIndexer (7744,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000009F:0093:0000 - 0000009F:00F1:0000 - 00000000:0000:0000 - 0000009F:00F1:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.003557 +J(0) +M(C:0K, Fs:221, WS:868K # 868K, PF:5476K # 5468K, P:5476K) [2] 0.001100 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000081 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000200 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:220K # 220K, P:220K) [5] 0.006098 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004426 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004256 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] 0.146028 -0.043905 (33) CM +J(CM:33, PgRf:932, Rd:0/33, Dy:33/2066, Lg:968874/6362) +M(C:0K, Fs:742, WS:2660K # 2660K, PF:2672K # 2672K, P:2672K) [9] - [10] 0.002006 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000128 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.129646 -0.000013 (33) CM +J(CM:33, PgRf:0, Rd:0/33, Dy:0/0, Lg:0/0) +M(C:0K, Fs:147, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.087616 -0.001099 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:311, WS:-1076K # 0K, PF:-1116K # 0K, P:-1116K) [14] 0.000032 +J(0) [15] 0.000053 +J(0) [16] 0.000664 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-28 16:46:19 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.137.109.57:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/28 15:46, 1, 1, 259084, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-28 16:46:19 ESENT 302 Logging/Recovery SearchIndexer (7744,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-28 16:46:19 ESENT 301 Logging/Recovery "SearchIndexer (7744,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-28 16:46:18 ESENT 300 Logging/Recovery SearchIndexer (7744,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-28 16:46:18 ESENT 916 General SearchIndexer (7744,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:46:18 ESENT 102 General SearchIndexer (7744,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-28 16:46:14 ESENT 916 General taskhostw (3544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:46:13 TV Server 0 None Service started successfully. Information 2017-12-28 16:46:08 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-28 16:46:08 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259085)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-28 16:46:06 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-28 16:46:04 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-28 16:46:01 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 16:46:01 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 16:46:01 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 16:46:00 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-28 16:45:59 ESENT 916 General svchost (2904,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:45:57 ESENT 916 General svchost (3904,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:45:43 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:43 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:42 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:42 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:42 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:42 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:42 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 22317384 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:42 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:42 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 Service1 0 None Service started successfully. Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: The log sequence numbers 22313077 and 22313077 in ibdata files do not match the log sequence number 22317384 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:41 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-28 16:45:40 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 16:45:40 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-28 16:45:39 ESENT 916 General taskhostw (3544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:45:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-28 16:45:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-28 16:45:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-28 16:45:36 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-28 16:45:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-28 16:45:33 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-28 16:45:31 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-28 16:45:31 ESENT 916 General svchost (1032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:45:28 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-28 16:45:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-28 16:45:29 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-28 16:42:00 ESENT 916 General svchost (3488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:39:39 ESENT 916 General svchost (1544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 16:10:26 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER31FB.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C0F.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C3A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3CA8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_231f489e Analysis symbol: Rechecking for solution: 0 Report Id: e1e20ad0-621c-4770-9a1c-0a0f96841ba2 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-28 16:10:20 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x1300 Faulting application start time: 0x01d37fe6e0eab670 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: e1e20ad0-621c-4770-9a1c-0a0f96841ba2 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-28 15:41:00 ESENT 916 General svchost (3488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 15:31:42 ESENT 916 General svchost (9052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 15:31:30 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-28 15:30:59 ESENT 916 General svchost (1544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 15:05:42 ESENT 916 General DllHost (8628,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 15:05:26 ESENT 916 General MicrosoftEdge (7648,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:54:53 ESENT 916 General svchost (1544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:50:45 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T13:40:45Z. Reason: RulesEngine. Information 2017-12-28 14:50:15 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-28 14:50:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-28 14:50:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:50:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:50:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:50:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:50:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:50:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:50:12 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/28 13:50" Information 2017-12-28 14:50:11 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.87.224.198:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/28 13:50, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-28 14:44:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T13:40:28Z. Reason: RulesEngine. Information 2017-12-28 14:43:40 ESENT 916 General svchost (8940,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:42:57 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T13:39:57Z. Reason: RulesEngine. Information 2017-12-28 14:42:25 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-28 14:41:25 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-28 14:41:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-27T13:40:25Z. Reason: RulesEngine. Information 2017-12-28 14:40:55 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/26:13:40:54;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-28 14:40:48 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Error 2017-12-28 14:40:35 Microsoft-Windows-Perflib 1023 None Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error 2017-12-28 14:40:35 Microsoft-Windows-Perflib 1008 None "The Open Procedure for service ""BITS"" in DLL ""C:\Windows\System32\bitsperf.dll"" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code." Information 2017-12-28 14:40:34 ESENT 916 General svchost (3356,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:40:30 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-28 14:40:28 ESENT 326 General "SearchIndexer (7280,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000009F:0094:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.002731 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.023111 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000543 +J(0) [5] - [6] - [7] 0.049591 -0.001592 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:212K # 0K, PF:660K # 0K, P:660K) [8] 0.001344 -0.000785 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000840 -0.000537 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-28 14:40:27 ESENT 105 General "SearchIndexer (7280,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.003428 +J(0) +M(C:0K, Fs:220, WS:860K # 860K, PF:5480K # 5472K, P:5480K) [2] 0.000639 +J(0) +M(C:10240K, Fs:104, WS:416K # 416K, PF:388K # 388K, P:388K) [3] 0.000052 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000359 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005924 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.004377 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.004549 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.005373 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000033 +J(0) [15] 0.000104 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000641 +J(0) +M(C:0K, Fs:4, WS:8K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-28 14:40:27 ESENT 916 General SearchIndexer (7280,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:40:27 ESENT 102 General SearchIndexer (7280,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-28 14:40:25 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-28 14:40:25 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-28 14:40:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-28 14:40:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:40:24 TV Server 0 None Service started successfully. Information 2017-12-28 14:40:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:40:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:40:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:40:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:40:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-28 14:40:20 ESENT 916 General taskhostw (4844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:40:20 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/28 13:40" Information 2017-12-28 14:40:17 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.19.119.243:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/28 13:40, 1, 1, 257956, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-28 14:40:11 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-28 14:40:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 257957)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-28 14:40:10 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-28 14:40:08 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-28 14:40:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 14:40:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 14:40:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 14:40:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 14:40:03 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-28 14:40:01 ESENT 916 General svchost (3488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:39:57 ESENT 916 General svchost (2416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:39:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-28 14:39:47 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 22313077 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:47 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 Service1 0 None Service started successfully. Warning 2017-12-28 14:39:46 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-28 14:39:45 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-28 14:39:45 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-28 14:39:45 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-28 14:39:40 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-28 14:39:39 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-28 14:39:40 ESENT 916 General svchost (1544,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:39:40 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-28 14:39:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-28 14:39:38 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-28 14:39:36 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-28 14:39:08 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-28 14:39:08 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:08 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:08 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:08 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-28 14:39:06 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 2308 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2480 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 8068 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children " Information 2017-12-28 14:39:06 TV Server 0 None Service has been successfully shut down. Information 2017-12-28 14:39:06 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-28 14:39:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2017-12-28 14:39:05 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-28 14:17:48 ESENT 916 General svchost (1752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 14:07:00 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 13:06:00 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 12:05:56 ESENT 916 General svchost (1752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 12:05:00 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 12:04:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 12:04:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 11:04:00 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 10:03:00 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 09:48:36 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-28 09:45:37 ESENT 326 General "svchost (7372,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000003:000B:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001828 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.019317 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K) [4] 0.014547 +J(0) [5] - [6] - [7] 0.002350 -0.001287 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:21, WS:84K # 56K, PF:112K # 88K, P:112K) [8] 0.000956 -0.000525 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.000741 -0.000423 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000046 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000114 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-28 09:45:37 ESENT 105 General "svchost (7372,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000003:0006:0000 - 00000003:0009:0000 - 00000000:0000:0000 - 00000003:0009:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.005660 +J(0) +M(C:0K, Fs:171, WS:680K # 680K, PF:3408K # 3412K, P:3408K) [2] 0.000588 +J(0) +M(C:8K, Fs:89, WS:348K # 348K, PF:304K # 300K, P:304K) [3] 0.000029 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000233 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:164K # 164K, P:164K) [5] 0.007626 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.006986 +J(0) +M(C:0K, Fs:31, WS:120K # 120K, PF:24K # 24K, P:24K) [7] 0.006010 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.046861 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:32448/20) +M(C:0K, Fs:133, WS:312K # 312K, PF:220K # 224K, P:220K) [9] - [10] 0.001367 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000054 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002745 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.078607 -0.000867 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:58, WS:104K # 128K, PF:224K # 228K, P:224K) [14] 0.000033 +J(0) [15] 0.000071 +J(0) [16] 0.002200 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-28 09:45:37 ESENT 302 Logging/Recovery svchost (7372,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-28 09:45:37 ESENT 301 Logging/Recovery "svchost (7372,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2017-12-28 09:45:37 ESENT 300 Logging/Recovery svchost (7372,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-28 09:45:37 ESENT 916 General svchost (7372,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 09:45:37 ESENT 102 General svchost (7372,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-28 09:45:36 ESENT 916 General svchost (1752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 09:03:50 ESENT 916 General svchost (1752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 09:02:00 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 08:06:15 ESENT 916 General svchost (7128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 08:06:03 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-28 08:04:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:04:42Z. Reason: RulesEngine. Information 2017-12-28 08:02:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 08:02:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-28 08:02:07 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-28 08:01:40 ESENT 916 General svchost (1752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 08:01:32 ESENT 916 General svchost (3076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 08:01:22 ESENT 916 General taskhostw (1824,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 08:01:20 ESENT 916 General svchost (3076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-28 08:01:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-28 08:01:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-28 08:01:09 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-28 08:01:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-28 08:01:08 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-28 08:01:07 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-28 08:01:06 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-28 08:01:06 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-27 18:19:14 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-27 18:19:13 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 4508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 4508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8236 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8236 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8236 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2017-12-27 18:19:12 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 672 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2480 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 8332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 536 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1752 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3248 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5016 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2017-12-27 18:19:13 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 18:19:13 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-27 18:19:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-27 18:19:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-27 18:19:10 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-27 18:19:06 ESENT 916 General svchost (7176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 18:19:06 ESENT 916 General DllHost (1424,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 18:18:43 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8721.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER931A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9345.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER93C3.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_07be9ba1 Analysis symbol: Rechecking for solution: 0 Report Id: 5edaec1c-f32c-472e-bb9e-4c5faf088ed2 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-27 18:18:37 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x2200 Faulting application start time: 0x01d37f355c90d9ee Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 5edaec1c-f32c-472e-bb9e-4c5faf088ed2 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-27 17:56:46 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:04:46Z. Reason: RulesEngine. Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:56:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:56:13 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/27 16:56" Information 2017-12-27 17:56:11 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.165.237.143:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/27 16:56, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-27 17:51:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:05:21Z. Reason: RulesEngine. Information 2017-12-27 17:48:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:05:31Z. Reason: RulesEngine. Information 2017-12-27 17:47:58 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-27 17:47:23 ESENT 916 General svchost (3232,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 17:46:55 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-27 17:46:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:04:55Z. Reason: RulesEngine. Information 2017-12-27 17:46:39 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-27 17:46:26 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-27 17:46:26 ESENT 326 General "SearchIndexer (7472,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000009F:0026:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001455 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.051515 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:15, WS:28K # 0K, PF:20K # 0K, P:20K) [4] 0.000749 +J(0) [5] - [6] - [7] 0.031582 -0.002221 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:17, WS:68K # 0K, PF:512K # 0K, P:512K) [8] 0.001313 -0.000842 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:61, WS:240K # 0K, PF:228K # 0K, P:228K) [9] 0.000927 -0.000599 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000109 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-27 17:46:26 ESENT 105 General "SearchIndexer (7472,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000009E:00F6:0000 - 0000009F:0001:0000 - 0000009F:0024:0000 - 0000009F:0024:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.003820 +J(0) +M(C:0K, Fs:185, WS:732K # 732K, PF:5468K # 5468K, P:5468K) [2] 0.000724 +J(0) +M(C:10240K, Fs:128, WS:504K # 504K, PF:388K # 388K, P:388K) [3] 0.000041 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.001050 +J(0) +M(C:0K, Fs:27, WS:108K # 108K, PF:228K # 228K, P:228K) [5] 0.043350 +J(0) +M(C:0K, Fs:58, WS:232K # 232K, PF:32K # 32K, P:32K) [6] 0.012561 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.012038 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1040K # 1040K, P:1040K) [8] 0.103381 -0.004096 (3) CM +J(CM:3, PgRf:21, Rd:9/3, Dy:3/39, Lg:1021236/6843) +M(C:0K, Fs:652, WS:1520K # 1524K, PF:1744K # 1744K, P:1744K) + 1 lgens [9] 0.034086 -0.000152 (9) CM +J(CM:9, PgRf:305, Rd:0/9, Dy:9/601, Lg:141903/1089) +M(C:0K, Fs:115, WS:428K # 424K, PF:0K # 32K, P:0K) [10] 0.002465 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000078 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.043282 -0.000003 (12) CM +J(CM:12, PgRf:0, Rd:0/12, Dy:0/0, Lg:0/0) +M(C:0K, Fs:94, WS:16K # 0K, PF:8K # 0K, P:8K) [13] 0.132596 -0.002245 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:305, WS:-1188K # 0K, PF:-456K # 0K, P:-456K) [14] 0.000033 +J(0) [15] 0.000049 +J(0) [16] 0.001190 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-27 17:46:26 ESENT 302 Logging/Recovery SearchIndexer (7472,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-27 17:46:25 ESENT 301 Logging/Recovery "SearchIndexer (7472,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.090534 -0.004096 (3) CM +J(CM:3, PgRf:21, Rd:9/3, Dy:3/39, Lg:1021236/6843) +M(C:0K, Fs:391, WS:584K # 492K, PF:916K # 816K, P:916K)." Information 2017-12-27 17:46:25 ESENT 301 Logging/Recovery "SearchIndexer (7472,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0009E.jtx. Previous Log Processing Stats: " Information 2017-12-27 17:46:25 ESENT 300 Logging/Recovery SearchIndexer (7472,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-27 17:46:25 ESENT 916 General SearchIndexer (7472,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 17:46:25 ESENT 102 General SearchIndexer (7472,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-27 17:46:24 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-27 17:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-27 17:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:46:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:46:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 17:46:20 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/27 16:46" Information 2017-12-27 17:46:18 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.151.58.222:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/27 16:46, 1, 1, 259109, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-27 17:46:16 ESENT 916 General taskhostw (5264,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 17:46:12 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-27 17:46:12 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259109)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-27 17:46:10 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-27 17:46:09 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-27 17:46:08 TV Server 0 None Service started successfully. Information 2017-12-27 17:45:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 17:45:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 17:45:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 17:45:56 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-27 17:45:56 ESENT 916 General svchost (3076,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 17:45:50 ESENT 916 General taskhostw (5264,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 17:45:44 ESENT 916 General svchost (3260,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 17:45:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-27 17:45:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-27 17:45:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-27 17:45:42 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-27 17:45:39 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:39 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:38 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:38 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:38 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:38 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:38 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 22309195 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:38 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:38 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: The log sequence numbers 22305856 and 22305856 in ibdata files do not match the log sequence number 22309195 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:37 Service1 0 None Service started successfully. Warning 2017-12-27 17:45:37 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 17:45:36 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-27 17:45:34 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-27 17:45:33 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-27 17:45:30 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-27 17:45:31 ESENT 916 General svchost (1752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 17:45:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-27 17:45:28 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-27 17:45:28 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-27 17:05:00 ESENT 916 General svchost (3316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:57:14 ESENT 916 General svchost (3316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:56:57 ESENT 326 General "Music.UI (2016,D,50) {7CCCC26A-4758-4D3A-80CE-8423F609D248}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0074:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001386 +J(0) +M(C:0K, Fs:21, WS:20K # 0K, PF:16K # 0K, P:16K) [3] 0.017574 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:196, WS:768K # 0K, PF:108K # 0K, P:108K) [4] 0.000689 +J(0) [5] - [6] - [7] 0.002405 -0.001701 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:25, WS:96K # 0K, PF:148K # 0K, P:148K) [8] 0.000533 -0.000035 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:54, WS:208K # 0K, PF:204K # 0K, P:204K) [9] 0.000257 -0.000014 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 0K, PF:68K # 0K, P:68K) [10] 0.000025 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-27 16:56:57 ESENT 105 General "Music.UI (2016,D,0) {7CCCC26A-4758-4D3A-80CE-8423F609D248}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:006D:0000 - 00000001:0072:0000 - 00000000:0000:0000 - 00000001:0072:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.010487 +J(0) +M(C:0K, Fs:1081, WS:4280K # 4280K, PF:3228K # 3312K, P:3228K) [2] 0.000540 +J(0) +M(C:16K, Fs:93, WS:372K # 372K, PF:228K # 144K, P:228K) [3] 0.000036 +J(0) +M(C:0K, Fs:2, WS:12K # 12K, PF:64K # 64K, P:64K) [4] 0.000287 +J(0) +M(C:112K, Fs:31, WS:116K # 116K, PF:148K # 148K, P:148K) [5] 0.008717 +J(0) +M(C:0K, Fs:289, WS:1148K # 1148K, PF:344K # 344K, P:344K) [6] 0.010450 +J(0) +M(C:0K, Fs:339, WS:1304K # 1336K, PF:816K # 816K, P:816K) [7] 0.012397 +J(0) +M(C:0K, Fs:1148, WS:4540K # 4508K, PF:3364K # 3364K, P:3364K) [8] 0.040401 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:20280/11) +M(C:0K, Fs:1163, WS:4292K # 4292K, PF:1580K # 1588K, P:1580K) [9] - [10] 0.004151 +J(0) +M(C:0K, Fs:15, WS:-1984K # 32K, PF:-2016K # 12K, P:-2016K) [11] 0.000060 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002425 +J(0) +M(C:0K, Fs:14, WS:56K # 0K, PF:32K # 0K, P:32K) [13] 0.071310 -0.001710 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:880, WS:1140K # 1184K, PF:88K # 136K, P:88K) [14] 0.000028 +J(0) [15] 0.000028 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K) [16] 0.000789 +J(0) +M(C:0K, Fs:11, WS:36K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-27 16:56:57 ESENT 302 Logging/Recovery Music.UI (2016,U,0) {7CCCC26A-4758-4D3A-80CE-8423F609D248}: The database engine has successfully completed recovery steps. Information 2017-12-27 16:56:57 ESENT 301 Logging/Recovery "Music.UI (2016,R,0) {7CCCC26A-4758-4D3A-80CE-8423F609D248}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2017-12-27 16:56:57 ESENT 300 Logging/Recovery Music.UI (2016,R,0) {7CCCC26A-4758-4D3A-80CE-8423F609D248}: The database engine is initiating recovery steps. Information 2017-12-27 16:56:57 ESENT 916 General Music.UI (2016,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:56:57 ESENT 102 General Music.UI (2016,P,0) {7CCCC26A-4758-4D3A-80CE-8423F609D248}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-27 16:56:46 ESENT 916 General svchost (8500,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:56:32 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-27 16:55:30 ESENT 916 General svchost (2024,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:41:24 ESENT 916 General svchost (2024,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:15:32 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:05:32Z. Reason: RulesEngine. Information 2017-12-27 16:15:02 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-27 16:15:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-27 16:15:01 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:15:01 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:15:01 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:15:01 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:15:01 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:15:01 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:14:59 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/27 15:14" Information 2017-12-27 16:14:58 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.33.244.63:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/27 15:14, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-27 16:14:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:05:10Z. Reason: RulesEngine. Information 2017-12-27 16:13:23 ESENT 916 General svchost (5488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:10:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:05:14Z. Reason: RulesEngine. Information 2017-12-27 16:07:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:05:28Z. Reason: RulesEngine. Information 2017-12-27 16:06:56 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-27 16:06:54 ESENT 916 General svchost (1020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:06:21 ESENT 916 General svchost (4064,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:06:04 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-27 16:06:04 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-26T15:05:04Z. Reason: RulesEngine. Information 2017-12-27 16:05:34 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/25:15:05:33;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-27 16:05:30 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-27 16:05:16 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-27 16:05:15 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-27 16:05:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-27 16:05:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:05:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:05:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:05:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:05:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:05:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-27 16:05:12 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/27 15:05" Information 2017-12-27 16:05:11 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.222.56.33:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/27 15:05, 1, 1, 258234, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-27 16:05:06 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-27 16:05:05 ESENT 326 General "SearchIndexer (7320,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000009E:00F7:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.003824 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.022743 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:47, WS:144K # 0K, PF:152K # 0K, P:152K) [4] 0.000756 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.033826 -0.002022 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:200K # 0K, PF:644K # 0K, P:644K) [8] 0.001504 -0.000868 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 116K, P:256K) [9] 0.001106 -0.000780 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-27 16:05:05 ESENT 105 General "SearchIndexer (7320,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.008233 +J(0) +M(C:0K, Fs:253, WS:996K # 996K, PF:5496K # 5496K, P:5496K) [2] 0.000947 +J(0) +M(C:10240K, Fs:101, WS:404K # 404K, PF:380K # 380K, P:380K) [3] 0.000064 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000208 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.008784 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004911 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.005362 +J(0) +M(C:0K, Fs:276, WS:1100K # 1100K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.006334 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1024K # 12K, P:-1024K) [14] 0.000030 +J(0) [15] 0.000113 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000757 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-27 16:05:05 ESENT 916 General SearchIndexer (7320,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:05:05 ESENT 102 General SearchIndexer (7320,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-27 16:05:02 ESENT 916 General taskhostw (3664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:05:01 TV Server 0 None Service started successfully. Information 2017-12-27 16:04:58 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-27 16:04:58 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258235)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-27 16:04:56 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-27 16:04:54 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-27 16:04:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 16:04:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 16:04:48 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 16:04:48 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-27 16:04:47 ESENT 916 General svchost (3424,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:04:46 ESENT 916 General svchost (3316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:04:32 Service1 0 None Service started successfully. Information 2017-12-27 16:04:32 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:32 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:31 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:31 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:31 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:31 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:31 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 22305856 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:31 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:31 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:30 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-27 16:04:30 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-27 16:04:29 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-27 16:04:27 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-27 16:04:27 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-27 16:04:26 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-27 16:04:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-27 16:04:22 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-27 16:04:22 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-27 16:04:22 ESENT 916 General svchost (2024,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 16:04:22 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-27 16:04:19 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-27 16:04:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-27 16:04:20 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-27 16:03:52 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-27 16:03:49 TV Server 0 None Service has been successfully shut down. Information 2017-12-27 16:03:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-27 16:03:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 6696 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 4316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 7932 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-27 16:03:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-27 16:03:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2017-12-27 16:03:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-27 15:46:07 ESENT 916 General svchost (2056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:36:27 ESENT 916 General svchost (452,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:29:29 ESENT 916 General DllHost (6372,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:28:53 ESENT 916 General MicrosoftEdge (2376,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:24:18 ESENT 916 General svchost (2056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:13:24 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 15:13:24 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-27 15:13:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T21:14:59Z. Reason: RulesEngine. Information 2017-12-27 15:10:14 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-27 15:09:55 ESENT 916 General svchost (2056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:09:32 ESENT 916 General taskhostw (7128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:09:28 ESENT 916 General svchost (2312,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 15:09:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-27 15:09:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-27 15:09:17 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-27 15:09:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-27 15:09:13 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-27 15:09:13 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-27 15:09:13 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-27 15:09:13 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-27 00:37:32 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-27 00:37:30 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2017-12-27 00:37:30 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 34 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 656 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 4316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 536 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2460 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-27 00:37:31 ESENT 916 General svchost (3352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 00:37:30 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-27 00:37:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-27 00:37:30 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-27 00:37:28 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-27 00:37:23 ESENT 916 General svchost (4368,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-27 00:35:42 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B11.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5719.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5734.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER57C2.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_1f215f81 Analysis symbol: Rechecking for solution: 0 Report Id: 7ed21aad-0845-41da-9b89-6b23669fb2d4 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-27 00:35:36 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x2a4 Faulting application start time: 0x01d37e95da0c9101 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 7ed21aad-0845-41da-9b89-6b23669fb2d4 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-27 00:17:00 ESENT 916 General svchost (3352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 23:59:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T21:15:42Z. Reason: RulesEngine. Information 2017-12-26 23:59:11 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-26 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-26 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 23:59:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 23:59:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 23:59:08 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/26 22:59" Information 2017-12-26 23:59:07 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.137.97.57:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/26 22:59, 1, 1, 259107, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-26 23:44:34 ESENT 916 General svchost (2056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 23:16:00 ESENT 916 General svchost (3352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:44:33 ESENT 916 General svchost (2056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:37:21 ESENT 916 General DllHost (8040,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:36:55 ESENT 916 General MicrosoftEdge (8908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:25:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T21:15:43Z. Reason: RulesEngine. Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:25:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:25:10 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/26 21:25" Information 2017-12-26 22:25:09 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.61.123.154:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/26 21:25, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-26 22:20:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T21:15:28Z. Reason: RulesEngine. Information 2017-12-26 22:17:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T21:15:40Z. Reason: RulesEngine. Information 2017-12-26 22:17:07 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-26 22:17:06 ESENT 916 General svchost (8576,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:16:29 ESENT 916 General svchost (3328,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:16:14 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-26 22:16:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T21:15:14Z. Reason: RulesEngine. Information 2017-12-26 22:15:44 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-26 22:15:44 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/24:21:15:43;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-26 22:15:25 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-26 22:15:24 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-26 22:15:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-26 22:15:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:15:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:15:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:15:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:15:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:15:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 22:15:23 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-26 22:15:21 ESENT 326 General "SearchIndexer (7316,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000099:003A:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.002452 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.028440 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000537 +J(0) [5] - [6] - [7] 0.025807 -0.001648 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001302 -0.000826 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000936 -0.000590 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000038 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-26 22:15:21 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/26 21:15" Information 2017-12-26 22:15:21 ESENT 105 General "SearchIndexer (7316,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.007068 +J(0) +M(C:0K, Fs:218, WS:852K # 852K, PF:5476K # 5476K, P:5476K) [2] 0.000668 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.002206 +J(0) +M(C:0K, Fs:18, WS:64K # 64K, PF:76K # 76K, P:76K) [4] 0.000258 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:220K # 220K, P:220K) [5] 0.005932 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:20K # 20K, P:20K) [6] 0.023070 +J(0) +M(C:0K, Fs:75, WS:296K # 296K, PF:76K # 76K, P:76K) [7] 0.011944 +J(0) +M(C:0K, Fs:277, WS:1108K # 1108K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.005512 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000049 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000103 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.005824 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-26 22:15:21 ESENT 916 General SearchIndexer (7316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:15:21 ESENT 102 General SearchIndexer (7316,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-26 22:15:19 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.170.58.158:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/26 21:15, 1, 1, 258629, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-26 22:15:15 ESENT 916 General taskhostw (4248,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:15:14 TV Server 0 None Service started successfully. Information 2017-12-26 22:15:10 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-26 22:15:10 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258629)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-26 22:15:07 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-26 22:15:06 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-26 22:14:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 22:14:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 22:14:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 22:14:59 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-26 22:14:56 ESENT 916 General svchost (3352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:14:56 ESENT 916 General svchost (2312,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:14:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-26 22:14:43 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 22302042 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:43 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 Service1 0 None Service started successfully. Information 2017-12-26 22:14:42 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:42 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-26 22:14:42 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:41 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-26 22:14:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-26 22:14:41 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-26 22:14:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-26 22:14:36 ESENT 916 General svchost (2056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:14:36 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-26 22:14:35 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-26 22:14:35 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-26 22:14:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-26 22:14:34 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-26 22:14:32 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-26 22:14:03 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-26 22:14:02 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:02 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:02 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 22:14:00 TV Server 0 None Service has been successfully shut down. Information 2017-12-26 22:14:00 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed " Information 2017-12-26 22:14:00 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 26 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 664 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 836 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 836 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 836 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1664 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2500 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-26 22:14:00 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-26 22:13:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-26 22:13:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-26 22:09:27 ESENT 916 General svchost (8720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 22:09:12 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎26T21:09:12.453366700Z. Information 2017-12-26 22:09:12 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎26T21:09:12.453366700Z. Information 2017-12-26 22:04:15 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎26T21:04:15.001859200Z. Information 2017-12-26 22:04:15 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎26T21:04:15.001859200Z. Information 2017-12-26 22:03:53 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎26T21:03:53.253716500Z. Information 2017-12-26 22:03:53 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎26T21:03:53.253716500Z. Information 2017-12-26 22:00:42 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎26T21:00:42.751530200Z. Information 2017-12-26 22:00:42 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎26T21:00:42.751530200Z. Information 2017-12-26 21:59:02 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎26T20:59:02.423440600Z. Information 2017-12-26 21:59:02 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎26T20:59:02.423440600Z. Information 2017-12-26 21:51:45 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 21:42:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 21:16:12 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-26 21:13:16 ESENT 326 General "svchost (340,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000003:0007:0268 Internal Timing Sequence: [1] 0.000014 +J(0) [2] 0.004658 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.039528 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:40K # 0K, P:40K) [4] 0.009396 +J(0) [5] - [6] - [7] 0.002471 -0.001532 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 44K, PF:60K # 40K, P:60K) [8] 0.001447 -0.000878 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 120K, PF:200K # 196K, P:200K) [9] 0.000916 -0.000515 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000048 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000124 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-26 21:13:15 ESENT 105 General "svchost (340,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000003:0002:0000 - 00000003:0005:0000 - 00000000:0000:0000 - 00000003:0005:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.031734 +J(0) +M(C:0K, Fs:175, WS:688K # 688K, PF:3416K # 3420K, P:3416K) [2] 0.000615 +J(0) +M(C:8K, Fs:87, WS:344K # 344K, PF:300K # 296K, P:300K) [3] 0.000032 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000204 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.008139 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.008496 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.027167 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.063088 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:16224/10) +M(C:0K, Fs:119, WS:324K # 324K, PF:280K # 280K, P:280K) [9] - [10] 0.001669 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000074 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002219 +J(0) +M(C:0K, Fs:6, WS:24K # 0K, PF:4K # 0K, P:4K) [13] 0.102120 -0.001033 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:50, WS:80K # 124K, PF:160K # 172K, P:160K) [14] 0.000042 +J(0) [15] 0.000040 +J(0) [16] 0.001072 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-26 21:13:15 ESENT 302 Logging/Recovery svchost (340,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-26 21:13:15 ESENT 301 Logging/Recovery "svchost (340,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2017-12-26 21:13:15 ESENT 300 Logging/Recovery svchost (340,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-26 21:13:15 ESENT 916 General svchost (340,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 21:13:15 ESENT 102 General svchost (340,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-26 21:13:11 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2017-12-26 21:02:05 Application Hang 1002 (101) "The program kodi.exe version 17.3.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 196c Start Time: 01d37e843ba80216 Termination Time: 116 Application Path: D:\Kodi MQ\App\kodi.exe Report Id: a71513b8-738a-452f-9cd8-203aa1d4442a Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 21:02:04 Windows Error Reporting 1001 None "Fault bucket 129459363344, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.3.0.0 P3: 5925f940 P4: e8f9 P5: 134217729 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF14.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF31.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCFAF.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERF0D5.tmp.appcompat.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_kodi.exe_d630e26bc5222e9a1353fb39a61d4a8c243290_b9ea6c60_10b9fe4f Analysis symbol: Rechecking for solution: 0 Report Id: a71513b8-738a-452f-9cd8-203aa1d4442a Report Status: 268435456 Hashed bucket: 5d3ab093f1fcf7feaff4b2993ea72970" Information 2017-12-26 20:48:14 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 20:41:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 19:50:30 ESENT 326 General "Music.UI (1088,D,50) {D362C49D-8E73-49F3-86A0-EF43A4FA30AE}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:006E:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001180 +J(0) +M(C:0K, Fs:21, WS:20K # 0K, PF:8K # 0K, P:8K) [3] 0.040208 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:36K # 0K, PF:52K # 0K, P:52K) [4] 0.001863 +J(0) [5] - [6] - [7] 0.002028 -0.001467 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:28K # 0K, PF:132K # 0K, P:132K) [8] 0.000549 -0.000030 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:33, WS:124K # 0K, PF:208K # 0K, P:208K) [9] 0.000194 -0.000007 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:4K # 0K, PF:64K # 0K, P:64K) [10] 0.000024 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000101 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-26 19:50:30 ESENT 105 General "Music.UI (1088,D,0) {D362C49D-8E73-49F3-86A0-EF43A4FA30AE}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0061:0000 - 00000001:006C:0000 - 00000000:0000:0000 - 00000001:006C:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.008605 +J(0) +M(C:0K, Fs:362, WS:1412K # 1412K, PF:2956K # 2960K, P:2956K) [2] 0.009270 +J(0) +M(C:16K, Fs:532, WS:2096K # 2096K, PF:1000K # 996K, P:1000K) [3] 0.000057 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000545 +J(0) +M(C:112K, Fs:30, WS:120K # 120K, PF:404K # 404K, P:404K) [5] 0.008112 +J(0) +M(C:0K, Fs:307, WS:1200K # 1200K, PF:236K # 236K, P:236K) [6] 0.063755 +J(0) +M(C:0K, Fs:1007, WS:3984K # 3984K, PF:1248K # 1248K, P:1248K) [7] 0.101972 +J(0) +M(C:0K, Fs:2382, WS:9416K # 9416K, PF:4596K # 4624K, P:4596K) [8] 0.118126 -0.027279 (22) CM +J(CM:22, PgRf:39, Rd:0/22, Dy:12/32, Lg:44616/135) +M(C:16K, Fs:454, WS:1416K # 1416K, PF:632K # 604K, P:632K) [9] - [10] 0.006377 +J(0) +M(C:0K, Fs:64, WS:-1788K # 36K, PF:-2036K # 8K, P:-2036K) [11] 0.000107 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.008980 -0.000007 (10) CM +J(CM:10, PgRf:0, Rd:0/10, Dy:0/0, Lg:0/0) +M(C:0K, Fs:18, WS:16K # 0K, PF:0K # 0K, P:0K) [13] 0.069577 -0.000148 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:857, WS:684K # 936K, PF:-236K # 0K, P:-236K) [14] 0.000035 +J(0) [15] 0.000036 +J(0) [16] 0.001002 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-26 19:50:30 ESENT 302 Logging/Recovery Music.UI (1088,U,0) {D362C49D-8E73-49F3-86A0-EF43A4FA30AE}: The database engine has successfully completed recovery steps. Information 2017-12-26 19:50:30 ESENT 301 Logging/Recovery "Music.UI (1088,R,0) {D362C49D-8E73-49F3-86A0-EF43A4FA30AE}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2017-12-26 19:50:30 ESENT 300 Logging/Recovery Music.UI (1088,R,0) {D362C49D-8E73-49F3-86A0-EF43A4FA30AE}: The database engine is initiating recovery steps. Information 2017-12-26 19:50:30 ESENT 916 General Music.UI (1088,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 19:50:30 ESENT 102 General Music.UI (1088,P,0) {D362C49D-8E73-49F3-86A0-EF43A4FA30AE}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-26 19:48:16 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 19:40:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 19:12:12 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5BCE.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FB8.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FD3.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6032.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_1a196765 Analysis symbol: Rechecking for solution: 0 Report Id: bc694445-1fe3-4d09-8678-a07c4577f1ef Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-26 19:12:09 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x1734 Faulting application start time: 0x01d37e6c2a2b75a6 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: bc694445-1fe3-4d09-8678-a07c4577f1ef Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 18:48:14 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 18:39:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 18:08:19 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFA3.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3BC.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3E7.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE446.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_20aeebb7 Analysis symbol: Rechecking for solution: 0 Report Id: 0d09d660-4ab3-40fa-b7f0-e0ef67c60f70 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-26 18:08:16 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0xfa8 Faulting application start time: 0x01d37e6178d6aec7 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 0d09d660-4ab3-40fa-b7f0-e0ef67c60f70 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 17:48:14 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 17:38:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 16:51:53 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC912.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCED.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD08.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD67.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_0e28f001 Analysis symbol: Rechecking for solution: 0 Report Id: 9e33faf8-248f-4540-8a41-a6d31e511341 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-26 16:51:43 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x223c Faulting application start time: 0x01d37e6075055cae Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 9e33faf8-248f-4540-8a41-a6d31e511341 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 16:38:14 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 16:37:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 16:34:37 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 16:34:37 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 16:02:20 ESENT 916 General DllHost (8940,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 16:01:47 ESENT 916 General MicrosoftEdge (8964,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 15:42:14 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 15:36:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2017-12-26 15:27:03 Application Hang 1002 (101) "The program SetupTv.exe version 1.18.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 16d4 Start Time: 01d37e5340c69f0a Termination Time: 86 Application Path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Report Id: 007108a8-119a-4638-a396-622c3be087da Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 15:27:03 Windows Error Reporting 1001 None "Fault bucket 2092710803105783927, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: 1ee3 P5: 134217984 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FB5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FD4.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3043.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER3C97.tmp.appcompat.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SetupTv.exe_4e19d19d8a806b1c3494a1f18fe276b8124a50_acb3f77f_19d74427 Analysis symbol: Rechecking for solution: 0 Report Id: 007108a8-119a-4638-a396-622c3be087da Report Status: 268435456 Hashed bucket: 6951e96d869199713d0acd6344be2077" Information 2017-12-26 15:09:35 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 14:57:51 ESENT 916 General svchost (6604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 14:44:42 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 14:43:59 ESENT 916 General svchost (8540,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 14:43:47 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-26 14:43:32 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 14:37:43 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1014.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER14C9.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER14E5.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1534.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_0fee1c57 Analysis symbol: Rechecking for solution: 0 Report Id: 9d2ba886-aded-447e-a241-eae9f6632652 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-26 14:37:40 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x10e4 Faulting application start time: 0x01d37e4a0085955c Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 9d2ba886-aded-447e-a241-eae9f6632652 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 14:35:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 13:53:43 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8A0E.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER955B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9586.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER95D5.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_20f9d2fc Analysis symbol: Rechecking for solution: 0 Report Id: cdff7ff5-52b1-4332-8222-9198f7f07233 Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-26 13:53:24 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x854 Faulting application start time: 0x01d37e3de3b02a79 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: cdff7ff5-52b1-4332-8222-9198f7f07233 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 13:48:15 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 13:34:00 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:44:29 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T11:33:28Z. Reason: RulesEngine. Information 2017-12-26 12:43:58 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-26 12:43:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-26 12:43:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:43:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:43:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:43:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:43:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:43:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:43:55 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/26 11:43" Information 2017-12-26 12:43:54 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.252.226.95:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/26 11:43, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-26 12:39:08 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T11:34:08Z. Reason: RulesEngine. Information 2017-12-26 12:36:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T11:34:10Z. Reason: RulesEngine. Information 2017-12-26 12:35:39 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-26 12:35:38 ESENT 916 General svchost (8644,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:34:54 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-26 12:34:54 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T11:33:54Z. Reason: RulesEngine. Information 2017-12-26 12:34:26 ESENT 916 General svchost (3632,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:34:25 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-26 12:34:24 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/24:11:34:23;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-26 12:34:07 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-26 12:34:06 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-26 12:34:06 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-26 12:34:06 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:34:06 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:34:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:34:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:34:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:34:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 12:34:02 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/26 11:34" Information 2017-12-26 12:34:01 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.29.176.136:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/26 11:34, 1, 1, 259081, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-26 12:33:59 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-26 12:33:59 ESENT 326 General "SearchIndexer (7184,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000084:006A:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.019517 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.024309 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:128K # 0K, PF:152K # 0K, P:152K) [4] 0.000476 +J(0) [5] - [6] - [7] 0.052217 -0.001455 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:204K # 0K, PF:640K # 0K, P:640K) [8] 0.001465 -0.000989 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 120K, P:260K) [9] 0.000933 -0.000608 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000111 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-26 12:33:59 ESENT 105 General "SearchIndexer (7184,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002309 +J(0) +M(C:0K, Fs:176, WS:688K # 688K, PF:5472K # 5472K, P:5472K) [2] 0.000757 +J(0) +M(C:10240K, Fs:144, WS:576K # 576K, PF:392K # 392K, P:392K) [3] 0.000062 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000208 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.004771 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.017557 +J(0) +M(C:0K, Fs:56, WS:220K # 220K, PF:48K # 48K, P:48K) [7] 0.041854 +J(0) +M(C:0K, Fs:316, WS:1264K # 1264K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.007079 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-996K # 20K, PF:-1020K # 16K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000103 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000545 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-26 12:33:58 ESENT 916 General SearchIndexer (7184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:33:58 ESENT 102 General SearchIndexer (7184,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-26 12:33:55 ESENT 916 General taskhostw (3412,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:33:53 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-26 12:33:52 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259082)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-26 12:33:51 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-26 12:33:50 TV Server 0 None Service started successfully. Information 2017-12-26 12:33:49 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-26 12:33:44 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 12:33:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 12:33:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 12:33:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 12:33:43 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-26 12:33:38 ESENT 916 General svchost (3652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:33:33 ESENT 916 General svchost (3308,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:33:25 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:25 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 15763938 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 Service1 0 None Service started successfully. Information 2017-12-26 12:33:24 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:24 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:23 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:23 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:23 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:23 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:23 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:23 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-26 12:33:23 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:33:23 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-26 12:33:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-26 12:33:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-26 12:33:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-26 12:33:21 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-26 12:33:18 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-26 12:33:17 ESENT 916 General svchost (1664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:33:17 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-26 12:33:16 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-26 12:33:14 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-26 12:33:15 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-26 12:33:15 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-26 12:32:47 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-26 12:32:47 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:32:47 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:32:47 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:32:47 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 12:32:45 TV Server 0 None Service has been successfully shut down. Information 2017-12-26 12:32:44 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 672 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2412 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 536 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 540 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-26 12:32:44 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-26 12:32:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-26 12:32:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-26 12:32:35 ESENT 916 General svchost (3952,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:32:35 ESENT 916 General DllHost (8836,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:31:45 ESENT 916 General svchost (540,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:27:00 ESENT 916 General svchost (3276,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 12:18:44 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC859.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD28C.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2B7.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD316.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_2314dbdf Analysis symbol: Rechecking for solution: 0 Report Id: e0a8922b-0d53-46d2-a479-4ad386b902ad Report Status: 268435456 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-26 12:18:38 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x1d64 Faulting application start time: 0x01d37e3643bb8919 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: e0a8922b-0d53-46d2-a479-4ad386b902ad Faulting package full name: Faulting package-relative application ID: " Information 2017-12-26 11:39:22 ESENT 916 General svchost (540,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 11:26:00 ESENT 916 General svchost (3276,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:35:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T09:25:28Z. Reason: RulesEngine. Information 2017-12-26 10:34:57 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-26 10:34:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-26 10:34:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:34:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:34:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:34:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:34:56 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:34:56 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:34:54 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/26 09:34" Information 2017-12-26 10:34:52 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.114.214.217:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/26 09:34, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-26 10:32:08 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T09:25:08Z. Reason: RulesEngine. Information 2017-12-26 10:31:25 ESENT 916 General svchost (9212,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:30:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T09:25:21Z. Reason: RulesEngine. Information 2017-12-26 10:27:34 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T09:25:34Z. Reason: RulesEngine. Information 2017-12-26 10:27:03 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-26 10:26:28 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-26 10:26:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-25T09:25:28Z. Reason: RulesEngine. Information 2017-12-26 10:26:17 ESENT 916 General svchost (3240,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:25:58 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/24:09:25:56;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-26 10:25:47 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 10:25:47 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 10:25:33 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-26 10:25:32 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-26 10:25:30 ESENT 326 General "SearchIndexer (7956,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000084:001E:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001160 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.025374 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:14, WS:-728K # 0K, PF:-720K # 0K, P:-720K) [4] 0.000577 +J(0) [5] - [6] - [7] 0.060427 -0.001932 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:112K # 0K, PF:512K # 0K, P:512K) [8] 0.001335 -0.000845 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000854 -0.000555 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-26 10:25:30 ESENT 105 General "SearchIndexer (7956,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000084:000A:0000 - 00000084:001C:0000 - 00000000:0000:0000 - 00000084:001C:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.002394 +J(0) +M(C:0K, Fs:178, WS:696K # 696K, PF:5472K # 5472K, P:5472K) [2] 0.000757 +J(0) +M(C:10240K, Fs:142, WS:568K # 568K, PF:384K # 384K, P:384K) [3] 0.000077 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000213 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:228K # 228K, P:228K) [5] 0.005751 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.026306 +J(0) +M(C:0K, Fs:86, WS:340K # 340K, PF:24K # 24K, P:24K) [7] 0.004347 +J(0) +M(C:0K, Fs:279, WS:1112K # 1112K, PF:1028K # 1028K, P:1028K) [8] 0.099387 -0.011693 (9) CM +J(CM:9, PgRf:82, Rd:0/9, Dy:9/155, Lg:105443/399) +M(C:0K, Fs:481, WS:1712K # 1712K, PF:1512K # 1512K, P:1512K) [9] - [10] 0.002205 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000122 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.067104 -0.000006 (9) CM +J(CM:9, PgRf:0, Rd:0/9, Dy:0/0, Lg:0/0) +M(C:0K, Fs:44, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.104057 -0.001461 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-328K # 0K, PF:-348K # 0K, P:-348K) [14] 0.000031 +J(0) [15] 0.000048 +J(0) [16] 0.000529 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-26 10:25:29 ESENT 302 Logging/Recovery SearchIndexer (7956,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-26 10:25:29 ESENT 301 Logging/Recovery "SearchIndexer (7956,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-26 10:25:29 ESENT 300 Logging/Recovery SearchIndexer (7956,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-26 10:25:29 ESENT 916 General SearchIndexer (7956,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:25:29 ESENT 102 General SearchIndexer (7956,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-26 10:25:24 ESENT 916 General taskhostw (5340,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:25:21 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-26 10:25:20 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-26 10:25:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-26 10:25:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:25:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:25:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:25:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:25:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:25:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-26 10:25:16 ESENT 326 General "Music.UI (7012,D,50) {05A6CC2F-154B-425A-BCE5-7E70865E4CAF}: The database engine attached a database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000001:0062:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001078 +J(0) +M(C:0K, Fs:18, WS:8K # 0K, PF:8K # 0K, P:8K) [3] 0.023224 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:8, WS:24K # 0K, PF:20K # 0K, P:20K) [4] 0.000513 +J(0) [5] - [6] - [7] 0.001498 -0.001017 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:7, WS:28K # 0K, PF:128K # 0K, P:128K) [8] 0.000416 -0.000027 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 0K, PF:208K # 0K, P:208K) [9] 0.000163 -0.000006 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:8K # 0K, P:8K) [10] 0.000024 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000097 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [12] 0.000001 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-26 10:25:16 ESENT 105 General "Music.UI (7012,D,0) {05A6CC2F-154B-425A-BCE5-7E70865E4CAF}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0001:0000 - 00000001:0060:0000 - 00000000:0000:0000 - 00000001:0060:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.003159 +J(0) +M(C:0K, Fs:143, WS:560K # 560K, PF:2920K # 2912K, P:2920K) [2] 0.000963 +J(0) +M(C:16K, Fs:93, WS:356K # 356K, PF:208K # 256K, P:208K) [3] 0.000035 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 16K, P:64K) [4] 0.000298 +J(0) +M(C:112K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K) [5] 0.117387 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:48K # 48K, P:48K) [6] 0.006049 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.066967 +J(0) +M(C:0K, Fs:554, WS:2212K # 2212K, PF:2088K # 2088K, P:2088K) [8] 0.428912 -0.052760 (230) CM +J(CM:230, PgRf:2285, Rd:0/230, Dy:97/2170, Lg:384843/5270) +M(C:304K, Fs:2924, WS:9584K # 9584K, PF:4652K # 4652K, P:4652K) [9] - [10] 0.004160 +J(0) +M(C:0K, Fs:7, WS:-2040K # 0K, PF:-2044K # 8K, P:-2044K) [11] 0.000120 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.036954 -0.000005 (53) CM +J(CM:53, PgRf:0, Rd:0/53, Dy:0/0, Lg:0/0) +M(C:0K, Fs:96, WS:164K # 0K, PF:-8K # 0K, P:-8K) [13] 0.045370 -0.000011 (1) CM +J(CM:1, PgRf:2, Rd:0/1, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:530, WS:-680K # 0K, PF:-704K # 0K, P:-704K) [14] 0.000029 +J(0) [15] 0.000025 +J(0) [16] 0.000493 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-26 10:25:16 ESENT 302 Logging/Recovery Music.UI (7012,U,0) {05A6CC2F-154B-425A-BCE5-7E70865E4CAF}: The database engine has successfully completed recovery steps. Information 2017-12-26 10:25:16 TV Server 0 None Service started successfully. Information 2017-12-26 10:25:15 ESENT 301 Logging/Recovery "Music.UI (7012,R,0) {05A6CC2F-154B-425A-BCE5-7E70865E4CAF}: The database engine has begun replaying logfile C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log. Previous Log Processing Stats: " Information 2017-12-26 10:25:15 ESENT 300 Logging/Recovery Music.UI (7012,R,0) {05A6CC2F-154B-425A-BCE5-7E70865E4CAF}: The database engine is initiating recovery steps. Information 2017-12-26 10:25:15 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/26 09:25" Information 2017-12-26 10:25:15 ESENT 916 General Music.UI (7012,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:25:15 ESENT 102 General Music.UI (7012,P,0) {05A6CC2F-154B-425A-BCE5-7E70865E4CAF}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-26 10:25:13 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.129.17.66:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/26 09:25, 1, 1, 258319, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-26 10:24:58 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-26 10:24:57 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258320)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-26 10:24:56 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-26 10:24:54 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-26 10:24:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 10:24:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 10:24:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 10:24:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-26 10:24:52 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-26 10:24:48 ESENT 916 General taskhostw (5340,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:24:46 ESENT 916 General svchost (3276,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:24:43 ESENT 916 General svchost (3116,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:24:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-26 10:24:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-26 10:24:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-26 10:24:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-26 10:24:33 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:33 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:32 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:32 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:32 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:32 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:32 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 10743897 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:32 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:32 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 Service1 0 None Service started successfully. Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: The log sequence numbers 10740507 and 10740507 in ibdata files do not match the log sequence number 10743897 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-26 10:24:31 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-26 10:24:31 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-26 10:24:28 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-26 10:24:27 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-26 10:24:24 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-26 10:24:25 ESENT 916 General svchost (540,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-26 10:24:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-26 10:24:23 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-26 10:24:22 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-25 21:46:27 ESENT 916 General svchost (1844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 21:36:00 ESENT 916 General svchost (3448,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 20:48:26 ESENT 916 General svchost (1844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 20:35:00 ESENT 916 General svchost (3448,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:58:35 Windows Error Reporting 1001 None "Fault bucket 1373843813673378068, type 5 Event Name: BEX64 Response: Not available Cab Id: 1501621707559962331 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 5a4088ba P4: ucrtbase.dll P5: 10.0.16299.125 P6: 70f70cc4 P7: 000000000006b70e P8: c0000409 P9: 0000000000000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CCB.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER25C5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER25F0.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER263F.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER3315.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3567.tmp.hdmp \\?\C:\Users\Eglobal\AppData\Local\Temp\WERAE03.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_a0252433c8a2af457acec2769673420e89eff6_07558bad_cab_178b2dd6 Analysis symbol: Rechecking for solution: 0 Report Id: 3de0e28e-32a8-4c69-b212-99b6b957a44f Report Status: 268435464 Hashed bucket: f8b0fcdfa726997ce310dfab6adea114" Error 2017-12-25 19:56:19 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.9.701.0, time stamp: 0x5a4088ba Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4 Exception code: 0xc0000409 Fault offset: 0x000000000006b70e Faulting process id: 0x18e0 Faulting application start time: 0x01d37db055eb2811 Faulting application path: C:\Program Files\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 3de0e28e-32a8-4c69-b212-99b6b957a44f Faulting package full name: Faulting package-relative application ID: " Information 2017-12-25 19:48:42 Windows Error Reporting 1001 None "Fault bucket 129572575170, type 5 Event Name: RADAR_PRE_LEAK_64 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.9.701.0 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR14BC.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER14CD.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1568.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER15E6.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 92f67c87-bcda-46b7-8e10-2a9f51ea533f Report Status: 268435456 Hashed bucket: 56d7a470fb6372dc4cc1331cabf17b68" Information 2017-12-25 19:44:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:33Z. Reason: RulesEngine. Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:44:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:44:00 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/25 18:43" Information 2017-12-25 19:43:59 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.171.91.225:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/25 18:43, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-25 19:43:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:24Z. Reason: RulesEngine. Information 2017-12-25 19:39:17 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:17Z. Reason: RulesEngine. Information 2017-12-25 19:36:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:35:55Z. Reason: RulesEngine. Information 2017-12-25 19:36:22 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-25 19:36:21 ESENT 916 General svchost (8968,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:35:23 ESENT 916 General svchost (3380,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:35:20 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-25 19:35:20 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:20Z. Reason: RulesEngine. Information 2017-12-25 19:34:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 19:34:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 19:34:37 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-25 19:34:27 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-25 19:34:23 ESENT 326 General "SearchIndexer (7628,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000084:000B:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.020893 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.324374 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000872 +J(0) [5] - [6] - [7] 0.184805 -0.001466 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:212K # 0K, PF:660K # 0K, P:660K) [8] 0.001217 -0.000620 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.001301 -0.000914 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:12, WS:44K # 0K, PF:100K # 100K, P:100K) [10] 0.000041 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-25 19:34:23 ESENT 105 General "SearchIndexer (7628,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.003936 +J(0) +M(C:0K, Fs:218, WS:856K # 856K, PF:5468K # 5468K, P:5468K) [2] 0.000983 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000103 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000224 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.010468 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004529 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.013335 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.007104 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000039 +J(0) [15] 0.000113 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000894 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-25 19:34:23 ESENT 916 General SearchIndexer (7628,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:34:23 ESENT 102 General SearchIndexer (7628,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-25 19:34:21 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-25 19:34:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-25 19:34:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:34:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:34:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:34:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:34:20 TV Server 0 None Service started successfully. Information 2017-12-25 19:34:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:34:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 19:34:16 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/25 18:34" Information 2017-12-25 19:34:14 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.45.250.207:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/25 18:34, 1, 1, 259152, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-25 19:34:04 ESENT 916 General taskhostw (3668,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:34:01 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-25 19:34:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259153)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-25 19:34:00 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-25 19:33:58 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-25 19:33:53 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 19:33:53 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 19:33:53 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 19:33:53 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-25 19:33:48 ESENT 916 General svchost (3448,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:33:46 ESENT 916 General svchost (2836,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:33:39 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:39 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:38 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:38 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:38 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:38 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:38 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 10740507 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:38 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:38 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:37 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-25 19:33:37 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:33:36 Service1 0 None Service started successfully. Information 2017-12-25 19:33:36 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-25 19:33:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-25 19:33:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-25 19:33:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-25 19:33:33 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-25 19:33:29 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-25 19:33:28 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-25 19:33:29 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-25 19:33:29 ESENT 916 General svchost (1844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 19:33:27 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-25 19:33:26 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-25 19:33:26 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-25 19:32:58 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-25 19:32:58 MySQL 100 None "Binlog end For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:32:58 MySQL 100 None "Forcefully disconnecting 0 remaining clients For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:32:58 Service1 0 None Service has been successfully shut down. Information 2017-12-25 19:32:58 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:32:58 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:32:58 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:32:58 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 19:32:55 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-25 19:32:55 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 32 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 652 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 2528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 532 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2268 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-25 19:32:55 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-25 19:32:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-25 19:32:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-25 19:13:45 TV Server 0 None Service stopped successfully. Information 2017-12-25 18:54:16 ESENT 916 General svchost (8376,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:51:09 ESENT 916 General svchost (3820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:49:01 ESENT 916 General DllHost (9692,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:46:39 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:39Z. Reason: RulesEngine. Information 2017-12-25 18:46:09 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-25 18:46:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-25 18:46:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:46:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:46:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:46:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:46:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:46:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:46:06 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/25 17:46" Information 2017-12-25 18:46:05 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.64.221.86:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/25 17:46, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Error 2017-12-25 18:43:15 SideBySide 33 None "Activation context generation failed for ""C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.16299.15_none_e10a04e314dd6b63\Narrator.exe"". Dependent Assembly SRH,type=""win32"",version=""1.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2017-12-25 18:39:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:24Z. Reason: RulesEngine. Information 2017-12-25 18:38:34 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:34Z. Reason: RulesEngine. Information 2017-12-25 18:38:03 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-25 18:38:02 ESENT 916 General svchost (9040,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:37:28 ESENT 916 General svchost (2972,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:37:24 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-25 18:37:24 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-24T17:36:19Z. Reason: RulesEngine. Information 2017-12-25 18:36:53 ESENT 916 General MicrosoftEdge (7688,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:36:49 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/23:17:36:48;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-25 18:36:45 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-25 18:36:31 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-25 18:36:30 ESENT 326 General "SearchIndexer (7776,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000083:00A8:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.002741 +J(0) +M(C:0K, Fs:25, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.025639 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:128K # 0K, PF:152K # 0K, P:152K) [4] 0.000636 +J(0) [5] - [6] - [7] 0.043259 -0.001651 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:204K # 0K, PF:644K # 0K, P:644K) [8] 0.002248 -0.001775 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 116K, P:256K) [9] 0.000915 -0.000584 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000264 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-25 18:36:30 ESENT 105 General "SearchIndexer (7776,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.005719 +J(0) +M(C:0K, Fs:220, WS:864K # 864K, PF:5476K # 5468K, P:5476K) [2] 0.000979 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000095 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000226 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.006535 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004739 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.019462 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.013420 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:11, WS:-988K # 28K, PF:-1024K # 12K, P:-1024K) [14] 0.000033 +J(0) [15] 0.000140 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000583 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-25 18:36:30 ESENT 916 General SearchIndexer (7776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:36:30 ESENT 102 General SearchIndexer (7776,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-25 18:36:26 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-25 18:36:25 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-25 18:36:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-25 18:36:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:36:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:36:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:36:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:36:24 ESENT 916 General taskhostw (4920,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:36:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:36:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-25 18:36:20 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/25 17:36" Information 2017-12-25 18:36:19 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.205.171.202:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/25 17:36, 1, 1, 256765, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-25 18:36:11 TV Server 0 None Service started successfully. Information 2017-12-25 18:36:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-25 18:36:07 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-25 18:36:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-25 18:36:06 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-25 18:36:06 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-25 18:36:06 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 256765)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-25 18:36:05 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-25 18:36:04 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-25 18:36:03 ESENT 916 General svchost (3820,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:36:01 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-25 18:35:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 18:35:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 18:35:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 18:35:57 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 18:35:57 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-25 18:35:53 ESENT 916 General svchost (2964,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:35:47 ESENT 916 General svchost (2628,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:35:45 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:45 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:44 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:44 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:44 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:44 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:44 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 10739757 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:44 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:44 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 Service1 0 None Service started successfully. Information 2017-12-25 18:35:43 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:43 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-25 18:35:43 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:42 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-25 18:35:38 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-25 18:35:37 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-25 18:35:35 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-25 18:35:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-25 18:35:35 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-25 18:35:02 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-25 18:35:02 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:02 MySQL 100 None "Giving 3 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:02 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-25 18:35:00 TV Server 0 None Service has been successfully shut down. Information 2017-12-25 18:34:26 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-25 18:34:26 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-25 18:34:26 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 7740 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 7508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-25 18:34:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 3 The request is not supported " Information 2017-12-25 18:34:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-25 18:32:13 ESENT 916 General svchost (6008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:26:42 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-25 18:24:42 ESENT 916 General DllHost (2472,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 18:24:18 ESENT 916 General MicrosoftEdge (7680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 17:53:04 Windows Error Reporting 1001 None "Fault bucket 129578632112, type 5 Event Name: RADAR_PRE_LEAK_64 Response: Not available Cab Id: 0 Problem signature: P1: TiWorker.exe P2: 10.0.16299.15 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDRA1E5.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1E6.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA262.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2C1.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 32618c97-10a3-4751-9d16-94eef7df56a0 Report Status: 268435456 Hashed bucket: 88d4c4cdfa94542fe09c394dc240f19a" Information 2017-12-25 17:46:53 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-25 17:46:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 17:45:06 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2017-12-25 17:44:05 ESENT 326 General "svchost (7760,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000003:0003:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001850 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.024704 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.009332 +J(0) [5] - [6] - [7] 0.002192 -0.001484 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 36K, PF:60K # 32K, P:60K) [8] 0.001060 -0.000578 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 116K, PF:196K # 192K, P:196K) [9] 0.000693 -0.000384 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000126 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000194 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-25 17:44:05 ESENT 105 General "svchost (7760,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000002:000C:0000 - 00000003:0001:0000 - 00000003:0001:0000 - 00000003:0001:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.016116 +J(0) +M(C:0K, Fs:173, WS:680K # 680K, PF:3408K # 3408K, P:3408K) [2] 0.000985 +J(0) +M(C:8K, Fs:89, WS:352K # 352K, PF:308K # 308K, P:308K) [3] 0.000040 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000231 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:160K # 160K, P:160K) [5] 0.013599 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005648 +J(0) +M(C:0K, Fs:31, WS:120K # 120K, PF:24K # 24K, P:24K) [7] 0.007554 +J(0) +M(C:0K, Fs:36, WS:140K # 140K, PF:68K # 68K, P:68K) [8] 0.056865 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8115/6) +M(C:0K, Fs:105, WS:336K # 336K, PF:220K # 224K, P:220K) + 1 lgens [9] 0.003637 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:1/1) +M(C:0K, Fs:10, WS:36K # 40K, PF:60K # 60K, P:60K) [10] 0.001661 +J(0) +M(C:0K, Fs:8, WS:-28K # 24K, PF:-60K # 0K, P:-60K) [11] 0.000058 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.004252 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.061418 -0.000814 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 104K, PF:160K # 164K, P:160K) [14] 0.000067 +J(0) [15] 0.000054 +J(0) [16] 0.002390 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-25 17:44:05 ESENT 302 Logging/Recovery svchost (7760,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-25 17:44:05 ESENT 301 Logging/Recovery "svchost (7760,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: [1] 0.041308 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8115/6) +M(C:0K, Fs:80, WS:244K # 244K, PF:148K # 152K, P:148K)." Information 2017-12-25 17:44:05 ESENT 301 Logging/Recovery "svchost (7760,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS00002.log. Previous Log Processing Stats: " Information 2017-12-25 17:44:05 ESENT 300 Logging/Recovery svchost (7760,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-25 17:44:05 ESENT 916 General svchost (7760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 17:44:05 ESENT 102 General svchost (7760,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-25 17:44:00 ESENT 916 General svchost (1740,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 17:42:04 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 16:45:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 16:42:04 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 15:44:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 15:39:35 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 14:57:50 ESENT 916 General svchost (6872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 14:43:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 14:40:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 14:40:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-25 14:39:21 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 13:42:04 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 13:42:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 12:42:04 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 12:41:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 11:42:04 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 11:40:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 11:01:56 ESENT 916 General svchost (4992,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 10:54:10 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 10:49:15 ESENT 916 General svchost (1740,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 10:43:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-23T01:00:30Z. Reason: RulesEngine. Information 2017-12-25 10:42:20 ESENT 916 General svchost (1884,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 10:40:06 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-25 10:39:38 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 10:39:26 ESENT 916 General svchost (2504,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 10:39:24 ESENT 916 General taskhostw (8904,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-25 10:39:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 3 The request is not supported " Information 2017-12-25 10:39:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 3 The request is not supported " Information 2017-12-25 10:39:09 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-25 10:39:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-25 10:39:08 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-25 10:39:05 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-25 10:39:05 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-25 10:39:05 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-24 13:30:04 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-24 13:30:03 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 13:30:03 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 528 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 7416 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2017-12-24 13:30:03 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 8080 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 4104 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 6512 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-24 13:30:03 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-24 13:30:02 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2017-12-24 13:30:02 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-24 13:30:01 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-24 13:29:56 ESENT 916 General svchost (7764,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 13:28:45 ESENT 916 General DllHost (5528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 12:59:00 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 12:43:31 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 12:14:01 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 12:02:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-23T01:00:40Z. Reason: RulesEngine. Information 2017-12-24 12:01:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-24 12:01:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-24 11:59:59 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-24 11:59:26 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 11:59:11 ESENT 916 General taskhostw (7272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 11:59:08 ESENT 916 General svchost (2504,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 11:59:05 ESENT 916 General svchost (2504,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 11:59:00 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-24 11:59:00 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-24 11:59:00 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-24 11:59:00 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-24 11:58:59 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-24 11:58:58 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-24 11:58:57 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-24 11:58:57 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-24 02:20:55 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 648 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2508 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1872 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-24 02:20:56 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-24 02:20:55 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-24 02:20:55 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 02:20:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-24 02:20:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-24 02:20:52 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-24 02:20:49 ESENT 916 General svchost (3880,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 02:20:48 ESENT 916 General DllHost (7636,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 02:01:47 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-23T01:00:47Z. Reason: RulesEngine. Information 2017-12-24 02:01:17 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/22:01:01:17;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-24 02:01:08 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 02:01:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 02:01:05 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/24 01:01" Information 2017-12-24 02:01:04 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.102.140.124:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/24 01:01, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-24 01:56:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T22:58:30Z. Reason: RulesEngine. Information 2017-12-24 01:53:51 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B6.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER15A0.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER15BB.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER161A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_1f17205a Analysis symbol: Rechecking for solution: 0 Report Id: 9d03ca52-f9f2-45f5-b270-ef1cd069aa08 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-24 01:53:44 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0xa6c Faulting application start time: 0x01d37c51a4191b2e Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 9d03ca52-f9f2-45f5-b270-ef1cd069aa08 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-24 01:53:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T22:58:44Z. Reason: RulesEngine. Error 2017-12-24 01:53:44 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-24 01:53:11 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-24 01:53:10 ESENT 916 General svchost (7804,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:52:34 ESENT 916 General svchost (3464,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:51:54 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-24 01:51:54 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T22:58:54Z. Reason: RulesEngine. Information 2017-12-24 01:51:45 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-24 01:51:25 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-24 01:51:24 ESENT 326 General "SearchIndexer (6548,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000083:005F:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.003911 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.022704 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000479 +J(0) [5] - [6] - [7] 0.024876 -0.001590 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:55, WS:220K # 0K, PF:660K # 0K, P:660K) [8] 0.001369 -0.000889 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.000929 -0.000578 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000106 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-24 01:51:24 ESENT 105 General "SearchIndexer (6548,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002659 +J(0) +M(C:0K, Fs:183, WS:712K # 712K, PF:5488K # 5488K, P:5488K) [2] 0.000766 +J(0) +M(C:10240K, Fs:143, WS:572K # 572K, PF:376K # 376K, P:376K) [3] 0.000081 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000241 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.004791 +J(0) +M(C:0K, Fs:49, WS:196K # 196K, PF:24K # 32K, P:24K) [6] 0.004933 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 12K, P:20K) [7] 0.008297 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.004796 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000046 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000106 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000528 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-24 01:51:24 ESENT 916 General SearchIndexer (6548,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:51:24 ESENT 102 General SearchIndexer (6548,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-24 01:51:23 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-24 01:51:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-24 01:51:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 01:51:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 01:51:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 01:51:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 01:51:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 01:51:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-24 01:51:21 ESENT 916 General taskhostw (3172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:51:19 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/24 00:51" Information 2017-12-24 01:51:19 TV Server 0 None Service started successfully. Information 2017-12-24 01:51:16 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.177.245.147:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/24 00:51, 1, 1, 259088, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-24 01:51:06 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-24 01:51:06 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259089)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-24 01:51:04 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-24 01:51:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-24 01:51:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-24 01:51:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-24 01:51:03 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-24 01:51:03 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-24 01:50:55 ESENT 916 General svchost (2504,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:50:55 ESENT 916 General svchost (3456,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:50:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-24 01:50:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-24 01:50:48 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:48 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7825353 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-24 01:50:47 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:47 Service1 0 None Service started successfully. Information 2017-12-24 01:50:46 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-24 01:50:46 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:46 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:46 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:46 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-24 01:50:46 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-24 01:50:41 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-24 01:50:41 ESENT 916 General svchost (1872,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:50:41 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-24 01:50:39 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-24 01:50:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-24 01:50:38 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-24 01:50:38 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-24 01:50:08 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-24 01:50:08 Service1 0 None Service has been successfully shut down. Information 2017-12-24 01:50:08 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:08 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:08 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:08 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-24 01:50:07 TV Server 0 None Service has been successfully shut down. Information 2017-12-24 01:50:06 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 648 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2544 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8148 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 1384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 1384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3440 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-24 01:50:06 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-24 01:50:06 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-24 01:50:06 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-24 01:49:50 ESENT 916 General DllHost (712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:48:02 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:17:29 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER553B.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D4B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D78.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5DE6.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_097464ea Analysis symbol: Rechecking for solution: 0 Report Id: 155ab9d8-f47d-458a-aea8-a668954ce463 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-24 01:17:25 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x19f8 Faulting application start time: 0x01d37c4c9166d5df Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 155ab9d8-f47d-458a-aea8-a668954ce463 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-24 01:17:25 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-24 01:08:00 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 01:03:26 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7804.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8072.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8090.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER80FE.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_08ab8821 Analysis symbol: Rechecking for solution: 0 Report Id: be878489-0cca-4ab7-99fd-3684117590af Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-24 01:03:22 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x808 Faulting application start time: 0x01d37c4a9ad1b000 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: be878489-0cca-4ab7-99fd-3684117590af Faulting package full name: Faulting package-relative application ID: " Error 2017-12-24 01:03:22 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-24 00:51:10 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B12.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER42B5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER42D1.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER433F.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_05b04a81 Analysis symbol: Rechecking for solution: 0 Report Id: a01131d7-1ae2-4958-8f43-ea17b3f7d4ce Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-24 00:51:05 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0xfe0 Faulting application start time: 0x01d37c48e422400f Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: a01131d7-1ae2-4958-8f43-ea17b3f7d4ce Faulting package full name: Faulting package-relative application ID: " Error 2017-12-24 00:51:05 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-24 00:49:43 ESENT 916 General Explorer (5580,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:49:43 ESENT 916 General Explorer (5580,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:46:28 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:46:13 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB5A9.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD9B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBDB6.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE24.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_144bc547 Analysis symbol: Rechecking for solution: 0 Report Id: e22d5feb-74c9-4e81-9584-10219df57a81 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-24 00:46:09 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0xbe0 Faulting application start time: 0x01d37c48337b4de1 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: e22d5feb-74c9-4e81-9584-10219df57a81 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-24 00:46:09 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-24 00:33:45 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-24 00:32:29 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:31:56 ESENT 916 General svchost (6184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:31:45 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-24 00:30:47 ESENT 326 General "svchost (5912,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000002:000D:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001886 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.035836 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.002768 +J(0) [5] - [6] - [7] 0.008214 -0.006424 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:60K, Fs:17, WS:68K # 36K, PF:60K # 32K, P:60K) [8] 0.004130 -0.003692 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:108K # 108K, PF:196K # 192K, P:196K) [9] 0.003867 -0.003544 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000046 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000116 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-24 00:30:47 ESENT 105 General "svchost (5912,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000002:0008:0000 - 00000002:000B:0000 - 00000000:0000:0000 - 00000002:000B:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.003370 +J(0) +M(C:0K, Fs:130, WS:516K # 516K, PF:2864K # 2864K, P:2864K) [2] 0.000695 +J(0) +M(C:8K, Fs:94, WS:372K # 372K, PF:848K # 848K, P:848K) [3] 0.000030 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000248 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:160K # 160K, P:160K) [5] 0.009725 +J(0) +M(C:0K, Fs:51, WS:204K # 204K, PF:20K # 20K, P:20K) [6] 0.008265 +J(0) +M(C:0K, Fs:34, WS:128K # 128K, PF:36K # 36K, P:36K) [7] 0.005314 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.044465 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40550/128) +M(C:0K, Fs:140, WS:340K # 340K, PF:240K # 244K, P:240K) [9] - [10] 0.003703 +J(0) +M(C:0K, Fs:14, WS:-4K # 52K, PF:-4K # 52K, P:-4K) [11] 0.000054 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.006066 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.064076 -0.003306 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:48, WS:72K # 96K, PF:160K # 168K, P:160K) [14] 0.000062 +J(0) [15] 0.000032 +J(0) [16] 0.002859 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-24 00:30:47 ESENT 302 Logging/Recovery svchost (5912,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-24 00:30:47 ESENT 301 Logging/Recovery "svchost (5912,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2017-12-24 00:30:47 ESENT 300 Logging/Recovery svchost (5912,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-24 00:30:47 ESENT 916 General svchost (5912,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:30:47 ESENT 102 General svchost (5912,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-24 00:30:44 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:26:25 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-24 00:26:13 ESENT 916 General DllHost (712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-24 00:24:40 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF97.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF29.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF44.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFB3.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_1fe80a50 Analysis symbol: Rechecking for solution: 0 Report Id: d602111e-52f9-45bf-a5f4-e8f13d49a1aa Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-24 00:24:33 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x13fc Faulting application start time: 0x01d37c452ea4fb16 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: d602111e-52f9-45bf-a5f4-e8f13d49a1aa Faulting package full name: Faulting package-relative application ID: " Error 2017-12-24 00:24:33 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-24 00:07:00 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 23:59:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T22:58:49Z. Reason: RulesEngine. Information 2017-12-23 23:59:19 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/21:22:59:18;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-23 23:59:09 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 23:59:09 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 23:59:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 23:59:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 23:59:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 23:59:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 23:59:06 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 22:59" Information 2017-12-23 23:59:05 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.39.233.30:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 22:59, 1, 1, 258914, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 23:50:50 ESENT 916 General svchost (7256,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 23:49:56 ESENT 916 General DllHost (712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 23:46:28 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 23:15:36 ESENT 916 General DllHost (712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 23:06:00 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 22:38:28 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 22:05:00 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 21:42:28 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 21:04:00 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 20:46:29 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 20:03:00 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:38:32 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:12:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T18:01:38Z. Reason: RulesEngine. Information 2017-12-23 19:12:08 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 19:12:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 19:12:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:12:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:12:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:12:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:12:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:12:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:12:05 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 18:12" Information 2017-12-23 19:12:04 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.183.164.66:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 18:12, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 19:07:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T18:02:21Z. Reason: RulesEngine. Information 2017-12-23 19:04:45 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T18:01:45Z. Reason: RulesEngine. Information 2017-12-23 19:04:13 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-23 19:04:12 ESENT 916 General svchost (8136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:03:24 ESENT 916 General svchost (3412,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:03:03 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-23 19:03:03 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T18:02:03Z. Reason: RulesEngine. Information 2017-12-23 19:02:39 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-23 19:02:33 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/21:18:02:32;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-23 19:02:24 TV Server 0 None Service started successfully. Information 2017-12-23 19:02:18 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 19:02:17 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 19:02:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 19:02:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:02:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:02:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:02:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:02:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:02:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 19:02:15 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-23 19:02:14 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 18:02" Information 2017-12-23 19:02:12 ESENT 326 General "SearchIndexer (7292,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000083:0011:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.035075 +J(0) +M(C:0K, Fs:28, WS:48K # 0K, PF:32K # 0K, P:32K) [3] 0.047240 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:81, WS:280K # 0K, PF:152K # 0K, P:152K) [4] 0.000554 +J(0) [5] - [6] - [7] 0.141033 -0.001562 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:200K # 0K, PF:644K # 0K, P:644K) [8] 0.001139 -0.000673 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 116K, P:256K) [9] 0.000900 -0.000586 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 8K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-23 19:02:12 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.251.21.126:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 18:02, 1, 1, 258690, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 19:02:12 ESENT 105 General "SearchIndexer (7292,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.003911 +J(0) +M(C:0K, Fs:218, WS:852K # 852K, PF:5464K # 5464K, P:5464K) [2] 0.000945 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000065 +J(0) +M(C:0K, Fs:8, WS:32K # 32K, PF:64K # 64K, P:64K) [4] 0.000205 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006238 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004962 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004532 +J(0) +M(C:0K, Fs:279, WS:1112K # 1112K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.016374 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:26, WS:-928K # 88K, PF:-1012K # 24K, P:-1012K) [14] 0.000037 +J(0) [15] 0.000595 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000943 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-23 19:02:12 ESENT 916 General SearchIndexer (7292,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:02:12 ESENT 102 General SearchIndexer (7292,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-23 19:02:04 ESENT 916 General taskhostw (3664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:02:02 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-23 19:02:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258690)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 19:02:00 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-23 19:01:58 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-23 19:01:54 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 19:01:54 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 19:01:54 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 19:01:54 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-23 19:01:52 ESENT 916 General svchost (3464,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:01:49 ESENT 916 General svchost (2824,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:01:39 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:39 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7757596 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:38 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:37 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:37 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:37 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:37 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:37 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:37 Service1 0 None Service started successfully. Warning 2017-12-23 19:01:37 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:36 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-23 19:01:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-23 19:01:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-23 19:01:35 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 19:01:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-23 19:01:31 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-23 19:01:30 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-23 19:01:31 ESENT 916 General svchost (1384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:01:31 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-23 19:01:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-23 19:01:28 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-23 19:01:28 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-23 19:01:00 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-23 19:01:00 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:00 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:00 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:01:00 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 19:00:59 TV Server 0 None Service has been successfully shut down. Information 2017-12-23 19:00:57 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed " Information 2017-12-23 19:00:57 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 604 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 10108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 7964 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-23 19:00:57 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 19:00:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2017-12-23 19:00:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-23 19:00:45 ESENT 916 General svchost (4200,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 19:00:44 ESENT 916 General DllHost (9488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 18:47:27 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 18:29:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 17:51:27 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 17:28:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 17:02:16 ESENT 916 General MicrosoftEdge (10648,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 16:48:43 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 16:30:05 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 16:27:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 15:51:27 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 15:26:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 14:51:27 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 14:25:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 14:22:15 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 14:22:15 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 13:41:26 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 13:24:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 12:45:27 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 12:23:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 11:49:27 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 11:22:00 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:39:04 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:35:01 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-23 10:34:36 ESENT 916 General DllHost (9488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:34:13 ESENT 916 General taskhostw (964,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:34:10 ESENT 916 General svchost (3376,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:34:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-23 10:34:02 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 10:34:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-23 10:34:01 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-23 10:34:01 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-23 10:34:00 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 10:34:00 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-23 10:34:00 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 10:33:19 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 10:33:18 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:33:18 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2504 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2504 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2504 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 10344 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 10344 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 10344 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-23 10:33:18 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 42 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 656 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 10108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3412 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3412 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 1704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3412 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3412 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 1704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 536 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3412 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 1704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3316 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2604 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-23 10:33:18 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 10:33:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-23 10:33:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-23 10:33:12 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-23 10:32:18 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T09:21:18Z. Reason: RulesEngine. Information 2017-12-23 10:31:47 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 10:31:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 10:31:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:31:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:31:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:31:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:31:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:31:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:31:43 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 09:31" Information 2017-12-23 10:31:40 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.70.76.168:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 09:31, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 10:25:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T09:21:44Z. Reason: RulesEngine. Information 2017-12-23 10:23:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T09:21:58Z. Reason: RulesEngine. Information 2017-12-23 10:23:27 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-23 10:23:26 ESENT 916 General svchost (10552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:22:47 ESENT 916 General svchost (4332,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:22:34 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-23 10:22:34 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T09:21:33Z. Reason: RulesEngine. Information 2017-12-23 10:22:06 ESENT 916 General MicrosoftEdge (5848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:22:05 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-23 10:22:03 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/21:09:22:01;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Error 2017-12-23 10:21:59 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 81c Start Time: 01d37bcf61d34f97 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 3598b998-61fe-4510-ac55-08fbee022cf7 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-23 10:21:59 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E4F.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E6D.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2EDC.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_164533ad Analysis symbol: Rechecking for solution: 0 Report Id: 3598b998-61fe-4510-ac55-08fbee022cf7 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2017-12-23 10:21:57 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-23 10:21:53 TV Server 0 None Service started successfully. Information 2017-12-23 10:21:48 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 10:21:47 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 10:21:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 10:21:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:21:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:21:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:21:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:21:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:21:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 10:21:44 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 09:21" Information 2017-12-23 10:21:43 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.100.108.186:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 09:21, 1, 1, 258739, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 10:21:38 ESENT 916 General svchost (3376,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:21:35 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-23 10:21:35 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258739)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 10:21:34 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-23 10:21:33 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-23 10:21:32 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-23 10:21:31 ESENT 326 General "SearchIndexer (956,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000082:0035:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.013001 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.027190 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000515 +J(0) [5] - [6] - [7] 0.079877 -0.003884 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001544 -0.000644 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.001413 -0.001082 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000090 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000144 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-23 10:21:30 ESENT 105 General "SearchIndexer (956,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004450 +J(0) +M(C:0K, Fs:223, WS:876K # 876K, PF:5472K # 5472K, P:5472K) [2] 0.000653 +J(0) +M(C:10240K, Fs:107, WS:428K # 428K, PF:396K # 396K, P:396K) [3] 0.000058 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000188 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.006332 +J(0) +M(C:0K, Fs:20, WS:80K # 80K, PF:20K # 20K, P:20K) [6] 0.021217 +J(0) +M(C:0K, Fs:75, WS:300K # 300K, PF:32K # 32K, P:32K) [7] 0.006253 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.014082 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000031 +J(0) [15] 0.000120 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000616 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-23 10:21:30 ESENT 916 General SearchIndexer (956,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:21:30 ESENT 102 General SearchIndexer (956,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-23 10:21:23 ESENT 916 General taskhostw (3424,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:21:21 ESENT 916 General svchost (4296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:21:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 10:21:20 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 10:21:20 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-23 10:21:06 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:06 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:05 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:05 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:05 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:05 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:05 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7751865 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:05 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:05 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 Service1 0 None Service started successfully. Information 2017-12-23 10:21:04 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:04 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-23 10:21:04 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:21:03 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-23 10:21:02 ESENT 916 General svchost (3376,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:20:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-23 10:20:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-23 10:20:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-23 10:20:56 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 10:20:53 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-23 10:20:53 ESENT 916 General svchost (1704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:20:52 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-23 10:20:51 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-23 10:20:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-23 10:20:50 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-23 10:20:50 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-23 10:20:21 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-23 10:20:21 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:20:21 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 10:20:20 TV Server 0 None Service has been successfully shut down. Information 2017-12-23 10:20:18 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-23 10:20:18 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 10:20:18 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 27 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 4540 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 812 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 812 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7544 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 6860 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 812 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-23 10:20:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2017-12-23 10:20:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-23 10:20:10 ESENT 916 General svchost (8472,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:19:14 ESENT 916 General MicrosoftEdge (8124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 10:18:37 ESENT 916 General DllHost (5712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 09:51:12 ESENT 916 General svchost (2080,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 09:50:00 ESENT 916 General svchost (3752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 09:41:00 ESENT 916 General svchost (8640,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 09:04:13 ESENT 916 General svchost (2080,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 08:53:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T01:25:44Z. Reason: RulesEngine. Information 2017-12-23 08:50:08 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-23 08:49:23 ESENT 916 General svchost (3144,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 08:49:22 ESENT 916 General taskhostw (1008,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 08:49:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-23 08:49:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-23 08:49:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-23 08:49:11 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 08:49:09 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 08:49:08 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-23 08:49:08 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-23 08:49:07 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 02:42:25 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 02:42:24 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 5852 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2017-12-23 02:42:24 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 644 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2524 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 812 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 812 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 7544 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 812 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3704 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm " Information 2017-12-23 02:42:24 ESENT 916 General svchost (3752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:42:24 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 02:42:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-23 02:42:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-23 02:42:22 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-23 02:42:09 ESENT 916 General svchost (564,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:42:09 ESENT 916 General DllHost (7752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:40:52 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T01:25:52Z. Reason: RulesEngine. Information 2017-12-23 02:40:22 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 02:40:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 02:40:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:40:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:40:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:40:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:40:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:40:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:40:19 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 01:40" Information 2017-12-23 02:40:18 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.18.128.178:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 01:40, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 02:33:24 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T01:25:24Z. Reason: RulesEngine. Information 2017-12-23 02:32:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T01:25:33Z. Reason: RulesEngine. Information 2017-12-23 02:32:02 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-23 02:31:30 ESENT 916 General svchost (3672,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:31:00 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-23 02:31:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T01:26:00Z. Reason: RulesEngine. Information 2017-12-23 02:30:46 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-23 02:30:33 TV Server 0 None Service started successfully. Information 2017-12-23 02:30:29 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 02:30:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 02:30:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:30:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:30:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:30:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:30:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:30:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:30:26 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 01:30" Information 2017-12-23 02:30:24 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.253.74.253:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 01:30, 1, 1, 259196, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 02:30:21 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-23 02:30:19 ESENT 326 General "SearchIndexer (6572,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000081:00F3:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.004946 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.023444 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000512 +J(0) [5] - [6] - [7] 0.029691 -0.001579 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001172 -0.000683 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000928 -0.000582 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-23 02:30:19 ESENT 105 General "SearchIndexer (6572,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004190 +J(0) +M(C:0K, Fs:220, WS:860K # 860K, PF:5476K # 5468K, P:5476K) [2] 0.000890 +J(0) +M(C:10240K, Fs:104, WS:416K # 416K, PF:392K # 392K, P:392K) [3] 0.000062 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000193 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006768 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004493 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.009740 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.004993 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000112 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000762 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-23 02:30:19 ESENT 916 General SearchIndexer (6572,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:30:19 ESENT 102 General SearchIndexer (6572,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-23 02:30:18 ESENT 916 General taskhostw (3492,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:30:16 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-23 02:30:16 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259196)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 02:30:15 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-23 02:30:14 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-23 02:30:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 02:30:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 02:30:08 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-23 02:29:54 ESENT 916 General svchost (3144,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:29:52 ESENT 916 General svchost (3752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:29:48 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:48 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7750532 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:47 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-23 02:29:46 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:46 Service1 0 None Service started successfully. Information 2017-12-23 02:29:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-23 02:29:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-23 02:29:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-23 02:29:42 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 02:29:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-23 02:29:38 ESENT 916 General svchost (2080,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:29:38 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-23 02:29:37 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-23 02:29:36 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-23 02:29:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-23 02:29:35 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-23 02:29:34 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-23 02:29:07 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-23 02:29:06 MySQL 100 None "Giving 2 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:06 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:29:05 TV Server 0 None Service has been successfully shut down. Information 2017-12-23 02:29:04 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 14 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 660 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 6124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 540 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-23 02:29:04 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 02:29:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-23 02:29:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-23 02:28:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T01:26:00Z. Reason: RulesEngine. Information 2017-12-23 02:27:29 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-23 02:26:38 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-23 02:26:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-22T01:25:38Z. Reason: RulesEngine. Information 2017-12-23 02:26:08 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/21:01:26:07;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-23 02:26:08 ESENT 916 General svchost (3268,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:26:07 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-23 02:25:58 ESENT 916 General svchost (7216,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:25:56 TV Server 0 None Service started successfully. Information 2017-12-23 02:25:53 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 02:25:52 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 02:25:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 02:25:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:25:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:25:51 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:25:51 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:25:51 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:25:51 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 02:25:49 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/23 01:25" Information 2017-12-23 02:25:47 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.167.188.253:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/23 01:25, 1, 1, 259066, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 02:25:44 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-23 02:25:43 ESENT 326 General "SearchIndexer (6840,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000081:00C7:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.004802 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.046557 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000594 +J(0) [5] - [6] - [7] 0.075933 -0.001600 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:55, WS:220K # 0K, PF:660K # 0K, P:660K) [8] 0.001644 -0.001157 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000931 -0.000591 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000037 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000109 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-23 02:25:43 ESENT 105 General "SearchIndexer (6840,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004235 +J(0) +M(C:0K, Fs:218, WS:860K # 860K, PF:5472K # 5472K, P:5472K) [2] 0.000763 +J(0) +M(C:10240K, Fs:111, WS:440K # 440K, PF:388K # 388K, P:388K) [3] 0.000993 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:72K # 72K, P:72K) [4] 0.000234 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.006410 +J(0) +M(C:0K, Fs:16, WS:64K # 64K, PF:20K # 20K, P:20K) [6] 0.022617 +J(0) +M(C:0K, Fs:73, WS:288K # 288K, PF:24K # 24K, P:24K) [7] 0.029417 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.007664 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000117 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000583 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-23 02:25:43 ESENT 916 General SearchIndexer (6840,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:25:43 ESENT 102 General SearchIndexer (6840,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-23 02:25:40 ESENT 916 General taskhostw (4956,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:25:39 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-23 02:25:39 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259066)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 02:25:37 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-23 02:25:28 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 02:25:28 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-23 02:25:28 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-23 02:25:28 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-23 02:25:26 ESENT 916 General svchost (3376,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:25:18 ESENT 916 General svchost (3356,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:25:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-23 02:25:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-23 02:25:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-23 02:25:08 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:08 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 02:25:07 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7750051 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:07 Service1 0 None Service started successfully. Information 2017-12-23 02:25:06 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:06 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-23 02:25:06 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:25:06 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-23 02:25:01 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-23 02:25:01 ESENT 916 General svchost (1864,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 02:24:59 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-23 02:25:00 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-23 02:24:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-23 02:24:57 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-23 02:24:58 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-23 02:24:29 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:24:29 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:24:29 MySQL 100 None "Giving 3 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:24:29 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-23 02:24:28 TV Server 0 None Service has been successfully shut down. Information 2017-12-23 02:24:26 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 02:24:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2017-12-23 02:24:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-23 01:58:42 ESENT 916 General DllHost (7720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:58:17 ESENT 916 General MicrosoftEdge (6052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:49:02 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-23 01:48:22 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:41:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:34:32 ESENT 916 General MicrosoftEdge (7196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:34:00 Windows Error Reporting 1001 None "Fault bucket 133557982759, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe P2: praid:ContentProcess P3: 11.0.16299.15 P4: 59cda7cd P5: 1053 P6: 133120 P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER78C7.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9E4.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA06.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA85.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_991f91c246881aaffa72154da408b259756a640_b3b02568_39afbfcd Analysis symbol: Rechecking for solution: 0 Report Id: 3044e2e3-797c-4703-a64d-60246374552e Report Status: 268435456 Hashed bucket: 3218e28604a314a3b5a2867a77471187" Information 2017-12-23 01:34:00 Windows Error Reporting 1001 None "Fault bucket 133569974237, type 5 Event Name: MoAppCrash Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe P2: praid:ContentProcess P3: 11.0.16299.15 P4: 59cda7cd P5: ntdll.dll P6: 10.0.16299.64 P7: 493793ea P8: cfffffff P9: 00000000000a0f54 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA21.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB976.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB998.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA17.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_7ea33e798678fcc4861688d2bdef72f78c549219_b3b02568_3ae7bf12 Analysis symbol: Rechecking for solution: 0 Report Id: 80c31c12-4443-4edb-a7e6-749c723ad9b5 Report Status: 268435456 Hashed bucket: 68035b3f03f514c4184e9c9d6ebc89b3" Information 2017-12-23 01:33:46 Windows Error Reporting 1001 None "Fault bucket 133565217634, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe P2: praid:ContentProcess P3: 11.0.16299.15 P4: 59cda7cd P5: aa7e P6: 133120 P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER67EE.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A2B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A49.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AD8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_b76dddc4caff4f534efa4818ae45be101363a_b3b02568_3ac787e5 Analysis symbol: Rechecking for solution: 0 Report Id: ef086393-3e83-4c96-a211-9993fb84ffd4 Report Status: 268435456 Hashed bucket: 73f525b00741f8a5d4c86bb563b4a583" Information 2017-12-23 01:33:45 ESENT 916 General MicrosoftEdge (15156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:33:45 Windows Error Reporting 1001 None "Fault bucket 133558833282, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe P2: praid:ContentProcess P3: 11.0.16299.15 P4: 59cda7cd P5: 41ae P6: 133120 P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCADE.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A1C.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A4A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AD7.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_604dd88a41797c0a0a5ec91881a8fd359557747_b3b02568_3b1b8507 Analysis symbol: Rechecking for solution: 0 Report Id: a0663154-752e-4d6a-bfa8-b085f76f3a68 Report Status: 268435456 Hashed bucket: 021fbd0f06b431d73ad817c06b197cba" Error 2017-12-23 01:33:33 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00071402-0001-0000-16fa-ec0100000000} was terminated because it took too long to suspend. Error 2017-12-23 01:33:27 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00181402-0001-0000-16fa-ec0100000000} was terminated because it took too long to suspend. Error 2017-12-23 01:33:24 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00061402-0001-0000-16fa-ec0100000000} was terminated because it took too long to suspend. Error 2017-12-23 01:33:21 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00081402-0001-0000-16fa-ec0100000000} was terminated because it took too long to suspend. Error 2017-12-23 01:32:59 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00111402-0001-0000-16fa-ec0100000000} was terminated because it took too long to suspend. Error 2017-12-23 01:32:57 Application Error 1000 (100) "Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea Exception code: 0xcfffffff Fault offset: 0x00000000000a0f54 Faulting process id: 0x32c8 Faulting application start time: 0x01d37b8552a88073 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 80c31c12-4443-4edb-a7e6-749c723ad9b5 Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess" Error 2017-12-23 01:32:56 Application Error 1000 (100) "Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea Exception code: 0xcfffffff Fault offset: 0x00000000000a0f54 Faulting process id: 0x2334 Faulting application start time: 0x01d37b855fbfc16c Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a0663154-752e-4d6a-bfa8-b085f76f3a68 Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess" Error 2017-12-23 01:32:36 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00131402-0001-0000-16fa-ec0100000000} was terminated because it took too long to suspend. Error 2017-12-23 01:32:35 Application Error 1000 (100) "Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea Exception code: 0xcfffffff Fault offset: 0x00000000000a0f54 Faulting process id: 0x354c Faulting application start time: 0x01d37b85599b3e2d Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 3044e2e3-797c-4703-a64d-60246374552e Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess" Error 2017-12-23 01:32:33 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe+ContentProcess#{00051402-0001-0000-16fa-ec0100000000} was terminated because it took too long to suspend. Error 2017-12-23 01:32:31 Application Error 1000 (100) "Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea Exception code: 0xcfffffff Fault offset: 0x00000000000a0f54 Faulting process id: 0x1708 Faulting application start time: 0x01d37b855cd35db9 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: ef086393-3e83-4c96-a211-9993fb84ffd4 Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess" Information 2017-12-23 01:30:58 ESENT 916 General MicrosoftEdge (12828,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:28:43 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:16:44 ESENT 916 General svchost (5096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:16:44 ESENT 916 General DllHost (7720,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:16:18 ESENT 916 General svchost (8224,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:14:39 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Error 2017-12-23 01:14:02 SideBySide 33 None "Activation context generation failed for ""C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.16299.15_none_e10a04e314dd6b63\Narrator.exe"". Dependent Assembly SRH,type=""win32"",version=""1.0.0.0"" could not be found. Please use sxstrace.exe for detailed diagnosis." Information 2017-12-23 01:13:56 ESENT 916 General taskhostw (12608,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:13:52 ESENT 916 General svchost (3140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:13:43 ESENT 916 General taskhostw (12608,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:13:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-23 01:13:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-23 01:13:41 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 01:13:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-23 01:13:39 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 01:13:39 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-23 01:13:38 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-23 01:13:38 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 01:12:52 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-23 01:12:51 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 3028 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3028 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3028 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8116 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8116 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 8116 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-23 01:12:51 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 43 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 676 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications Process 9156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 8116 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 6268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 6268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 6268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 6268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 532 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3644 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 5304 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 6268 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3120 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2212 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-23 01:12:51 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 01:12:51 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-23 01:12:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-23 01:12:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-23 01:12:48 Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: chrome.exe. Information 2017-12-23 01:12:41 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-23 00:40:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-23 00:24:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T23:09:36Z. Reason: RulesEngine. Information 2017-12-23 00:24:06 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/20:23:10:01;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Error 2017-12-23 00:12:36 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Information 2017-12-23 00:11:19 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-23 00:11:13 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-23 00:11:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-23 00:11:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 00:11:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 00:11:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 00:11:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 00:11:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 00:11:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-23 00:10:50 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 23:09" Information 2017-12-23 00:10:42 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.88.125.175:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 23:09, 1, 1, 258754, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-23 00:08:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T15:33:40Z. Reason: RulesEngine. Information 2017-12-23 00:07:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T15:33:36Z. Reason: RulesEngine. Information 2017-12-22 23:46:01 ESENT 916 General MicrosoftEdge (2004,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 23:44:37 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-22 23:39:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 23:34:36 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <6252DC40F71143A22FDE9EF7348E064251B18118>. Information 2017-12-22 23:28:55 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 23:28:27 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎22T22:28:27.055340600Z. Information 2017-12-22 23:27:09 ESENT 916 General svchost (6948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 23:20:34 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎22T22:20:08.014015100Z. Information 2017-12-22 23:20:34 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎22T22:20:05.236176100Z. Information 2017-12-22 23:20:34 MsiInstaller 1042 None Ending a Windows Installer transaction: {82B9AF2D-4254-428A-9D1E-7714BA91A4B0}. Client Process Id: 336. Information 2017-12-22 23:20:34 MsiInstaller 1034 None Windows Installer removed the product. Product Name: AVG PC TuneUp. Product Version: 16.76.2. Product Language: 0. Manufacturer: AVG Technologies. Removal success or error status: 0. Information 2017-12-22 23:20:34 MsiInstaller 11724 None Product: AVG PC TuneUp -- Removal completed successfully. Information 2017-12-22 23:20:08 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎22T22:20:08.014015100Z. Information 2017-12-22 23:20:08 Microsoft-Windows-RestartManager 10005 None Machine restart is required. Warning 2017-12-22 23:20:07 Microsoft-Windows-RestartManager 10010 None Application 'C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe' (pid 5604) cannot be restarted - Application SID does not match Conductor SID.. Information 2017-12-22 23:20:05 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎22T22:20:05.236176100Z. Information 2017-12-22 23:20:05 MsiInstaller 1040 None Beginning a Windows Installer transaction: {82B9AF2D-4254-428A-9D1E-7714BA91A4B0}. Client Process Id: 336. Information 2017-12-22 22:41:34 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 22:39:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 21:43:02 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 21:38:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 20:41:15 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 20:37:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 20:33:55 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 20:33:55 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 19:40:16 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 19:36:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 18:47:41 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 18:35:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 18:12:02 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2017-12-22 17:48:56 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Information 2017-12-22 17:48:36 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 17:34:00 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:48:38 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Error 2017-12-22 16:47:20 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Information 2017-12-22 16:46:59 ESENT 916 General DllHost (8704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:44:06 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T15:34:06Z. Reason: RulesEngine. Information 2017-12-22 16:43:36 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 16:43:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 16:43:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:43:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:43:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:43:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:43:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:43:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:43:33 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 15:43" Information 2017-12-22 16:43:32 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.95.106.28:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 15:43, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 16:41:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T15:33:33Z. Reason: RulesEngine. Information 2017-12-22 16:38:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T15:33:33Z. Reason: RulesEngine. Error 2017-12-22 16:37:22 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 137c Start Time: 01d37b3a26d5df6f Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 530af8a0-bb6d-4b2b-ae30-7a045bb62bec Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-22 16:37:22 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7174.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7192.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7220.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_22d87720 Analysis symbol: Rechecking for solution: 0 Report Id: 530af8a0-bb6d-4b2b-ae30-7a045bb62bec Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Information 2017-12-22 16:37:19 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Error 2017-12-22 16:37:19 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-22 16:36:18 ESENT 916 General svchost (3140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:35:47 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T15:33:47Z. Reason: RulesEngine. Information 2017-12-22 16:35:15 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 16:35:08 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-22 16:34:42 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 16:34:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T15:33:42Z. Reason: RulesEngine. Information 2017-12-22 16:34:36 ESENT 916 General svchost (5296,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:34:12 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/20:15:34:11;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-22 16:34:06 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 16:33:59 Microsoft-Windows-Security-SPP 8197 None "SLUI.exe was launched with the following command-line parameters: RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;Trigger=TimerEvent" Information 2017-12-22 16:33:57 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:33:56 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/20:15:31:55;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-22 16:33:48 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 16:33:48 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 16:33:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:33:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:33:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:33:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:33:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:33:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 16:33:45 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 15:33" Information 2017-12-22 16:33:44 TV Server 0 None Service started successfully. Information 2017-12-22 16:33:44 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.234.97.4:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 15:33, 1, 1, 259198, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Warning 2017-12-22 16:33:34 MySQL 100 None "Host name 'DESKTOP-57M3LFG.lan' could not be resolved: No such host is known. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:33 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 16:33:32 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259198)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Warning 2017-12-22 16:33:30 Microsoft-Windows-Security-SPP 8225 None "The existing scheduler data does not match the expected data. The schedule will be re-evaluated. Reason:0x8007000D" Information 2017-12-22 16:33:30 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 16:33:30 ESENT 916 General svchost (8116,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:33:29 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 16:33:27 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 16:33:24 ESENT 326 General "SearchIndexer (6980,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000081:0047:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001794 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.054286 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:15, WS:28K # 0K, PF:20K # 0K, P:20K) [4] 0.000656 +J(0) [5] - [6] - [7] 0.059761 -0.002199 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:31, WS:120K # 0K, PF:516K # 0K, P:516K) [8] 0.001332 -0.000846 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:61, WS:244K # 0K, PF:224K # 0K, P:224K) [9] 0.000941 -0.000614 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000040 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 16:33:24 ESENT 105 General "SearchIndexer (6980,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000081:002B:0000 - 00000081:0045:0000 - 00000000:0000:0000 - 00000081:0045:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.002598 +J(0) +M(C:0K, Fs:160, WS:628K # 628K, PF:5468K # 5468K, P:5468K) [2] 0.000843 +J(0) +M(C:10240K, Fs:137, WS:548K # 548K, PF:388K # 388K, P:388K) [3] 0.000055 +J(0) +M(C:0K, Fs:11, WS:36K # 36K, PF:68K # 68K, P:68K) [4] 0.000211 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.021045 +J(0) +M(C:0K, Fs:15, WS:60K # 60K, PF:20K # 20K, P:20K) [6] 0.005179 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.016266 +J(0) +M(C:0K, Fs:275, WS:1100K # 1100K, PF:1024K # 1024K, P:1024K) [8] 0.105486 -0.017167 (17) CM +J(CM:17, PgRf:114, Rd:0/17, Dy:17/211, Lg:275798/754) +M(C:0K, Fs:941, WS:1968K # 1968K, PF:1768K # 1768K, P:1768K) [9] - [10] 0.002612 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000301 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.110748 -0.000010 (17) CM +J(CM:17, PgRf:0, Rd:0/17, Dy:0/0, Lg:0/0) +M(C:0K, Fs:78, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.190898 -0.001217 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:308, WS:-1324K # 0K, PF:-608K # 0K, P:-608K) [14] 0.000029 +J(0) [15] 0.000049 +J(0) [16] 0.000779 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 16:33:24 ESENT 302 Logging/Recovery SearchIndexer (6980,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 16:33:23 ESENT 301 Logging/Recovery "SearchIndexer (6980,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 16:33:23 ESENT 300 Logging/Recovery SearchIndexer (6980,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 16:33:23 ESENT 916 General SearchIndexer (6980,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:33:23 ESENT 102 General SearchIndexer (6980,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 16:33:11 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7746675 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:11 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:10 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:10 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: The log sequence numbers 7742737 and 7742737 in ibdata files do not match the log sequence number 7746675 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:09 ESENT 916 General taskhostw (3328,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Warning 2017-12-22 16:33:09 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:33:08 ESENT 916 General svchost (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:33:08 Service1 0 None Service started successfully. Information 2017-12-22 16:33:06 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 16:32:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 16:32:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 16:32:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 16:32:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 16:32:58 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 16:32:58 ESENT 916 General svchost (3140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:32:51 ESENT 916 General taskhostw (3328,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:32:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 16:32:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 16:32:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 16:32:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 16:32:47 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 16:32:46 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 16:32:44 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 16:32:43 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 16:32:41 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 16:32:42 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 16:31:15 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 16:31:14 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 16:30:53 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:53 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:52 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:52 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:52 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:52 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:52 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7746194 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:52 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:52 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:51 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:51 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: The log sequence numbers 7742737 and 7742737 in ibdata files do not match the log sequence number 7746194 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:50 Service1 0 None Service started successfully. Warning 2017-12-22 16:30:50 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 16:30:48 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 16:30:46 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 16:30:44 ESENT 916 General svchost (4492,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:30:44 ESENT 326 General "SearchIndexer (5644,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000081:002C:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001072 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.022068 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:18, WS:40K # 0K, PF:20K # 0K, P:20K) [4] 0.000589 +J(0) [5] - [6] - [7] 0.066839 -0.001536 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:108K # 0K, PF:512K # 0K, P:512K) [8] 0.001219 -0.000765 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:61, WS:244K # 0K, PF:224K # 0K, P:224K) [9] 0.000938 -0.000602 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000047 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 16:30:44 ESENT 105 General "SearchIndexer (5644,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000081:0013:0000 - 00000081:002A:0000 - 00000000:0000:0000 - 00000081:002A:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.002874 +J(0) +M(C:0K, Fs:186, WS:728K # 728K, PF:5472K # 5472K, P:5472K) [2] 0.000784 +J(0) +M(C:10240K, Fs:134, WS:536K # 536K, PF:384K # 384K, P:384K) [3] 0.000051 +J(0) +M(C:0K, Fs:8, WS:32K # 32K, PF:64K # 64K, P:64K) [4] 0.000203 +J(0) +M(C:0K, Fs:26, WS:96K # 96K, PF:232K # 232K, P:232K) [5] 0.006009 +J(0) +M(C:0K, Fs:15, WS:60K # 60K, PF:20K # 20K, P:20K) [6] 0.004461 +J(0) +M(C:0K, Fs:38, WS:152K # 152K, PF:16K # 16K, P:16K) [7] 0.026420 +J(0) +M(C:0K, Fs:332, WS:1324K # 1324K, PF:1052K # 1052K, P:1052K) [8] 0.070917 -0.008155 (8) CM +J(CM:8, PgRf:67, Rd:0/8, Dy:8/126, Lg:166296/354) +M(C:0K, Fs:662, WS:1700K # 1700K, PF:1452K # 1452K, P:1452K) [9] - [10] 0.002470 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000080 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.060061 -0.000004 (8) CM +J(CM:8, PgRf:0, Rd:0/8, Dy:0/0, Lg:0/0) +M(C:0K, Fs:49, WS:8K # 0K, PF:0K # 0K, P:0K) [13] 0.100968 -0.001424 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:312, WS:-1024K # 0K, PF:-316K # 0K, P:-316K) [14] 0.000031 +J(0) [15] 0.000045 +J(0) [16] 0.000592 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 16:30:44 ESENT 302 Logging/Recovery SearchIndexer (5644,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 16:30:43 ESENT 301 Logging/Recovery "SearchIndexer (5644,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 16:30:43 ESENT 300 Logging/Recovery SearchIndexer (5644,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 16:30:43 ESENT 916 General SearchIndexer (5644,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:30:43 ESENT 102 General SearchIndexer (5644,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 16:30:40 ESENT 916 General taskhostw (3312,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:30:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 16:30:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 16:30:34 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 16:30:33 ESENT 916 General svchost (3152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:30:26 ESENT 916 General taskhostw (3312,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 16:30:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 16:30:23 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 16:30:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 16:30:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 16:30:21 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 16:30:20 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 16:30:17 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 16:30:16 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 16:30:17 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 16:30:16 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 14:27:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:43Z. Reason: RulesEngine. Information 2017-12-22 14:27:13 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 14:27:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 14:27:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:27:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:27:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:27:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:27:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:27:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:27:10 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 13:27" Information 2017-12-22 14:27:08 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.130.184.183:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 13:27, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 14:21:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:42:27Z. Reason: RulesEngine. Information 2017-12-22 14:19:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:44Z. Reason: RulesEngine. Information 2017-12-22 14:19:13 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 14:18:30 ESENT 916 General svchost (4164,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:18:02 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 14:18:02 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:42:02Z. Reason: RulesEngine. Information 2017-12-22 14:17:50 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 14:17:42 ESENT 916 General svchost (5308,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:17:34 TV Server 0 None Service started successfully. Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:17:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:17:29 ESENT 916 General svchost (2900,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:17:28 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 13:17" Information 2017-12-22 14:17:26 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.201.213.168:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 13:17, 1, 1, 259195, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 14:17:21 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 14:17:19 ESENT 326 General "SearchIndexer (7172,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000081:0014:0268 Internal Timing Sequence: [1] 0.000012 +J(0) [2] 0.001433 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.059966 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:20K # 0K, P:20K) [4] 0.001598 +J(0) [5] - [6] - [7] 0.048980 -0.002603 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:18, WS:72K # 0K, PF:512K # 0K, P:512K) [8] 0.009206 -0.008727 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.001157 -0.000808 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 0K, P:96K) [10] 0.000042 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000109 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 14:17:19 ESENT 105 General "SearchIndexer (7172,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000080:00F9:0000 - 00000081:0001:0000 - 00000081:0012:0000 - 00000081:0012:0000 (00000000:0000:0000) cReInits = 7 Internal Timing Sequence: [1] 0.005153 +J(0) +M(C:0K, Fs:205, WS:804K # 804K, PF:5472K # 5464K, P:5472K) [2] 0.000636 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000034 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000179 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.011166 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.012961 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.008283 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1040K # 1040K, P:1040K) [8] 0.119218 -0.003659 (2) CM +J(CM:2, PgRf:12, Rd:6/2, Dy:2/22, Lg:1017983/3553) +M(C:0K, Fs:569, WS:1460K # 1468K, PF:1504K # 1504K, P:1504K) + 1 lgens [9] 0.041441 -0.000101 (6) CM +J(CM:6, PgRf:55, Rd:0/6, Dy:6/104, Lg:68952/155) +M(C:0K, Fs:97, WS:356K # 348K, PF:0K # 32K, P:0K) [10] 0.002903 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000099 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.061637 -0.000006 (8) CM +J(CM:8, PgRf:0, Rd:0/8, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.072202 -0.001343 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-1060K # 0K, PF:-348K # 0K, P:-348K) [14] 0.000031 +J(0) [15] 0.000050 +J(0) [16] 0.000794 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 14:17:19 ESENT 302 Logging/Recovery SearchIndexer (7172,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 14:17:19 ESENT 301 Logging/Recovery "SearchIndexer (7172,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.098260 -0.003659 (2) CM +J(CM:2, PgRf:12, Rd:6/2, Dy:2/22, Lg:1017983/3553) +M(C:0K, Fs:308, WS:520K # 432K, PF:676K # 580K, P:676K)." Information 2017-12-22 14:17:19 ESENT 301 Logging/Recovery "SearchIndexer (7172,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00080.jtx. Previous Log Processing Stats: " Information 2017-12-22 14:17:19 ESENT 300 Logging/Recovery SearchIndexer (7172,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 14:17:19 ESENT 916 General SearchIndexer (7172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:17:19 ESENT 102 General SearchIndexer (7172,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 14:17:16 ESENT 916 General taskhostw (3112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:17:12 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 14:17:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259195)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 14:17:09 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 14:17:07 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 14:17:04 ESENT 916 General svchost (4196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:17:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:17:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:17:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:17:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:17:03 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 14:16:53 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:53 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:52 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:52 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:52 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:52 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:52 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7744921 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:52 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:52 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: The log sequence numbers 7742737 and 7742737 in ibdata files do not match the log sequence number 7744921 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:51 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:50 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:50 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:50 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:50 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:50 ESENT 916 General svchost (2900,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Warning 2017-12-22 14:16:50 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:16:49 Service1 0 None Service started successfully. Information 2017-12-22 14:16:49 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 14:16:43 ESENT 916 General taskhostw (3112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:16:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 14:16:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 14:16:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 14:16:42 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 14:16:40 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 14:16:39 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 14:16:36 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 14:16:35 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 14:16:35 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 14:16:34 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 14:14:52 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:52Z. Reason: RulesEngine. Information 2017-12-22 14:13:53 TV Server 0 None Service stopped successfully. Information 2017-12-22 14:13:38 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 14:12:56 ESENT 916 General svchost (5020,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:12:41 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 14:12:41 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:41Z. Reason: RulesEngine. Information 2017-12-22 14:12:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 14:12:14 ESENT 916 General svchost (5352,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:12:11 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 14:12:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 14:12:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:12:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:12:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:12:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:12:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:12:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:12:08 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 13:12" Information 2017-12-22 14:12:07 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.223.98.3:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 13:12, 1, 1, 259190, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 14:12:03 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 14:12:03 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259190)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 14:12:02 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 14:12:01 TV Server 0 None Service started successfully. Information 2017-12-22 14:11:58 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 14:11:57 ESENT 326 General "SearchIndexer (8124,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000080:00FA:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001312 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.024052 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:17, WS:36K # 0K, PF:52K # 0K, P:52K) [4] 0.000697 +J(0) [5] - [6] - [7] 0.028249 -0.002204 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:104K # 0K, PF:512K # 0K, P:512K) [8] 0.001307 -0.000834 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.001146 -0.000712 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:40K # 0K, PF:100K # 0K, P:100K) [10] 0.000042 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 14:11:56 ESENT 105 General "SearchIndexer (8124,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000080:00DC:0000 - 00000080:00F8:0000 - 00000000:0000:0000 - 00000080:00F8:0000 (00000000:0000:0000) cReInits = 6 Internal Timing Sequence: [1] 0.004092 +J(0) +M(C:0K, Fs:204, WS:800K # 800K, PF:5476K # 5476K, P:5476K) [2] 0.000776 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000043 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000190 +J(0) +M(C:0K, Fs:23, WS:88K # 88K, PF:224K # 224K, P:224K) [5] 0.010472 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.005490 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.005764 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1040K # 1040K, P:1040K) [8] 0.142406 -0.027762 (18) CM +J(CM:18, PgRf:102, Rd:0/18, Dy:18/186, Lg:993453/3510) +M(C:0K, Fs:1831, WS:2124K # 2124K, PF:1828K # 1828K, P:1828K) [9] - [10] 0.002218 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000103 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.110463 -0.000007 (18) CM +J(CM:18, PgRf:0, Rd:0/18, Dy:0/0, Lg:0/0) +M(C:0K, Fs:83, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.111509 -0.001478 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-1384K # 0K, PF:-1416K # 0K, P:-1416K) [14] 0.000028 +J(0) [15] 0.000051 +J(0) [16] 0.000793 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 14:11:56 ESENT 302 Logging/Recovery SearchIndexer (8124,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 14:11:56 ESENT 301 Logging/Recovery "SearchIndexer (8124,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 14:11:56 ESENT 300 Logging/Recovery SearchIndexer (8124,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 14:11:56 ESENT 916 General SearchIndexer (8124,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:11:56 ESENT 102 General SearchIndexer (8124,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 14:11:56 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 14:11:36 ESENT 916 General taskhostw (2120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:11:32 ESENT 916 General svchost (4892,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:11:30 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:30 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:29 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:29 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:29 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:29 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:29 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7744190 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:29 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:29 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: The log sequence numbers 7742737 and 7742737 in ibdata files do not match the log sequence number 7744190 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:28 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 14:11:27 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:11:27 Service1 0 None Service started successfully. Information 2017-12-22 14:11:26 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 14:11:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:11:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:11:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:11:19 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:11:19 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 14:11:18 ESENT 916 General svchost (2096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:11:12 ESENT 916 General taskhostw (2120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:11:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 14:11:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 14:11:10 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 14:11:10 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 14:11:08 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 14:11:08 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 14:11:05 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 14:11:04 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 14:11:04 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 14:11:03 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 14:08:24 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-22 14:05:11 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:42:11Z. Reason: RulesEngine. Information 2017-12-22 14:03:30 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 14:02:28 ESENT 916 General svchost (3820,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:02:03 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 14:02:02 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:42:01Z. Reason: RulesEngine. Information 2017-12-22 14:01:47 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 14:01:45 ESENT 916 General MicrosoftEdge (8524,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:01:41 ESENT 916 General svchost (5308,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:01:34 TV Server 0 None Service started successfully. Information 2017-12-22 14:01:31 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 14:01:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 14:01:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:01:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:01:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:01:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:01:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:01:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 14:01:27 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 13:01" Information 2017-12-22 14:01:25 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 14:01:25 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.103.27.181:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 13:01, 1, 1, 259195, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 14:01:25 ESENT 916 General svchost (3232,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:01:24 ESENT 326 General "SearchIndexer (7576,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000080:00DD:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001263 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.046996 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:20K # 0K, P:20K) [4] 0.000720 +J(0) [5] - [6] - [7] 0.089021 -0.002137 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:108K # 0K, PF:512K # 0K, P:512K) [8] 0.015445 -0.001470 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:61, WS:240K # 0K, PF:228K # 0K, P:228K) [9] 0.000957 -0.000622 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000040 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000111 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 14:01:24 ESENT 105 General "SearchIndexer (7576,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000080:00C4:0000 - 00000080:00DB:0000 - 00000000:0000:0000 - 00000080:00DB:0000 (00000000:0000:0000) cReInits = 5 Internal Timing Sequence: [1] 0.002361 +J(0) +M(C:0K, Fs:161, WS:628K # 628K, PF:5472K # 5472K, P:5472K) [2] 0.000814 +J(0) +M(C:10240K, Fs:126, WS:500K # 500K, PF:392K # 392K, P:392K) [3] 0.000045 +J(0) +M(C:0K, Fs:5, WS:16K # 16K, PF:68K # 68K, P:68K) [4] 0.000229 +J(0) +M(C:0K, Fs:40, WS:160K # 160K, PF:224K # 224K, P:224K) [5] 0.009053 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:20K # 20K, P:20K) [6] 0.005236 +J(0) +M(C:0K, Fs:38, WS:152K # 152K, PF:16K # 16K, P:16K) [7] 0.022975 +J(0) +M(C:0K, Fs:323, WS:1288K # 1288K, PF:1052K # 1052K, P:1052K) [8] 0.090510 -0.014524 (8) CM +J(CM:8, PgRf:67, Rd:0/8, Dy:8/126, Lg:875829/3141) +M(C:0K, Fs:569, WS:1668K # 1668K, PF:1512K # 1512K, P:1512K) [9] - [10] 0.002276 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000076 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.073595 -0.000007 (8) CM +J(CM:8, PgRf:0, Rd:0/8, Dy:0/0, Lg:0/0) +M(C:0K, Fs:48, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.120722 -0.001364 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:307, WS:-1048K # 0K, PF:-316K # 0K, P:-316K) [14] 0.000028 +J(0) [15] 0.000048 +J(0) [16] 0.000744 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 14:01:24 ESENT 302 Logging/Recovery SearchIndexer (7576,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 14:01:24 ESENT 301 Logging/Recovery "SearchIndexer (7576,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 14:01:24 ESENT 300 Logging/Recovery SearchIndexer (7576,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 14:01:24 ESENT 916 General SearchIndexer (7576,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:01:24 ESENT 102 General SearchIndexer (7576,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 14:01:19 ESENT 916 General taskhostw (3472,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:01:14 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 14:01:14 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259195)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 14:01:11 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 14:01:10 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 14:01:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:01:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:01:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 14:01:02 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 14:01:01 ESENT 916 General svchost (3232,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:01:01 ESENT 916 General svchost (3800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:00:47 Service1 0 None Service started successfully. Information 2017-12-22 14:00:47 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7743709 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:47 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:46 ESENT 916 General taskhostw (3472,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 14:00:46 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:46 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: The log sequence numbers 7742737 and 7742737 in ibdata files do not match the log sequence number 7743709 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:45 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 14:00:45 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 14:00:44 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 14:00:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 14:00:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 14:00:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 14:00:41 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 14:00:40 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 14:00:38 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 14:00:36 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 14:00:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 14:00:33 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 14:00:34 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 13:56:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:43Z. Reason: RulesEngine. Error 2017-12-22 13:56:23 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 12cc Start Time: 01d37b22b0f0f423 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 90b6c1d8-ba53-48f0-b58e-3417e7fb21f4 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-22 13:56:23 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6DA.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6F8.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC796.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_2502ce9a Analysis symbol: Rechecking for solution: 0 Report Id: 90b6c1d8-ba53-48f0-b58e-3417e7fb21f4 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2017-12-22 13:56:20 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error 2017-12-22 13:56:20 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-22 13:56:18 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-22 13:56:16 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-22 13:55:59 ESENT 916 General DllHost (7184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:55:49 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 13:55:49 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 13:55:49 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:55:49 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:55:48 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:55:48 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:55:48 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:55:48 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:55:46 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 12:55" Information 2017-12-22 13:55:45 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.27.246.160:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 12:55, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 13:50:13 ESENT 916 General svchost (7364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:49:46 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:46Z. Reason: RulesEngine. Information 2017-12-22 13:48:50 ESENT 916 General svchost (6268,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:47:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:58Z. Reason: RulesEngine. Information 2017-12-22 13:47:26 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 13:47:25 ESENT 916 General svchost (5880,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:46:40 ESENT 916 General svchost (6092,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:46:31 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 13:46:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:41:31Z. Reason: RulesEngine. Information 2017-12-22 13:46:18 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 13:46:00 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 13:46:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 13:46:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:46:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:46:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:46:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:45:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:45:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:45:57 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 12:45" Information 2017-12-22 13:45:55 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.237.15.252:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 12:45, 1, 1, 259197, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 13:45:51 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 13:45:51 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259197)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 13:45:49 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 13:45:48 TV Server 0 None Service started successfully. Information 2017-12-22 13:45:44 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 13:45:21 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:21 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:20 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:20 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:20 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:20 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:20 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7743218 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:20 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:20 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: The log sequence numbers 7742737 and 7742737 in ibdata files do not match the log sequence number 7743218 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:19 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 13:45:19 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:45:18 Service1 0 None Service started successfully. Information 2017-12-22 13:45:17 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 13:45:14 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 13:45:13 ESENT 326 General "SearchIndexer (5396,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000080:00C5:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001075 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.017792 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:20K # 0K, P:20K) [4] 0.000530 +J(0) [5] - [6] - [7] 0.043275 -0.001534 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:98, WS:384K # 0K, PF:1316K # 0K, P:1316K) [8] 0.001120 -0.000676 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000906 -0.000588 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:40K # 0K, PF:100K # 0K, P:100K) [10] 0.000043 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 13:45:13 ESENT 105 General "SearchIndexer (5396,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000080:00AC:0000 - 00000080:00C3:0000 - 00000000:0000:0000 - 00000080:00C3:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.005273 +J(0) +M(C:0K, Fs:218, WS:860K # 860K, PF:5468K # 5468K, P:5468K) [2] 0.000747 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000963 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000276 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.005719 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004819 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.017848 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1028K # 1028K, P:1028K) [8] 0.131329 -0.007624 (8) CM +J(CM:8, PgRf:67, Rd:0/8, Dy:8/126, Lg:778485/2942) +M(C:0K, Fs:1099, WS:1668K # 1668K, PF:1508K # 1508K, P:1508K) [9] - [10] 0.002048 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000080 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.053333 -0.000007 (8) CM +J(CM:8, PgRf:0, Rd:0/8, Dy:0/0, Lg:0/0) +M(C:0K, Fs:49, WS:8K # 0K, PF:0K # 0K, P:0K) [13] 0.099658 -0.001513 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:313, WS:-1036K # 0K, PF:-1056K # 0K, P:-1056K) [14] 0.000033 +J(0) [15] 0.000048 +J(0) [16] 0.000538 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 13:45:13 ESENT 302 Logging/Recovery SearchIndexer (5396,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 13:45:12 ESENT 301 Logging/Recovery "SearchIndexer (5396,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 13:45:12 ESENT 300 Logging/Recovery SearchIndexer (5396,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 13:45:12 ESENT 916 General SearchIndexer (5396,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:45:12 ESENT 102 General SearchIndexer (5396,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 13:45:11 ESENT 916 General svchost (5052,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:45:10 ESENT 916 General taskhostw (3140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:45:03 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:45:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:45:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:45:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:45:02 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 13:45:02 ESENT 916 General svchost (2660,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:44:55 ESENT 916 General taskhostw (3140,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:44:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 13:44:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 13:44:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 13:44:53 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 13:44:52 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 13:44:51 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 13:44:48 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 13:44:47 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 13:44:46 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 13:44:46 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 13:43:11 ESENT 916 General svchost (6040,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:43:01 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 13:43:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T12:42:00Z. Reason: RulesEngine. Information 2017-12-22 13:42:46 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 13:42:30 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/20:12:42:30;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-22 13:42:24 ESENT 916 General svchost (7020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:42:21 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 13:42:20 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 13:42:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 13:42:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:42:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:42:20 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:42:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:42:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:42:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 13:42:17 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 12:42" Information 2017-12-22 13:42:16 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.57.45.231:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 12:42, 1, 1, 258500, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 13:42:14 TV Server 0 None Service started successfully. Information 2017-12-22 13:42:12 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 13:42:12 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258500)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 13:42:11 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 13:42:11 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 13:41:49 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:49 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:48 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:48 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:48 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:48 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:48 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7742737 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:48 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:48 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:47 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 13:41:47 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:41:46 Service1 0 None Service started successfully. Information 2017-12-22 13:41:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 13:41:41 ESENT 916 General svchost (4968,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:41:41 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 13:41:40 ESENT 326 General "SearchIndexer (5752,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000080:00AD:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.001744 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.022705 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000542 +J(0) [5] - [6] - [7] 0.033011 -0.001641 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:53, WS:208K # 0K, PF:664K # 0K, P:664K) [8] 0.001342 -0.000862 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.000954 -0.000599 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000038 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 13:41:40 ESENT 105 General "SearchIndexer (5752,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.005579 +J(0) +M(C:0K, Fs:215, WS:848K # 848K, PF:5468K # 5468K, P:5468K) [2] 0.000751 +J(0) +M(C:10240K, Fs:103, WS:408K # 408K, PF:388K # 388K, P:388K) [3] 0.001097 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000241 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.006066 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.006935 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:16K # 16K, P:16K) [7] 0.012429 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.007254 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000040 +J(0) [15] 0.000108 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000600 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 13:41:40 ESENT 916 General SearchIndexer (5752,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:41:40 ESENT 102 General SearchIndexer (5752,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 13:41:36 ESENT 916 General taskhostw (3044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:41:32 ESENT 916 General svchost (3836,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:41:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:41:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:41:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:41:29 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 13:41:29 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 13:41:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 13:41:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 13:41:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 13:41:19 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 13:41:18 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 13:41:17 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 13:41:17 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 13:41:16 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 13:41:14 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 13:41:15 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 13:40:46 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-22 13:40:45 Service1 0 None Service has been successfully shut down. Information 2017-12-22 13:40:45 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:40:45 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:40:45 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 13:40:44 TV Server 0 None Service has been successfully shut down. Information 2017-12-22 13:40:42 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-22 13:40:42 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 29 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 8468 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3388 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 8772 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-22 13:40:42 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 13:40:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 2 The request is not supported " Information 2017-12-22 13:40:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-22 13:20:06 ESENT 916 General svchost (5036,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:20:06 ESENT 916 General DllHost (11776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:20:02 ESENT 916 General svchost (4908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:16:59 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-22 13:13:57 ESENT 916 General svchost (3176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:12:11 ESENT 916 General svchost (9140,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:03:00 ESENT 916 General svchost (3176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:02:58 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-22 13:00:08 ESENT 916 General svchost (9140,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:00:03 ESENT 326 General "svchost (9432,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000002:0009:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.004771 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.034671 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:9, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.001593 +J(0) [5] - [6] - [7] 0.001964 -0.001176 (1) CM +J(CM:1, PgRf:2, Rd:16/0, Dy:0/0, Lg:0/0) +M(C:56K, Fs:19, WS:76K # 44K, PF:64K # 36K, P:64K) [8] 0.000958 -0.000519 (1) CM +J(CM:1, PgRf:23, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:108K # 108K, PF:200K # 196K, P:200K) [9] 0.000979 -0.000677 (2) CM +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [10] 0.000036 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 13:00:03 ESENT 105 General "svchost (9432,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000002:0005:0000 - 00000002:0007:0000 - 00000000:0000:0000 - 00000002:0007:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.005095 +J(0) +M(C:0K, Fs:162, WS:644K # 644K, PF:3412K # 3412K, P:3412K) [2] 0.001118 +J(0) +M(C:8K, Fs:87, WS:344K # 344K, PF:300K # 300K, P:300K) [3] 0.000087 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000580 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:160K # 160K, P:160K) [5] 0.012174 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:24K # 24K, P:24K) [6] 0.054635 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:24K # 24K, P:24K) [7] 0.004531 +J(0) +M(C:0K, Fs:35, WS:140K # 140K, PF:64K # 64K, P:64K) [8] 0.091950 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24326/118) +M(C:0K, Fs:123, WS:340K # 340K, PF:220K # 224K, P:220K) [9] - [10] 0.002827 +J(0) +M(C:0K, Fs:6, WS:-36K # 20K, PF:-4K # 52K, P:-4K) [11] 0.000055 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.002483 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.086813 -0.000703 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:51, WS:84K # 108K, PF:160K # 168K, P:160K) [14] 0.000030 +J(0) [15] 0.000025 +J(0) [16] 0.005231 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 13:00:03 ESENT 302 Logging/Recovery svchost (9432,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-22 13:00:03 ESENT 301 Logging/Recovery "svchost (9432,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: " Information 2017-12-22 13:00:03 ESENT 300 Logging/Recovery svchost (9432,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-22 13:00:03 ESENT 916 General svchost (9432,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 13:00:03 ESENT 102 General svchost (9432,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 12:59:20 ESENT 916 General svchost (4908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 12:59:10 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-22 12:22:45 Windows Error Reporting 1001 None "Fault bucket 129595456064, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 2151672980673508330 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: System.Windows.Forms P5: 4.7.2556.0 P6: 59b8360c P7: d16 P8: 17 P9: System.InvalidOperationException P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER889D.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AA0.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9ACD.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B6A.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERA2CF.tmp.appcompat.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERA5ED.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SetupTv.exe_18cbf367353c471fe2e72549821d891a843e94e9_acb3f77f_cab_274abe05 Analysis symbol: Rechecking for solution: 0 Report Id: baabf024-6117-418c-af4e-7492ddb943da Report Status: 268435464 Hashed bucket: 7dfb8a62212e65bfc05de97a32da4be5" Error 2017-12-22 12:22:31 Application Error 1000 (100) "Faulting application name: SetupTv.exe, version: 1.18.0.0, time stamp: 0x59d9d5c3 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x890 Faulting application start time: 0x01d37b16f6887308 Faulting application path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: baabf024-6117-418c-af4e-7492ddb943da Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 12:22:31 .NET Runtime 1026 None Application: SetupTv.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.InvalidOperationException at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean) at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[]) at System.Windows.Forms.Control.Invoke(System.Delegate) at SetupTv.Sections.Helpers.ChannelListViewHandler.FillListViewChannels(System.Object) at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart(System.Object) Information 2017-12-22 12:08:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T01:01:07Z. Reason: RulesEngine. Information 2017-12-22 12:06:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T01:00:36Z. Reason: RulesEngine. Information 2017-12-22 12:04:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 12:04:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 12:03:57 ESENT 916 General MicrosoftEdge (780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 12:03:10 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 12:02:41 ESENT 916 General svchost (4908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 12:02:23 ESENT 916 General taskhostw (6488,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 12:02:18 ESENT 916 General svchost (2832,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 12:02:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-22 12:02:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-22 12:02:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 12:02:12 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 12:02:10 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-22 12:02:09 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 12:02:09 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 12:02:08 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-22 02:21:14 TV Server 0 None PowerEvent handled successfully by the service. Information 2017-12-22 02:21:13 ESENT 916 General svchost (3176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 02:21:13 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft " Information 2017-12-22 02:21:13 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 27 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 652 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2264 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3388 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4908 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 4908 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4908 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4908 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 512 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 804 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4908 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2676 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-22 02:21:12 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 02:21:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-22 02:21:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-22 02:21:11 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-22 02:21:04 ESENT 916 General DllHost (8348,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2017-12-22 02:16:08 Application Hang 1002 (101) "The program kodi.exe version 17.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: f2c Start Time: 01d37ac10c92376c Termination Time: 131 Application Path: D:\Kodi 17.6\App\kodi.exe Report Id: d9a08c98-c857-4118-9f76-23bbf0867641 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-22 02:16:07 Windows Error Reporting 1001 None "Fault bucket 1318994625224398950, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: c34e P5: 134217728 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3CDC.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D09.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D87.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER51BD.tmp.appcompat.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_kodi.exe_245ec4a273c555826f0d6f7d4bd22e51d9be42_4a57e4ee_0cef59d8 Analysis symbol: Rechecking for solution: 0 Report Id: d9a08c98-c857-4118-9f76-23bbf0867641 Report Status: 268435456 Hashed bucket: 2e26d940d6f06f1e124e029f91265866" Information 2017-12-22 02:05:58 ESENT 916 General svchost (4908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 02:02:02 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-21T01:01:02Z. Reason: RulesEngine. Information 2017-12-22 02:01:32 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/20:01:01:31;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-22 02:01:23 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 02:01:22 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 02:01:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 02:01:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 02:01:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 02:01:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 02:01:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 02:01:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 02:01:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 02:01:20 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 01:01" Information 2017-12-22 02:01:18 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.118.146.82:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 01:01, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 01:55:45 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A4A.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA69.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA94.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB22.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_03e4b2b2 Analysis symbol: Rechecking for solution: 0 Report Id: 0baa2ecd-3863-49ff-b44d-f99c920fe6b2 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:55:38 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x14b0 Faulting application start time: 0x01d37abf92d5de79 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 0baa2ecd-3863-49ff-b44d-f99c920fe6b2 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:55:38 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 01:55:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:36Z. Reason: RulesEngine. Information 2017-12-22 01:55:17 ESENT 916 General DllHost (8348,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:53:52 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:52Z. Reason: RulesEngine. Information 2017-12-22 01:53:21 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 01:52:43 ESENT 916 General svchost (3128,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:52:18 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-22 01:52:10 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 01:52:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:10Z. Reason: RulesEngine. Information 2017-12-22 01:51:59 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 01:51:57 ESENT 916 General svchost (4908,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:51:42 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 01:51:40 ESENT 326 General "SearchIndexer (7604,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000080:0044:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001539 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.051876 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:20K # 0K, P:20K) [4] 0.000752 +J(0) [5] - [6] - [7] 0.121253 -0.002244 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:104K # 0K, PF:512K # 0K, P:512K) [8] 0.001106 -0.000668 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.001346 -0.001051 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000149 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 01:51:40 ESENT 105 General "SearchIndexer (7604,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000080:0027:0000 - 00000080:0042:0000 - 00000000:0000:0000 - 00000080:0042:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.004273 +J(0) +M(C:0K, Fs:201, WS:792K # 792K, PF:5468K # 5468K, P:5468K) [2] 0.001130 +J(0) +M(C:10240K, Fs:119, WS:476K # 476K, PF:392K # 392K, P:392K) [3] 0.000056 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000286 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:248K # 248K, P:248K) [5] 0.016035 +J(0) +M(C:0K, Fs:54, WS:216K # 216K, PF:32K # 32K, P:32K) [6] 0.005093 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.010851 +J(0) +M(C:0K, Fs:278, WS:1108K # 1108K, PF:1040K # 1040K, P:1040K) [8] 0.074787 -0.013345 (13) CM +J(CM:13, PgRf:90, Rd:0/13, Dy:13/167, Lg:259528/815) +M(C:0K, Fs:931, WS:1924K # 1924K, PF:1676K # 1676K, P:1676K) [9] - [10] 0.002323 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000082 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.063415 -0.000004 (13) CM +J(CM:13, PgRf:0, Rd:0/13, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:8K # 0K, PF:0K # 0K, P:0K) [13] 0.165014 -0.005403 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-1208K # 0K, PF:-1220K # 0K, P:-1220K) [14] 0.000030 +J(0) [15] 0.000045 +J(0) [16] 0.000873 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 01:51:40 ESENT 302 Logging/Recovery SearchIndexer (7604,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 01:51:40 ESENT 301 Logging/Recovery "SearchIndexer (7604,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 01:51:40 ESENT 300 Logging/Recovery SearchIndexer (7604,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 01:51:40 ESENT 916 General SearchIndexer (7604,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:51:40 ESENT 102 General SearchIndexer (7604,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 01:51:39 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 01:51:39 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 01:51:39 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:51:38 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:51:38 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:51:38 TV Server 0 None Service started successfully. Information 2017-12-22 01:51:38 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:51:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:51:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:51:36 ESENT 916 General taskhostw (3156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:51:34 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 00:51" Information 2017-12-22 01:51:32 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.5.152.154:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 00:51, 1, 1, 259197, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 01:51:26 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 01:51:25 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259198)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 01:51:24 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 01:51:22 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 01:51:17 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:51:17 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:51:17 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:51:17 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 01:51:16 ESENT 916 General svchost (3176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:51:07 ESENT 916 General svchost (2832,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:51:00 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7738307 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:51:00 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:59 ESENT 916 General taskhostw (3156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:50:59 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:59 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:59 Service1 0 None Service started successfully. Information 2017-12-22 01:50:59 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:59 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:59 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:59 MySQL 100 None "InnoDB: The log sequence numbers 7734987 and 7734987 in ibdata files do not match the log sequence number 7738307 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:58 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 01:50:58 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:50:57 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 01:50:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 01:50:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 01:50:56 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 01:50:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 01:50:54 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 01:50:53 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 01:50:50 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 01:50:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 01:50:48 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 01:50:49 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 01:49:02 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:02Z. Reason: RulesEngine. Information 2017-12-22 01:48:32 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 01:48:32 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 01:48:32 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:48:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:48:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:48:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:48:31 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:48:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:48:28 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 00:48" Information 2017-12-22 01:48:26 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.221.138.145:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 00:48, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Error 2017-12-22 01:46:22 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1b9c Start Time: 01d37abd269b4c4a Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: d679c678-bf7b-498d-bc03-d202e26058ea Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-22 01:46:22 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3293.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER32D0.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER33DB.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_2a803b0e Analysis symbol: Rechecking for solution: 0 Report Id: d679c678-bf7b-498d-bc03-d202e26058ea Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2017-12-22 01:46:17 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-22 01:45:57 ESENT 916 General DllHost (7420,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:45:56 ESENT 916 General MicrosoftEdge (8840,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:43:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:28Z. Reason: RulesEngine. Information 2017-12-22 01:40:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:36Z. Reason: RulesEngine. Information 2017-12-22 01:40:05 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 01:39:07 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 01:39:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:07Z. Reason: RulesEngine. Information 2017-12-22 01:39:07 ESENT 916 General svchost (5020,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:38:54 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 01:38:48 ESENT 916 General svchost (5460,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:38:40 ESENT 916 General svchost (516,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:38:39 TV Server 0 None Service started successfully. Information 2017-12-22 01:38:37 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 01:38:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 01:38:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:38:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:38:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:38:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:38:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:38:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:38:34 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 00:38" Information 2017-12-22 01:38:32 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.15.131.116:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 00:38, 1, 1, 259182, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 01:38:30 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 01:38:30 ESENT 326 General "SearchIndexer (7316,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000080:0028:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001465 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.049337 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:20K # 0K, P:20K) [4] 0.000723 +J(0) [5] - [6] - [7] 0.057507 -0.002176 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:108K # 0K, PF:512K # 0K, P:512K) [8] 0.001310 -0.000856 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000904 -0.000586 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000040 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 01:38:30 ESENT 105 General "SearchIndexer (7316,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000080:000B:0000 - 00000080:0026:0000 - 00000000:0000:0000 - 00000080:0026:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.002617 +J(0) +M(C:0K, Fs:163, WS:632K # 632K, PF:5480K # 5480K, P:5480K) [2] 0.000743 +J(0) +M(C:10240K, Fs:127, WS:508K # 508K, PF:384K # 384K, P:384K) [3] 0.000045 +J(0) +M(C:0K, Fs:5, WS:16K # 16K, PF:68K # 68K, P:68K) [4] 0.000236 +J(0) +M(C:0K, Fs:37, WS:148K # 148K, PF:224K # 224K, P:224K) [5] 0.010038 +J(0) +M(C:0K, Fs:50, WS:200K # 200K, PF:76K # 84K, P:76K) [6] 0.011533 +J(0) +M(C:0K, Fs:35, WS:136K # 136K, PF:32K # 24K, P:32K) [7] 0.011953 +J(0) +M(C:0K, Fs:276, WS:1100K # 1100K, PF:1028K # 1028K, P:1028K) [8] 0.073903 -0.009662 (10) CM +J(CM:10, PgRf:139, Rd:0/10, Dy:10/268, Lg:145970/508) +M(C:0K, Fs:505, WS:1816K # 1816K, PF:1540K # 1540K, P:1540K) [9] - [10] 0.002462 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000152 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.117303 -0.000008 (10) CM +J(CM:10, PgRf:0, Rd:0/10, Dy:0/0, Lg:0/0) +M(C:0K, Fs:55, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.141563 -0.001632 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:307, WS:-1108K # 0K, PF:-380K # 0K, P:-380K) [14] 0.000032 +J(0) [15] 0.000049 +J(0) [16] 0.000744 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 01:38:30 ESENT 302 Logging/Recovery SearchIndexer (7316,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 01:38:29 ESENT 301 Logging/Recovery "SearchIndexer (7316,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 01:38:29 ESENT 300 Logging/Recovery SearchIndexer (7316,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 01:38:29 ESENT 916 General SearchIndexer (7316,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:38:29 ESENT 102 General SearchIndexer (7316,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 01:38:26 ESENT 916 General taskhostw (3136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:38:25 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 01:38:24 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259182)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 01:38:22 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 01:38:21 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 01:38:20 ESENT 916 General svchost (3060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:38:04 ESENT 916 General svchost (5028,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:38:00 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:38:00 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:59 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:59 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:59 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:59 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:59 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7737716 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:59 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:59 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: The log sequence numbers 7734987 and 7734987 in ibdata files do not match the log sequence number 7737716 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:58 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 01:37:57 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:37:56 Service1 0 None Service started successfully. Information 2017-12-22 01:37:53 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 01:37:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:37:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:37:50 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:37:50 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 01:37:48 ESENT 916 General svchost (3060,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:37:43 ESENT 916 General taskhostw (3136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:37:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 01:37:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 01:37:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 01:37:41 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 01:37:39 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 01:37:38 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 01:37:36 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 01:37:34 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 01:37:34 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 01:37:34 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 01:27:00 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA462.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFBE.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFE9.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB086.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_0c58be12 Analysis symbol: Rechecking for solution: 0 Report Id: 53beca43-d0b3-4732-b61b-2eb843476c22 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:26:53 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x1c78 Faulting application start time: 0x01d37abb8ea4c4b1 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 53beca43-d0b3-4732-b61b-2eb843476c22 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:26:52 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 01:24:00 ESENT 916 General svchost (6692,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:20:26 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:26Z. Reason: RulesEngine. Information 2017-12-22 01:19:55 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 01:19:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 01:19:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:19:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:19:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:19:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:19:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:19:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:19:52 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 00:19" Information 2017-12-22 01:19:50 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.58.223.182:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 00:19, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 01:14:10 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF125.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA2F.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA4A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAD8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_23c501dc Analysis symbol: Rechecking for solution: 0 Report Id: 7c2bea32-2f6a-4688-b191-81b18a16ebf5 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:14:06 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x1ff8 Faulting application start time: 0x01d37ab9c61746db Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 7c2bea32-2f6a-4688-b191-81b18a16ebf5 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:14:05 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 01:12:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:38Z. Reason: RulesEngine. Information 2017-12-22 01:11:27 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 01:11:25 ESENT 916 General svchost (7664,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:10:49 ESENT 916 General svchost (5328,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:10:45 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC522.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD909.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD934.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD9C2.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_15d5e114 Analysis symbol: Rechecking for solution: 0 Report Id: 05fa29a6-3520-4e3d-9661-af405d0e21c3 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:10:38 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x1740 Faulting application start time: 0x01d37ab949a39b39 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 05fa29a6-3520-4e3d-9661-af405d0e21c3 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:10:37 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 01:10:27 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 01:10:27 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:27Z. Reason: RulesEngine. Information 2017-12-22 01:10:17 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 01:10:01 ESENT 916 General svchost (6692,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:09:58 TV Server 0 None Service started successfully. Information 2017-12-22 01:09:56 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 01:09:56 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 01:09:56 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:09:56 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:09:56 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:09:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:09:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:09:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:09:53 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 00:09" Information 2017-12-22 01:09:52 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.221.130.168:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 00:09, 1, 1, 259197, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 01:09:49 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 01:09:49 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259197)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 01:09:48 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 01:09:45 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 01:09:41 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 01:09:36 ESENT 326 General "SearchIndexer (7056,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000080:000C:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.007562 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.026038 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:49, WS:156K # 0K, PF:144K # 0K, P:144K) [4] 0.000856 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.074540 -0.002149 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:49, WS:196K # 0K, PF:640K # 0K, P:640K) [8] 0.001146 -0.000639 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 112K, P:260K) [9] 0.000853 -0.000551 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000037 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 01:09:36 ESENT 105 General "SearchIndexer (7056,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.005602 +J(0) +M(C:0K, Fs:201, WS:784K # 784K, PF:5476K # 5476K, P:5476K) [2] 0.000777 +J(0) +M(C:10240K, Fs:106, WS:424K # 424K, PF:392K # 392K, P:392K) [3] 0.000037 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000196 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.009195 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.014631 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.023374 +J(0) +M(C:0K, Fs:283, WS:1132K # 1132K, PF:1044K # 1044K, P:1044K) [8] - [9] - [10] - [11] - [12] - [13] 0.007084 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:11, WS:-992K # 24K, PF:-1020K # 16K, P:-1020K) [14] 0.000028 +J(0) [15] 0.000112 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000760 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 01:09:36 ESENT 916 General SearchIndexer (7056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:09:36 ESENT 102 General SearchIndexer (7056,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 01:09:20 ESENT 916 General taskhostw (2932,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:09:17 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:17 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:17 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:17 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:17 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:17 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:17 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7734987 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 ESENT 916 General svchost (4868,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Warning 2017-12-22 01:09:16 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:09:16 Service1 0 None Service started successfully. Information 2017-12-22 01:09:07 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:09:07 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 01:09:07 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 01:09:06 ESENT 916 General svchost (3440,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:08:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 01:08:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 01:08:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 01:08:57 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 01:08:55 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 01:08:55 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 01:08:54 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 01:08:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 01:08:53 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 01:08:52 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 01:08:24 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-22 01:08:24 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:08:24 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:08:24 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:08:24 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 01:08:22 TV Server 0 None Service has been successfully shut down. Information 2017-12-22 01:08:21 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 652 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2232 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 3036 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 520 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 808 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-22 01:08:20 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 01:08:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-22 01:08:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-22 01:06:54 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on (C:) Information 2017-12-22 01:06:32 ESENT 916 General svchost (6152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 01:06:26 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:26Z. Reason: RulesEngine. Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:05:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 01:05:53 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/22 00:05" Information 2017-12-22 01:05:52 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.32.157.130:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/22 00:05, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 01:05:05 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER42D9.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C03.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C20.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CBD.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_20695354 Analysis symbol: Rechecking for solution: 0 Report Id: 6b862274-ddf8-474b-91e5-53fb8a79d6a6 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:05:01 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x1c9c Faulting application start time: 0x01d37ab8813c31c6 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 6b862274-ddf8-474b-91e5-53fb8a79d6a6 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:05:01 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 01:02:37 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE98.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F1.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER822.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8AF.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_222b0f4f Analysis symbol: Rechecking for solution: 0 Report Id: e38b9bad-88c6-4e51-a363-e58064bd3503 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:02:32 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0xacc Faulting application start time: 0x01d37ab828afa9ac Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: e38b9bad-88c6-4e51-a363-e58064bd3503 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:02:32 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 01:01:28 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF007.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAC7.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAF5.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB83.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_1d860254 Analysis symbol: Rechecking for solution: 0 Report Id: d90b1d87-c801-47c8-8ced-6e20cac6072e Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:01:23 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x23e4 Faulting application start time: 0x01d37ab7ff1f580f Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: d90b1d87-c801-47c8-8ced-6e20cac6072e Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:01:23 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 01:00:15 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4B3.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDDD.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE0A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE98.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_0a7ce607 Analysis symbol: Rechecking for solution: 0 Report Id: 7a68c544-52a0-4f42-8ecb-dda16ba18c60 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 01:00:11 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x330 Faulting application start time: 0x01d37ab7d4348254 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 7a68c544-52a0-4f42-8ecb-dda16ba18c60 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 01:00:10 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 00:59:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:55Z. Reason: RulesEngine. Information 2017-12-22 00:59:18 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE998.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFD80.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDBA.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE48.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_18ac058a Analysis symbol: Rechecking for solution: 0 Report Id: 8a33d5b2-e7e9-4d7e-8f76-f8b7db805661 Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 00:59:10 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x1a04 Faulting application start time: 0x01d37ab7af9874a7 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 8a33d5b2-e7e9-4d7e-8f76-f8b7db805661 Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 00:59:10 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 00:58:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:21Z. Reason: RulesEngine. Information 2017-12-22 00:57:50 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 00:57:00 ESENT 916 General svchost (3500,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:56:53 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-22 00:56:42 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 00:56:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:42Z. Reason: RulesEngine. Information 2017-12-22 00:56:38 ESENT 916 General DllHost (8228,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:56:22 ESENT 916 General svchost (3280,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:56:18 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 00:56:17 TV Server 0 None Service started successfully. Information 2017-12-22 00:56:10 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 00:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 00:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:56:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:56:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:56:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:56:07 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 23:56" Information 2017-12-22 00:56:05 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.128.34.241:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 23:56, 1, 1, 259180, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 00:56:03 ESENT 916 General svchost (2948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:56:02 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 00:56:01 ESENT 326 General "SearchIndexer (5728,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000007F:00C9:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001775 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.042936 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:13, WS:-732K # 0K, PF:-724K # 0K, P:-724K) [4] 0.000899 +J(0) [5] - [6] - [7] 0.027333 -0.002289 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:32, WS:124K # 0K, PF:1260K # 0K, P:1260K) [8] 0.001258 -0.000773 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:61, WS:244K # 0K, PF:224K # 0K, P:224K) [9] 0.000977 -0.000631 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000047 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 00:56:01 ESENT 105 General "SearchIndexer (5728,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000007F:00AE:0000 - 0000007F:00C7:0000 - 00000000:0000:0000 - 0000007F:00C7:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.004361 +J(0) +M(C:0K, Fs:202, WS:792K # 792K, PF:5472K # 5472K, P:5472K) [2] 0.000776 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000042 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000231 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:228K # 228K, P:228K) [5] 0.009828 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004914 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.004699 +J(0) +M(C:0K, Fs:273, WS:1092K # 1092K, PF:1024K # 1024K, P:1024K) [8] 0.217880 -0.019266 (10) CM +J(CM:10, PgRf:132, Rd:0/10, Dy:10/254, Lg:101366/448) +M(C:0K, Fs:536, WS:2024K # 2024K, PF:1556K # 1556K, P:1556K) [9] - [10] 0.002168 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000151 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.075201 -0.000451 (10) CM +J(CM:10, PgRf:0, Rd:0/10, Dy:0/0, Lg:0/0) +M(C:0K, Fs:58, WS:16K # 0K, PF:0K # 0K, P:0K) [13] 0.100139 -0.001369 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:307, WS:-356K # 0K, PF:-384K # 0K, P:-384K) [14] 0.000030 +J(0) [15] 0.000046 +J(0) [16] 0.000752 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 00:56:01 ESENT 302 Logging/Recovery SearchIndexer (5728,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 00:56:00 ESENT 301 Logging/Recovery "SearchIndexer (5728,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 00:56:00 ESENT 300 Logging/Recovery SearchIndexer (5728,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 00:56:00 ESENT 916 General SearchIndexer (5728,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:56:00 ESENT 102 General SearchIndexer (5728,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 00:55:58 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 00:55:58 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259180)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 00:55:57 ESENT 916 General taskhostw (3108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:55:56 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 00:55:50 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 00:55:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:55:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:55:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:55:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:55:45 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 00:55:31 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:55:30 ESENT 916 General svchost (2948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:55:20 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:20 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:19 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:19 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:19 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:19 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:19 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7732402 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:19 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:19 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: The log sequence numbers 7729653 and 7729653 in ibdata files do not match the log sequence number 7732402 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:18 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:17 Service1 0 None Service started successfully. Warning 2017-12-22 00:55:17 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:55:17 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 00:55:16 ESENT 916 General taskhostw (3108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:55:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 00:55:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 00:55:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 00:55:13 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 00:55:12 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 00:55:11 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 00:55:08 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 00:55:07 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 00:55:06 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 00:55:05 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 00:52:27 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6624.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F5E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F89.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7016.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_1db97788 Analysis symbol: Rechecking for solution: 0 Report Id: d14568bd-d96d-4eee-8239-4420b5e9366b Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 00:52:22 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x590 Faulting application start time: 0x01d37ab6bc5ee2a9 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: d14568bd-d96d-4eee-8239-4420b5e9366b Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 00:52:22 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 00:48:34 ESENT 916 General FileHistory (3836,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:39:48 ESENT 916 General svchost (4324,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:36:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:00Z. Reason: RulesEngine. Information 2017-12-22 00:35:30 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 00:35:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 00:35:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:35:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:35:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:35:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:35:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:35:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:35:27 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 23:35" Information 2017-12-22 00:35:26 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.75.8.33:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 23:35, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 00:29:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:37Z. Reason: RulesEngine. Information 2017-12-22 00:29:18 Windows Error Reporting 1001 None "Fault bucket 1666667405659650499, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: EPG-Grabber.exe P2: 1.0.0.0 P3: 5a1834a5 P4: mscorlib P5: 4.7.2600.0 P6: 59d789f1 P7: 5f3 P8: 34 P9: System.ArgumentOutOfRange P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C3E.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E51.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E8C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F0A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EPG-Grabber.exe_17d8c64bf474d16f5b4b3386e0e72d904b16fb_2fee1b00_19944746 Analysis symbol: Rechecking for solution: 0 Report Id: ee03e328-20a5-4d9f-a61b-d055a0a015cf Report Status: 268435456 Hashed bucket: 7e4bfe07e8426ada4721312cd110b9c3" Error 2017-12-22 00:29:11 Application Error 1000 (100) "Faulting application name: EPG-Grabber.exe, version: 1.0.0.0, time stamp: 0x5a1834a5 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d Exception code: 0xe0434352 Fault offset: 0x001008b2 Faulting process id: 0x198c Faulting application start time: 0x01d37ab37f4a2c32 Faulting application path: C:\Program Files (x86)\EPG-Buddy\EPG-Grabber.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: ee03e328-20a5-4d9f-a61b-d055a0a015cf Faulting package full name: Faulting package-relative application ID: " Error 2017-12-22 00:29:11 .NET Runtime 1026 None Application: EPG-Grabber.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.TimeToTicks(Int32, Int32, Int32) at EPG_Grabber.cTVGuide_com.Hour2Millis() at EPG_Grabber.cTVGuide_com.GrabEPG(Boolean, Int32) at EPG_Grabber.cTVGuide_com.LeseSenderliste() at EPG_Grabber.mMain.Main() Information 2017-12-22 00:28:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:01Z. Reason: RulesEngine. Information 2017-12-22 00:27:30 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 00:26:21 ESENT 916 General svchost (3484,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:26:21 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 00:26:21 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:21Z. Reason: RulesEngine. Information 2017-12-22 00:26:04 ESENT 916 General svchost (4324,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:26:01 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 00:25:58 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 00:25:54 ESENT 326 General "SearchIndexer (7680,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000007F:00AF:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001451 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.090819 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:15, WS:28K # 0K, PF:20K # 0K, P:20K) [4] 0.000730 +J(0) [5] - [6] - [7] 0.177792 -0.002183 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:104K # 0K, PF:512K # 0K, P:512K) [8] 0.001282 -0.000743 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.003698 -0.003340 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000048 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000115 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 00:25:53 ESENT 105 General "SearchIndexer (7680,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000007F:008B:0000 - 0000007F:00AD:0000 - 00000000:0000:0000 - 0000007F:00AD:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.004070 +J(0) +M(C:0K, Fs:163, WS:636K # 636K, PF:5472K # 5472K, P:5472K) [2] 0.000829 +J(0) +M(C:10240K, Fs:141, WS:564K # 564K, PF:388K # 388K, P:388K) [3] 0.000042 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000526 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.012187 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.006260 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.008487 +J(0) +M(C:0K, Fs:273, WS:1088K # 1088K, PF:1028K # 1028K, P:1028K) [8] 0.266074 -0.026327 (10) CM +J(CM:10, PgRf:125, Rd:0/10, Dy:10/240, Lg:686169/3243) +M(C:0K, Fs:932, WS:1832K # 1832K, PF:1548K # 1548K, P:1548K) [9] - [10] 0.002494 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000157 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.172816 -0.000008 (10) CM +J(CM:10, PgRf:0, Rd:0/10, Dy:0/0, Lg:0/0) +M(C:0K, Fs:54, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.239932 -0.002184 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:308, WS:-1100K # 0K, PF:-1120K # 0K, P:-1120K) [14] 0.000030 +J(0) [15] 0.000049 +J(0) [16] 0.000735 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 00:25:53 ESENT 302 Logging/Recovery SearchIndexer (7680,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-22 00:25:53 ESENT 301 Logging/Recovery "SearchIndexer (7680,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-22 00:25:53 ESENT 300 Logging/Recovery SearchIndexer (7680,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-22 00:25:53 ESENT 916 General SearchIndexer (7680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:25:53 ESENT 102 General SearchIndexer (7680,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:25:50 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:25:49 TV Server 0 None Service started successfully. Information 2017-12-22 00:25:48 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 23:25" Information 2017-12-22 00:25:46 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.230.244.22:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 23:25, 1, 1, 259193, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 00:25:34 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 00:25:34 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259194)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 00:25:34 ESENT 916 General taskhostw (3108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:25:31 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 00:25:28 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 00:25:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:25:23 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:25:20 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 00:25:16 ESENT 916 General svchost (2968,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:25:07 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:25:04 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:04 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:03 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:03 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:03 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:03 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:03 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7730916 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:03 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:03 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: The log sequence numbers 7729653 and 7729653 in ibdata files do not match the log sequence number 7730916 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:02 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:01 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:01 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:01 Service1 0 None Service started successfully. Information 2017-12-22 00:25:01 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:01 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:01 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 00:25:01 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:25:01 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 00:24:59 ESENT 916 General taskhostw (3108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:24:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 00:24:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 00:24:58 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 00:24:57 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 00:24:56 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 00:24:55 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 00:24:51 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 00:24:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 00:24:50 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 00:24:49 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 00:21:16 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:16Z. Reason: RulesEngine. Information 2017-12-22 00:20:11 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-22 00:19:14 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-22 00:19:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:14Z. Reason: RulesEngine. Information 2017-12-22 00:18:55 ESENT 916 General svchost (4920,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:18:54 Windows Error Reporting 1001 None "Fault bucket 128035578600, type 5 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAS P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E11.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E41.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F1C.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_7abf01864c6d23dda978b51d610d452f44f6e28_00000000_07e96e93 Analysis symbol: Rechecking for solution: 0 Report Id: d4c62124-d5a7-49aa-bc85-4f885f9302ce Report Status: 268435456 Hashed bucket: 5dfd70c003544890b92949ff2cf57649" Error 2017-12-22 00:18:53 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 16e0 Start Time: 01d37ab1f095d0b0 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 05322e3b-7637-47ff-b309-2e40d26a7340 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-22 00:18:53 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER655D.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER658F.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER661C.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_103d6b09 Analysis symbol: Rechecking for solution: 0 Report Id: 05322e3b-7637-47ff-b309-2e40d26a7340 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Information 2017-12-22 00:18:52 Windows Error Reporting 1001 None "Fault bucket 128035578462, type 5 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAV P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B31.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BCE.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D36.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_54e9a1c4c75a82c7472d17c61bef3af0b89d2_00000000_07e969a2 Analysis symbol: Rechecking for solution: 0 Report Id: d7fc5022-7d41-4c44-8226-2e5730e7f4df Report Status: 268435456 Hashed bucket: 5ae9f844feb625524d26536062232075" Error 2017-12-22 00:18:50 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-22 00:18:47 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-22 00:18:47 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-22 00:18:47 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:18:44 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-22 00:18:41 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 00:18:41 TV Server 0 None Service started successfully. Information 2017-12-22 00:18:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 00:18:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:38 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 23:18" Information 2017-12-22 00:18:38 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAS P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E11.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E41.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F1C.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_7abf01864c6d23dda978b51d610d452f44f6e28_00000000_cab_1a712f39 Analysis symbol: Rechecking for solution: 0 Report Id: d4c62124-d5a7-49aa-bc85-4f885f9302ce Report Status: 4 Hashed bucket: " Information 2017-12-22 00:18:37 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAV P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B31.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BCE.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D36.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_54e9a1c4c75a82c7472d17c61bef3af0b89d2_00000000_cab_1a712da2 Analysis symbol: Rechecking for solution: 0 Report Id: d7fc5022-7d41-4c44-8226-2e5730e7f4df Report Status: 4 Hashed bucket: " Information 2017-12-22 00:18:36 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.137.97.57:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 23:18, 1, 1, 259189, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 00:18:32 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-22 00:18:31 ESENT 916 General svchost (4004,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:18:31 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-22 00:18:31 ESENT 326 General "SearchIndexer (7240,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000007F:008C:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.012634 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.073471 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:45, WS:144K # 0K, PF:140K # 0K, P:140K) [4] 0.001270 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.024776 -0.002404 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:204K # 0K, PF:664K # 0K, P:664K) [8] 0.002007 -0.001506 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.013353 -0.012480 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000066 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000120 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-22 00:18:30 ESENT 105 General "SearchIndexer (7240,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.010451 +J(0) +M(C:0K, Fs:203, WS:800K # 800K, PF:5032K # 5032K, P:5032K) [2] 0.000711 +J(0) +M(C:10240K, Fs:104, WS:416K # 416K, PF:384K # 384K, P:384K) [3] 0.000056 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000285 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:228K # 228K, P:228K) [5] 0.012010 +J(0) +M(C:0K, Fs:142, WS:556K # 556K, PF:556K # 564K, P:556K) [6] 0.009944 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 8K, P:16K) [7] 0.006541 +J(0) +M(C:0K, Fs:274, WS:1092K # 1092K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.021191 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000029 +J(0) [15] 0.000112 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000851 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-22 00:18:30 ESENT 916 General SearchIndexer (7240,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:18:30 ESENT 102 General SearchIndexer (7240,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-22 00:18:30 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259189)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-22 00:18:30 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 00:18:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 00:18:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:30 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:18:25 ESENT 916 General taskhostw (2540,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:18:23 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-22 00:18:23 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2017-12-22 00:18:23 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2017-12-22 00:18:21 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-22 00:18:21 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:18:21 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-22 00:17:55 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-22 00:17:48 ESENT 916 General svchost (4020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:17:44 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:44 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:44 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:44 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7729653 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 Service1 0 None Service started successfully. Information 2017-12-22 00:17:43 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:43 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:42 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:42 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:42 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:42 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:42 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-22 00:17:42 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:42 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-22 00:17:41 ESENT 916 General svchost (3040,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:17:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-22 00:17:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-22 00:17:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-22 00:17:35 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 00:17:33 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-22 00:17:32 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-22 00:17:31 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-22 00:17:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-22 00:17:30 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-22 00:17:29 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-22 00:17:02 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-22 00:17:01 MySQL 100 None "Binlog end For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:01 MySQL 100 None "Forcefully disconnecting 0 remaining clients For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:01 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:01 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:01 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:17:01 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-22 00:16:59 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-22 00:16:59 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 39 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 648 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3468 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8368 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 4468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 4468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 816 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3332 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2312 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-22 00:16:59 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-22 00:16:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-22 00:16:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-22 00:11:22 ESENT 916 General svchost (4468,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:10:43 TV Server 0 None Service stopped successfully. Information 2017-12-22 00:07:29 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:26Z. Reason: RulesEngine. Information 2017-12-22 00:07:04 ESENT 916 General MicrosoftEdge (948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-22 00:06:55 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-22 00:06:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-22 00:06:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:06:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:06:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:06:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:06:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:06:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-22 00:06:53 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 23:06" Information 2017-12-22 00:06:52 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.9.210.156:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 23:06, 1, 1, 259193, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-22 00:00:08 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:57:08Z. Reason: RulesEngine. Information 2017-12-21 23:59:17 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 23:59:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 23:59:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:59:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:59:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:59:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:59:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:59:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:59:13 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 22:59" Information 2017-12-21 23:59:12 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.55.204.247:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 22:59, 1, 1, 259198, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 23:58:53 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-21 23:58:48 ESENT 916 General svchost (7116,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:58:10 ESENT 916 General svchost (3304,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:57:58 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-21 23:57:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T22:56:58Z. Reason: RulesEngine. Information 2017-12-21 23:57:28 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/19:22:57:27;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-21 23:57:24 ESENT 916 General svchost (4468,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:57:24 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-21 23:57:19 TV Server 0 None Service started successfully. Information 2017-12-21 23:57:13 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-21 23:57:12 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 23:57:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 23:57:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:57:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:57:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:57:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:57:12 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:57:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 23:57:09 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 22:57" Information 2017-12-21 23:57:08 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.168.204.186:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 22:57, 1, 1, 258620, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 23:57:04 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-21 23:57:03 ESENT 326 General "SearchIndexer (7476,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000007F:004C:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.022705 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.038733 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:45, WS:144K # 0K, PF:140K # 0K, P:140K) [4] 0.000704 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.042433 -0.002165 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:204K # 0K, PF:664K # 0K, P:664K) [8] 0.001491 -0.001008 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000910 -0.000563 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000042 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-21 23:57:03 ESENT 105 General "SearchIndexer (7476,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004151 +J(0) +M(C:0K, Fs:211, WS:824K # 824K, PF:5496K # 5492K, P:5496K) [2] 0.000855 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000067 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000195 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:220K # 220K, P:220K) [5] 0.009268 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.006434 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:16K # 16K, P:16K) [7] 0.037119 +J(0) +M(C:0K, Fs:276, WS:1100K # 1100K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.010804 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-992K # 24K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000109 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.001313 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-21 23:57:03 ESENT 916 General SearchIndexer (7476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:57:03 ESENT 102 General SearchIndexer (7476,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-21 23:57:00 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-21 23:57:00 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258620)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-21 23:56:58 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-21 23:56:56 ESENT 916 General taskhostw (3520,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:56:51 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-21 23:56:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 23:56:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 23:56:43 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 23:56:43 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-21 23:56:38 ESENT 916 General svchost (3356,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:56:32 ESENT 916 General svchost (2920,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:56:24 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:24 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7726618 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:23 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:22 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:22 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:22 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:22 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:22 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:22 Service1 0 None Service started successfully. Warning 2017-12-21 23:56:22 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:56:21 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-21 23:56:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-21 23:56:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-21 23:56:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-21 23:56:20 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-21 23:56:15 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-21 23:56:15 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-21 23:56:14 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-21 23:56:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-21 23:56:13 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-21 23:56:12 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-21 23:55:45 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-21 23:55:45 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:55:45 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:55:45 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:55:45 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 23:55:45 TV Server 0 None Service has been successfully shut down. Information 2017-12-21 23:55:42 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 676 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3512 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2248 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 5080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 536 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 3512 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Avg\AWL\Nag Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3448 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3520 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2017-12-21 23:55:43 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-21 23:55:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-21 23:55:42 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-21 23:55:36 ESENT 916 General svchost (7660,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:55:35 ESENT 916 General DllHost (2532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:47:09 ESENT 916 General DllHost (2532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:38:17 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:37:25 ESENT 916 General DllHost (2532,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 23:15:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 22:39:47 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 22:14:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 21:50:49 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 21:13:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 20:50:49 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 20:12:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 19:50:49 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 19:11:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 18:37:56 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 18:10:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 17:41:56 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 17:09:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 16:45:57 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 16:08:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 15:49:57 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 15:07:00 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 15:05:50 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:40:39 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:17:12 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T13:06:11Z. Reason: RulesEngine. Information 2017-12-21 14:16:41 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 14:16:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 14:16:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:16:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:16:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:16:41 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:16:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:16:40 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:16:38 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 13:16" Information 2017-12-21 14:16:37 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.233.122.206:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 13:16, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 14:11:43 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T13:06:43Z. Reason: RulesEngine. Information 2017-12-21 14:08:52 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T13:06:52Z. Reason: RulesEngine. Information 2017-12-21 14:08:13 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-21 14:07:43 ESENT 916 General svchost (3400,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:07:38 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-21 14:07:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T13:06:38Z. Reason: RulesEngine. Information 2017-12-21 14:07:08 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/19:13:07:07;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-21 14:07:08 ESENT 916 General svchost (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:07:00 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-21 14:06:56 TV Server 0 None Service started successfully. Information 2017-12-21 14:06:54 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-21 14:06:53 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 14:06:53 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 14:06:53 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:06:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:06:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:06:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:06:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:06:52 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 14:06:49 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 13:06" Information 2017-12-21 14:06:48 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.84.168.135:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 13:06, 1, 1, 259070, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 14:06:44 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-21 14:06:43 ESENT 326 General "SearchIndexer (6856,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000007F:0006:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001277 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.064427 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:18, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.000697 +J(0) [5] - [6] - [7] 0.075623 -0.002091 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:17, WS:68K # 0K, PF:512K # 0K, P:512K) [8] 0.001335 -0.000823 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:58, WS:228K # 0K, PF:228K # 0K, P:228K) [9] 0.000933 -0.000611 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [10] 0.000040 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000111 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-21 14:06:42 ESENT 105 General "SearchIndexer (6856,D,0) Windows: The database engine started a new instance (0). (Time=1 seconds) Additional Data: lgposV2[] = 0000007B:0001:0000 - 0000007C:0001:0000 - 0000007F:0004:0000 - 0000007F:0004:0000 (00000000:0000:0000) Internal Timing Sequence: [1] 0.005595 +J(0) +M(C:0K, Fs:205, WS:800K # 800K, PF:5476K # 5476K, P:5476K) [2] 0.000844 +J(0) +M(C:10240K, Fs:104, WS:416K # 416K, PF:392K # 392K, P:392K) [3] 0.000046 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000218 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.009087 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.005908 +J(0) +M(C:0K, Fs:36, WS:140K # 140K, PF:20K # 20K, P:20K) [7] 0.017077 +J(0) +M(C:0K, Fs:310, WS:1240K # 1240K, PF:1040K # 1040K, P:1040K) [8] 0.325484 -0.007258 (201) CM +J(CM:201, PgRf:11554, Rd:337/201, Dy:0/0, Lg:1027508/25496) +M(C:0K, Fs:2053, WS:7288K # 8052K, PF:11604K # 11700K, P:11604K) + 1 lgens [9] 0.575127 -0.003518 (278) CM +J(CM:278, PgRf:46710, Rd:137/278, Dy:26/17736, Lg:3091248/87173) +M(C:0K, Fs:2444, WS:4904K # 4296K, PF:308K # 400K, P:308K) + 3 lgens [10] 0.002348 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000294 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:16K # 0K, PF:4K # 0K, P:4K) [12] 0.077767 -0.000014 (26) CM +J(CM:26, PgRf:0, Rd:0/26, Dy:0/0, Lg:0/0) +M(C:0K, Fs:212, WS:-48K # 0K, PF:-60K # 0K, P:-60K) [13] 0.105193 -0.001538 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:305, WS:-10904K # 0K, PF:-10860K # 0K, P:-10860K) [14] 0.000039 +J(0) [15] 0.000046 +J(0) [16] 0.001047 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-21 14:06:42 ESENT 302 Logging/Recovery SearchIndexer (6856,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-21 14:06:42 ESENT 301 Logging/Recovery "SearchIndexer (6856,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.162061 -0.000255 (41) CM +J(CM:41, PgRf:17904, Rd:6/41, Dy:24/17334, Lg:1027142/32031) +M(C:0K, Fs:433, WS:1504K # 352K, PF:96K # 64K, P:96K)." Information 2017-12-21 14:06:42 ESENT 301 Logging/Recovery "SearchIndexer (6856,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0007E.jtx. Previous Log Processing Stats: [1] 0.159126 -0.000214 (38) CM +J(CM:38, PgRf:18028, Rd:58/38, Dy:0/0, Lg:1027365/32399) +M(C:0K, Fs:323, WS:-568K # 44K, PF:72K # 8K, P:72K)." Information 2017-12-21 14:06:42 ESENT 301 Logging/Recovery "SearchIndexer (6856,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0007D.jtx. Previous Log Processing Stats: [1] 0.237471 -0.003011 (197) CM +J(CM:197, PgRf:10603, Rd:73/197, Dy:0/0, Lg:1027617/22355) +M(C:0K, Fs:1659, WS:4040K # 3872K, PF:296K # 296K, P:296K)." Information 2017-12-21 14:06:42 ESENT 301 Logging/Recovery "SearchIndexer (6856,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0007C.jtx. Previous Log Processing Stats: [1] 0.289229 -0.007258 (201) CM +J(CM:201, PgRf:11554, Rd:337/201, Dy:0/0, Lg:1027508/25496) +M(C:0K, Fs:1752, WS:6164K # 6928K, PF:10600K # 10692K, P:10600K)." Information 2017-12-21 14:06:41 ESENT 301 Logging/Recovery "SearchIndexer (6856,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0007B.jtx. Previous Log Processing Stats: " Information 2017-12-21 14:06:41 ESENT 300 Logging/Recovery SearchIndexer (6856,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-21 14:06:41 ESENT 916 General SearchIndexer (6856,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:06:41 ESENT 102 General SearchIndexer (6856,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-21 14:06:41 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-21 14:06:41 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259070)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-21 14:06:39 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-21 14:06:37 ESENT 916 General taskhostw (3108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:06:32 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-21 14:06:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 14:06:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 14:06:26 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 14:06:26 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-21 14:06:14 ESENT 916 General svchost (3476,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:06:05 ESENT 916 General svchost (2900,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:06:02 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:02 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:02 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:02 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:02 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:02 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:02 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7719829 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:01 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:01 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:01 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:01 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: The log sequence numbers 7718284 and 7718284 in ibdata files do not match the log sequence number 7719829 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-21 14:06:00 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 14:06:00 Service1 0 None Service started successfully. Information 2017-12-21 14:05:59 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-21 14:05:57 ESENT 916 General taskhostw (3108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 14:05:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-21 14:05:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-21 14:05:56 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-21 14:05:56 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-21 14:05:55 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-21 14:05:54 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-21 14:05:50 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-21 14:05:50 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-21 14:05:49 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-21 14:05:48 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-21 13:48:00 ESENT 916 General svchost (4152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 13:45:37 ESENT 916 General svchost (5056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 12:47:00 ESENT 916 General svchost (4152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 12:45:36 ESENT 916 General svchost (5056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 12:00:43 ESENT 916 General svchost (5056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:56:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T10:46:49Z. Reason: RulesEngine. Information 2017-12-21 11:56:19 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 11:56:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 11:56:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:56:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:56:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:56:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:56:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:56:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:56:16 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 10:56" Information 2017-12-21 11:56:15 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.97.86.82:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 10:56, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 11:49:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T10:46:25Z. Reason: RulesEngine. Information 2017-12-21 11:48:40 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-21 11:48:38 ESENT 916 General svchost (9132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:47:34 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-21 11:47:34 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-20T10:46:34Z. Reason: RulesEngine. Information 2017-12-21 11:47:32 ESENT 916 General svchost (4124,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:47:04 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/19:10:47:02;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-21 11:47:03 ESENT 916 General svchost (5056,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:46:51 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-21 11:46:50 TV Server 0 None Service started successfully. Information 2017-12-21 11:46:48 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-21 11:46:47 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 11:46:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 11:46:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:46:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:46:47 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:46:46 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 11:46:46 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 11:46:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:46:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:46:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 11:46:42 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 10:46" Information 2017-12-21 11:46:40 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.196.123.109:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 10:46, 1, 1, 258587, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 11:46:40 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-21 11:46:34 ESENT 326 General "SearchIndexer (7172,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000058:00C2:0268 Internal Timing Sequence: [1] 0.000009 +J(0) [2] 0.035670 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.064567 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:48, WS:160K # 0K, PF:136K # 0K, P:136K) [4] 0.000704 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] 0.279389 -0.002477 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:204K # 0K, PF:664K # 0K, P:664K) [8] 0.001293 -0.000815 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 132K, P:256K) [9] 0.000848 -0.000546 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000033 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000126 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-21 11:46:33 ESENT 105 General "SearchIndexer (7172,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.004480 +J(0) +M(C:0K, Fs:200, WS:780K # 780K, PF:5472K # 5472K, P:5472K) [2] 0.000808 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000042 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000202 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.009118 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:20K # 20K, P:20K) [6] 0.008234 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:16K # 16K, P:16K) [7] 0.057854 +J(0) +M(C:0K, Fs:276, WS:1100K # 1100K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.006038 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000045 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000117 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000803 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-21 11:46:33 ESENT 916 General SearchIndexer (7172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:46:33 ESENT 102 General SearchIndexer (7172,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-21 11:46:20 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-21 11:46:19 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258587)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-21 11:46:17 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-21 11:46:16 ESENT 916 General taskhostw (3040,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:46:15 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-21 11:46:05 ESENT 916 General svchost (4152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:46:05 ESENT 916 General svchost (3452,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:46:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 11:46:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 11:46:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 11:46:02 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 11:46:02 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-21 11:45:54 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:54 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:54 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:54 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:54 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7718284 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:53 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-21 11:45:52 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:51 Service1 0 None Service started successfully. Information 2017-12-21 11:45:50 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-21 11:45:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-21 11:45:41 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-21 11:45:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-21 11:45:40 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-21 11:45:38 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-21 11:45:37 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-21 11:45:38 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-21 11:45:36 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-21 11:45:35 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-21 11:45:36 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-21 11:45:07 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-21 11:45:07 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:07 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:07 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 11:45:01 TV Server 0 None Service has been successfully shut down. Information 2017-12-21 11:44:59 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 668 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3352 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2288 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8484 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 4172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 4172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 528 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4172 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3336 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-21 11:45:00 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-21 11:44:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-21 11:44:59 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-21 11:44:40 ESENT 916 General svchost (6196,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:44:40 ESENT 916 General DllHost (5680,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 11:44:37 Windows Error Reporting 1001 None "Fault bucket 1805072096209764083, type 5 Event Name: RADAR_LEAK_WOW64 Response: Not available Cab Id: 1777993578150839541 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 10.0.16299.2.0.0 P4: 9 P5: 1 P6: 15 P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR595B.tmp\minidump_7224.dmp \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR595B.tmp\results_7224.hlk \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF86.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD012.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD090.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERD880.tmp.WERDataCollectionStatus.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 2978f9e0-1b4f-4c2c-be42-e3c9089f0953 Report Status: 268435464 Hashed bucket: f3e66705e7248a89790ce782008d7ef3" Information 2017-12-21 11:31:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 10:40:04 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 10:30:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 09:52:22 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 09:37:39 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 09:29:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 09:26:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 09:26:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 09:10:53 ESENT 916 General svchost (3144,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 08:42:21 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 08:28:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 08:09:50 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 07:27:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 06:26:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 05:26:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 04:40:45 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T22:58:45Z. Reason: RulesEngine. Information 2017-12-21 04:25:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 04:21:09 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T22:59:09Z. Reason: RulesEngine. Information 2017-12-21 04:20:23 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 03:25:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 02:24:00 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:47:40 Windows Error Reporting 1001 None "Fault bucket 1237556889858150982, type 5 Event Name: RADAR_PRE_LEAK_WOW64 Response: Not available Cab Id: 1561747764438261502 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR4B51.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B62.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C1C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CB9.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER5313.tmp.WERDataCollectionStatus.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 8f561979-b05e-4711-9593-c2fe85e7c64f Report Status: 268435464 Hashed bucket: a993a621cc6316e9412caf6f39551246" Information 2017-12-21 01:47:39 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-21 01:37:31 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:33:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T22:58:40Z. Reason: RulesEngine. Information 2017-12-21 01:33:10 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 01:33:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 01:33:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:33:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:33:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:33:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:33:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:33:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:33:07 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 00:33" Information 2017-12-21 01:33:06 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.198.102.139:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 00:33, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 01:26:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T22:59:10Z. Reason: RulesEngine. Information 2017-12-21 01:25:05 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-21 01:24:16 ESENT 916 General svchost (3292,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:23:56 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-21 01:23:56 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T22:58:56Z. Reason: RulesEngine. Information 2017-12-21 01:23:37 ESENT 916 General svchost (4172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:23:32 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-21 01:23:30 ESENT 916 General svchost (8188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:23:29 TV Server 0 None Service started successfully. Information 2017-12-21 01:23:26 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-21 01:23:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-21 01:23:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:23:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:23:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:23:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:23:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:23:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-21 01:23:22 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/21 00:23" Information 2017-12-21 01:23:21 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.142.10.130:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/21 00:23, 1, 1, 259116, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-21 01:23:19 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-21 01:23:18 ESENT 326 General "SearchIndexer (6384,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000058:008A:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001347 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.038504 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:13, WS:-740K # 0K, PF:-768K # 0K, P:-768K) [4] 0.000732 +J(0) [5] - [6] - [7] 0.040703 -0.002202 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:31, WS:124K # 0K, PF:560K # 0K, P:560K) [8] 0.001920 -0.001060 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000915 -0.000589 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 0K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000112 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-21 01:23:18 ESENT 105 General "SearchIndexer (6384,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000058:0047:0000 - 00000058:0088:0000 - 00000000:0000:0000 - 00000058:0088:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.010937 +J(0) +M(C:0K, Fs:234, WS:912K # 912K, PF:5480K # 5480K, P:5480K) [2] 0.000791 +J(0) +M(C:10240K, Fs:101, WS:404K # 404K, PF:380K # 380K, P:380K) [3] 0.000042 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K) [4] 0.000186 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.010138 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.069302 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.004859 +J(0) +M(C:0K, Fs:287, WS:1148K # 1148K, PF:1036K # 1036K, P:1036K) [8] 0.328856 -0.017816 (10) CM +J(CM:10, PgRf:614, Rd:0/10, Dy:10/1348, Lg:543227/2781) +M(C:0K, Fs:770, WS:2072K # 2072K, PF:1692K # 1692K, P:1692K) [9] - [10] 0.002193 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000311 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.074297 -0.000005 (10) CM +J(CM:10, PgRf:0, Rd:0/10, Dy:0/0, Lg:0/0) +M(C:0K, Fs:50, WS:8K # 0K, PF:0K # 0K, P:0K) [13] 0.132261 -0.004174 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-360K # 0K, PF:-380K # 0K, P:-380K) [14] 0.000031 +J(0) [15] 0.000047 +J(0) [16] 0.000727 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-21 01:23:18 ESENT 302 Logging/Recovery SearchIndexer (6384,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-21 01:23:18 ESENT 301 Logging/Recovery "SearchIndexer (6384,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-21 01:23:18 ESENT 300 Logging/Recovery SearchIndexer (6384,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-21 01:23:17 ESENT 916 General SearchIndexer (6384,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:23:17 ESENT 102 General SearchIndexer (6384,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-21 01:23:14 ESENT 916 General taskhostw (3136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:23:07 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-21 01:23:07 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259117)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-21 01:23:05 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-21 01:23:04 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-21 01:22:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 01:22:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 01:22:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 01:22:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-21 01:22:57 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-21 01:22:50 ESENT 916 General svchost (3364,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:22:35 ESENT 916 General svchost (2896,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:22:34 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7715569 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:34 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:33 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:33 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:33 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:33 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:33 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:33 MySQL 100 None "InnoDB: The log sequence numbers 7713735 and 7713735 in ibdata files do not match the log sequence number 7715569 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:33 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:32 Service1 0 None Service started successfully. Warning 2017-12-21 01:22:32 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-21 01:22:31 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-21 01:22:31 ESENT 916 General taskhostw (3136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 01:22:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-21 01:22:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-21 01:22:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-21 01:22:29 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-21 01:22:28 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-21 01:22:27 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-21 01:22:24 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-21 01:22:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-21 01:22:22 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-21 01:22:22 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-21 01:19:50 Windows Error Reporting 1001 None "Fault bucket 1587963469197228495, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 1380145073229449331 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: 1191 P5: 134217984 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6DA.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6FB.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC779.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WERD4F4.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF84.tmp.hdmp \\?\C:\Users\Eglobal\AppData\Local\Temp\WER712.tmp.xml \\?\C:\Users\Eglobal\AppData\Local\Temp\WER723.tmp.WERDataCollectionStatus.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SetupTv.exe_622e77ea186c8e2e1668e6534e2e3f75f4365e_acb3f77f_cab_21f09b50 Analysis symbol: Rechecking for solution: 0 Report Id: e9767f20-7a51-401f-9d38-ccb30f48019e Report Status: 268435464 Hashed bucket: 2534c17c6717be22c609945ca1cc39cf" Information 2017-12-21 01:19:49 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on (C:) Information 2017-12-21 01:19:23 ESENT 916 General DllHost (8500,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Error 2017-12-21 01:19:12 Application Hang 1002 (101) "The program SetupTv.exe version 1.18.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1e08 Start Time: 01d379f1150c01ed Termination Time: 46 Application Path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Report Id: e9767f20-7a51-401f-9d38-ccb30f48019e Faulting package full name: Faulting package-relative application ID: " Error 2017-12-21 01:17:14 Application Hang 1002 (101) "The program SetupTv.exe version 1.18.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 23f4 Start Time: 01d379ee7a325024 Termination Time: 70 Application Path: C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe Report Id: d10ee0d8-cf4e-4c6d-b502-33dde5e464f0 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-21 01:17:13 Windows Error Reporting 1001 None "Fault bucket 2191556660956098072, type 5 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: SetupTv.exe P2: 1.18.0.0 P3: 59d9d5c3 P4: 1918 P5: 134217984 P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER200F.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER202E.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER20BC.tmp.txt \\?\C:\Users\Eglobal\AppData\Local\Temp\WER2E68.tmp.appcompat.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SetupTv.exe_561e6f3423d488d9b0b1e09c4e9b5502aed32_acb3f77f_1662384a Analysis symbol: Rechecking for solution: 0 Report Id: d10ee0d8-cf4e-4c6d-b502-33dde5e464f0 Report Status: 268435456 Hashed bucket: c805d98d4ee5d6032e69f92bf96dee18" Information 2017-12-21 00:57:51 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-21 00:54:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-21 00:53:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T22:58:58Z. Reason: RulesEngine. Information 2017-12-21 00:52:35 ESENT 916 General svchost (4224,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 23:59:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T22:58:49Z. Reason: RulesEngine. Information 2017-12-20 23:59:19 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/18:22:59:18;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-20 23:59:10 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-20 23:59:10 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-20 23:59:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-20 23:59:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 23:59:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 23:59:07 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/20 22:59" Information 2017-12-20 23:59:06 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.48.120.111:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/20 22:59, 1, 1, 258658, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-20 23:53:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 22:52:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 21:52:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 20:51:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 19:51:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 18:50:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 18:48:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 18:48:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 17:49:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 16:48:49 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-20 16:47:47 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 16:45:51 ESENT 326 General "svchost (6792,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000002:0006:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001784 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K) [3] 0.019664 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.008656 +J(0) [5] - [6] - [7] 0.001760 -0.001369 (2) CM +J(CM:2, PgRf:2, Rd:12/2, Dy:0/0, Lg:0/0) +M(C:8K, Fs:2, WS:8K # 0K, PF:8K # 0K, P:8K) [8] 0.001806 -0.001247 (3) CM +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:23, WS:92K # 76K, PF:196K # 152K, P:196K) [9] 0.000689 -0.000397 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [10] 0.000046 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [11] 0.000117 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-20 16:45:51 ESENT 105 General "svchost (6792,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000001:0001:0000 - 00000002:0001:0000 - 00000002:0004:0000 - 00000002:0004:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.004581 +J(0) +M(C:0K, Fs:175, WS:688K # 688K, PF:3416K # 3420K, P:3416K) [2] 0.000872 +J(0) +M(C:8K, Fs:88, WS:348K # 348K, PF:304K # 300K, P:304K) [3] 0.000033 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000343 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:164K # 164K, P:164K) [5] 0.018036 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:24K # 24K, P:24K) [6] 0.010390 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:20K # 20K, P:20K) [7] 0.027126 +J(0) +M(C:0K, Fs:39, WS:156K # 156K, PF:64K # 64K, P:64K) [8] 0.144320 -0.096195 (236) CM +J(CM:236, PgRf:326, Rd:12/236, Dy:0/0, Lg:56553/736) +M(C:40K, Fs:180, WS:640K # 640K, PF:728K # 728K, P:728K) + 1 lgens [9] 0.013698 -0.007310 (12) CM +J(CM:12, PgRf:49, Rd:0/12, Dy:0/0, Lg:12158/110) +M(C:0K, Fs:8, WS:28K # 32K, PF:4K # 8K, P:4K) [10] 0.001863 +J(0) +M(C:0K, Fs:5, WS:-44K # 8K, PF:-4K # 52K, P:-4K) [11] 0.000232 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.011561 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K) [13] 0.094388 -0.000889 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:30, WS:-8K # 36K, PF:-32K # 0K, P:-32K) [14] 0.000030 +J(0) [15] 0.000026 +J(0) [16] 0.001732 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-20 16:45:51 ESENT 302 Logging/Recovery svchost (6792,U,0) DS_Token_DB: The database engine has successfully completed recovery steps. Information 2017-12-20 16:45:50 ESENT 301 Logging/Recovery "svchost (6792,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Previous Log Processing Stats: [1] 0.137189 -0.096195 (236) CM +J(CM:236, PgRf:326, Rd:12/236, Dy:0/0, Lg:56553/736) +M(C:40K, Fs:155, WS:548K # 548K, PF:656K # 656K, P:656K)." Information 2017-12-20 16:45:50 ESENT 301 Logging/Recovery "svchost (6792,R,0) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS00001.log. Previous Log Processing Stats: " Information 2017-12-20 16:45:50 ESENT 300 Logging/Recovery svchost (6792,R,0) DS_Token_DB: The database engine is initiating recovery steps. Information 2017-12-20 16:45:50 ESENT 916 General svchost (6792,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 16:45:50 ESENT 102 General svchost (6792,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-20 16:45:49 ESENT 916 General svchost (4224,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 15:47:00 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:56:59 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T13:45:59Z. Reason: RulesEngine. Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:56:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:56:26 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/20 13:56" Information 2017-12-20 14:56:25 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.58.113.3:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/20 13:56, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-20 14:53:49 ESENT 916 General svchost (8164,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:51:41 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T13:46:41Z. Reason: RulesEngine. Information 2017-12-20 14:50:38 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-20 14:48:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T13:46:49Z. Reason: RulesEngine. Information 2017-12-20 14:48:18 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-20 14:48:17 ESENT 916 General svchost (3712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:47:45 ESENT 916 General svchost (3476,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:47:27 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-20 14:47:27 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-19T13:46:27Z. Reason: RulesEngine. Information 2017-12-20 14:46:59 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-20 14:46:57 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/18:13:46:56;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-20 14:46:57 ESENT 916 General svchost (4224,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:46:48 TV Server 0 None Service started successfully. Information 2017-12-20 14:46:44 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-20 14:46:43 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-20 14:46:43 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-20 14:46:43 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:46:43 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:46:42 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:46:42 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:46:42 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:46:42 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-20 14:46:39 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/20 13:46" Information 2017-12-20 14:46:38 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.233.217.132:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/20 13:46, 1, 1, 258313, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-20 14:46:35 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-20 14:46:34 ESENT 326 General "SearchIndexer (7800,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000058:0048:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001998 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.028615 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000527 +J(0) [5] - [6] - [7] 0.044762 -0.001583 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001161 -0.000667 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 124K, P:260K) [9] 0.000925 -0.000588 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000036 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-20 14:46:34 ESENT 105 General "SearchIndexer (7800,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.007624 +J(0) +M(C:0K, Fs:230, WS:896K # 896K, PF:5480K # 5480K, P:5480K) [2] 0.000755 +J(0) +M(C:10240K, Fs:98, WS:392K # 392K, PF:368K # 368K, P:368K) [3] 0.003637 +J(0) +M(C:0K, Fs:31, WS:120K # 120K, PF:132K # 132K, P:132K) [4] 0.000298 +J(0) +M(C:0K, Fs:27, WS:108K # 108K, PF:224K # 224K, P:224K) [5] 0.011176 +J(0) +M(C:0K, Fs:53, WS:212K # 212K, PF:24K # 32K, P:24K) [6] 0.004606 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 12K, P:20K) [7] 0.013381 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] - [9] - [10] - [11] - [12] - [13] 0.008601 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:12, WS:-988K # 28K, PF:-1020K # 16K, P:-1020K) [14] 0.000040 +J(0) [15] 0.000106 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000741 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-20 14:46:34 ESENT 916 General SearchIndexer (7800,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:46:34 ESENT 102 General SearchIndexer (7800,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-20 14:46:32 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-20 14:46:32 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258313)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-20 14:46:30 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-20 14:46:27 ESENT 916 General taskhostw (3120,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:46:24 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-20 14:46:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 14:46:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 14:46:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 14:46:12 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 14:46:12 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-20 14:46:09 ESENT 916 General svchost (3512,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:46:03 ESENT 916 General svchost (2636,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:45:59 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7713735 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:59 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:58 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:58 Service1 0 None Service started successfully. Information 2017-12-20 14:45:58 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:58 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:58 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:58 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:58 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:58 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:57 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-20 14:45:57 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:57 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-20 14:45:55 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-20 14:45:54 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-20 14:45:53 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-20 14:45:54 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-20 14:45:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-20 14:45:54 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-20 14:45:52 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-20 14:45:52 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-20 14:45:47 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-20 14:45:48 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-20 14:45:15 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-20 14:45:15 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:15 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:15 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-20 14:45:14 TV Server 0 None Service has been successfully shut down. Information 2017-12-20 14:45:12 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-20 14:45:12 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 684 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3092 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7180 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 4272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 4272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 8924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 540 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 8924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2160 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-20 14:45:12 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-20 14:45:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-20 14:45:12 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-20 14:44:56 ESENT 916 General svchost (8676,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:39:11 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 14:27:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 13:43:41 TV Server 0 None Service started successfully. Information 2017-12-20 13:43:33 TV Server 0 None Service stopped successfully. Information 2017-12-20 13:40:35 TV Server 0 None Service started successfully. Information 2017-12-20 13:40:27 TV Server 0 None Service stopped successfully. Information 2017-12-20 13:40:12 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 13:26:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 12:52:28 Windows Error Reporting 1001 None "Fault bucket 109099760285, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.4.0.0 P3: 599be633 P4: kodi.exe P5: 17.4.0.0 P6: 599be633 P7: c0000005 P8: 001dc090 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3FF.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA2B.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA4A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBAC8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_e682b3552710ebb34729ed9bd51f9095104764_779feec1_12b6c1e7 Analysis symbol: Rechecking for solution: 0 Report Id: 46834947-37ae-40ae-b7d9-3316ef2d810c Report Status: 268435456 Hashed bucket: 3bf6bba09aec01308ed161f722a38439" Error 2017-12-20 12:52:24 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.4.0.0, time stamp: 0x599be633 Faulting module name: kodi.exe, version: 17.4.0.0, time stamp: 0x599be633 Exception code: 0xc0000005 Fault offset: 0x001dc090 Faulting process id: 0x60 Faulting application start time: 0x01d37988fb80f137 Faulting application path: D:\Kodi 17.4\App\kodi.exe Faulting module path: D:\Kodi 17.4\App\kodi.exe Report Id: 46834947-37ae-40ae-b7d9-3316ef2d810c Faulting package full name: Faulting package-relative application ID: " Information 2017-12-20 12:52:06 Windows Error Reporting 1001 None "Fault bucket 1746790000803293023, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.4.0.0 P3: 599be633 P4: ntdll.dll P5: 10.0.16299.64 P6: ac8afc81 P7: c0000005 P8: 0002cfd6 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER57D5.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER63BE.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER63DB.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6459.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_4b8899253fd7272a364da84c4463c3be729d36_779feec1_130a6b4b Analysis symbol: Rechecking for solution: 0 Report Id: a618247b-957b-46dd-8837-7492143b7c7f Report Status: 268435456 Hashed bucket: 4f9f361901c356ae283dd8403715a75f" Information 2017-12-20 12:52:03 Windows Error Reporting 1001 None "Fault bucket 129539362095, type 5 Event Name: FaultTolerantHeap Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.4.0.0 P3: 599BE633 P4: ffffbaad P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp\FTH54D5.tmp\fthempty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER54F5.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5533.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER55C1.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 4112cee6-1f73-4aa1-8e03-3705e771a43f Report Status: 268435456 Hashed bucket: a0e8b5ea5492057d6db153be6e26ac32" Error 2017-12-20 12:52:00 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.4.0.0, time stamp: 0x599be633 Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0xac8afc81 Exception code: 0xc0000005 Fault offset: 0x0002cfd6 Faulting process id: 0x21d8 Faulting application start time: 0x01d37988ecd9436a Faulting application path: D:\Kodi 17.4\App\kodi.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a618247b-957b-46dd-8837-7492143b7c7f Faulting package full name: Faulting package-relative application ID: " Information 2017-12-20 12:39:07 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 12:25:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 12:13:13 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 12:11:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 12:11:59 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-20 12:01:40 Windows Error Reporting 1001 None "Fault bucket 1758312157268108688, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.3.0.0 P3: 5925f940 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 9e3394c7 P7: c0000005 P8: 0003d93f P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C6F.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER372F.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER374A.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER37D8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_f9631a6cf1fc977cc7f054631f3df92ff2690dc_b9ea6c60_04f03efb Analysis symbol: Rechecking for solution: 0 Report Id: a1fd363f-0255-4cf0-a3bd-9990441a2537 Report Status: 268435456 Hashed bucket: ebc06fd45e0063384866c79752376590" Error 2017-12-20 12:01:35 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.3.0.0, time stamp: 0x5925f940 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x9e3394c7 Exception code: 0xc0000005 Fault offset: 0x0003d93f Faulting process id: 0x94 Faulting application start time: 0x01d37981badf1986 Faulting application path: D:\Kodi MQ\App\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: a1fd363f-0255-4cf0-a3bd-9990441a2537 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-20 11:39:07 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 11:24:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 10:45:40 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: ." Information 2017-12-20 10:44:50 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <039EEDB80BE7A03C6953893B20D2D9323A4C2AFD>. Information 2017-12-20 10:44:50 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <039EEDB80BE7A03C6953893B20D2D9323A4C2AFD>. Information 2017-12-20 10:39:06 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 10:23:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 09:39:06 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 09:22:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 09:12:46 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 08:21:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 08:11:58 ESENT 916 General svchost (7676,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 07:20:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 07:17:45 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-20 07:11:15 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 06:19:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 05:18:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 04:22:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T22:59:14Z. Reason: RulesEngine. Information 2017-12-20 04:21:29 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 04:17:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 03:34:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T22:58:40Z. Reason: RulesEngine. Information 2017-12-20 03:16:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 02:15:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 01:14:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 00:13:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-20 00:00:01 ESENT 916 General svchost (1048,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 23:59:50 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T22:58:50Z. Reason: RulesEngine. Information 2017-12-19 23:59:20 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/17:22:59:19;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-19 23:59:10 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 23:59:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 23:59:07 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 22:59" Information 2017-12-19 23:59:06 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.213.236.217:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 22:59, 1, 1, 258981, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 23:40:09 Windows Error Reporting 1001 None "Fault bucket 2188934577949880138, type 5 Event Name: BEX Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: StackHash_2beb P5: 0.0.0.0 P6: 00000000 P7: PCH_96_FROM_ntdll+0x0006ED1C P8: c0000005 P9: 00000008 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER52CA.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5916.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5940.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER59AF.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_e7cb39482c904bb47a52ee37e093963b2a7e4015_4a57e4ee_1d496130 Analysis symbol: Rechecking for solution: 0 Report Id: 5c92d7f6-e710-4d5c-8bd7-c38573344de9 Report Status: 268435456 Hashed bucket: 346d002d2432960b2e60a866b345af4a" Error 2017-12-19 23:40:05 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.6.0.0, time stamp: 0x5a2d50f5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x706d6126 Faulting process id: 0x1838 Faulting application start time: 0x01d37918b4553da6 Faulting application path: C:\Program Files (x86)\Kodi\kodi.exe Faulting module path: unknown Report Id: 5c92d7f6-e710-4d5c-8bd7-c38573344de9 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-19 23:39:51 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 23:28:13 Windows Error Reporting 1001 None "Fault bucket 1680984716787111918, type 5 Event Name: BEX Response: Not available Cab Id: 0 Problem signature: P1: kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: ucrtbase.dll P5: 10.0.16299.125 P6: 9e3394c7 P7: 000933ab P8: c0000409 P9: 00000007 P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5DAD.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A42.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A6C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6ADB.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_kodi.exe_3a9bffd163f1e3ed2bcb23eb7667852982f123_4a57e4ee_22ee71fe Analysis symbol: Rechecking for solution: 0 Report Id: a39078b9-a31b-4433-989d-c8dc6c758538 Report Status: 268435456 Hashed bucket: 641a3d0724bec589f7540eb194f4d7ee" Error 2017-12-19 23:28:07 Application Error 1000 (100) "Faulting application name: kodi.exe, version: 17.6.0.0, time stamp: 0x5a2d50f5 Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x9e3394c7 Exception code: 0xc0000409 Fault offset: 0x000933ab Faulting process id: 0x2228 Faulting application start time: 0x01d37918903811e5 Faulting application path: C:\Program Files (x86)\Kodi\kodi.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: a39078b9-a31b-4433-989d-c8dc6c758538 Faulting package full name: Faulting package-relative application ID: " Information 2017-12-19 23:12:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 22:39:06 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 22:11:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 22:05:54 ESENT 916 General svchost (4648,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 21:49:48 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-19 21:39:06 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 21:10:00 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:39:22 Windows Error Reporting 1001 None "Fault bucket 129575400892, type 5 Event Name: RADAR_PRE_LEAK_64 Response: Not available Cab Id: 0 Problem signature: P1: MicrosoftEdgeCP.exe P2: 11.0.16299.15 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDRD732.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD733.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD7AF.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD82D.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: e9ec9a6e-9648-4a47-bbcd-302824c4fe1d Report Status: 268435456 Hashed bucket: b9e4e8d4cc510c42c7f009edb7ae72bb" Information 2017-12-19 20:39:06 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:34:30 ESENT 916 General DllHost (5556,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:34:14 ESENT 916 General MicrosoftEdge (6924,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:20:17 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T19:05:17Z. Reason: RulesEngine. Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:19:46 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:19:43 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 19:19" Information 2017-12-19 20:19:42 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.149.199.40:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 19:19, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 20:14:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T19:05:14Z. Reason: RulesEngine. Information 2017-12-19 20:12:27 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T19:05:26Z. Reason: RulesEngine. Information 2017-12-19 20:11:54 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-19 20:11:50 ESENT 916 General svchost (6152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:11:02 ESENT 916 General svchost (2936,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:10:30 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-19 20:10:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T19:05:30Z. Reason: RulesEngine. Information 2017-12-19 20:10:29 ESENT 916 General svchost (4272,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:10:16 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-19 20:10:05 TV Server 0 None Service started successfully. Information 2017-12-19 20:09:59 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 20:09:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 20:09:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:09:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:09:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:09:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:09:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:09:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:09:55 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 19:09" Information 2017-12-19 20:09:54 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.115.203.185:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 19:09, 1, 1, 259196, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 20:09:52 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-19 20:09:50 ESENT 326 General "SearchIndexer (4608,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000000F:00CB:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001139 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.082642 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:15, WS:28K # 0K, PF:20K # 0K, P:20K) [4] 0.000470 +J(0) [5] - [6] - [7] 0.105466 -0.001634 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:104K # 0K, PF:512K # 0K, P:512K) [8] 0.001076 -0.000595 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000805 -0.000522 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-19 20:09:50 ESENT 105 General "SearchIndexer (4608,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000000F:00AD:0000 - 0000000F:00C9:0000 - 00000000:0000:0000 - 0000000F:00C9:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.003767 +J(0) +M(C:0K, Fs:219, WS:860K # 860K, PF:5472K # 5472K, P:5472K) [2] 0.000926 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000062 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000222 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.005769 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004594 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004542 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] 0.240263 -0.013361 (11) CM +J(CM:11, PgRf:403, Rd:0/11, Dy:11/912, Lg:806645/3390) +M(C:0K, Fs:726, WS:1852K # 1852K, PF:1584K # 1584K, P:1584K) [9] - [10] 0.001928 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000209 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.157592 -0.000008 (10) CM +J(CM:10, PgRf:0, Rd:0/10, Dy:0/0, Lg:0/0) +M(C:0K, Fs:54, WS:8K # 0K, PF:0K # 0K, P:0K) [13] 0.157771 -0.001286 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:313, WS:-1112K # 0K, PF:-1152K # 0K, P:-1152K) [14] 0.000029 +J(0) [15] 0.000046 +J(0) [16] 0.000529 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-19 20:09:50 ESENT 302 Logging/Recovery SearchIndexer (4608,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-19 20:09:50 ESENT 301 Logging/Recovery "SearchIndexer (4608,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-19 20:09:50 ESENT 300 Logging/Recovery SearchIndexer (4608,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-19 20:09:50 ESENT 916 General SearchIndexer (4608,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:09:50 ESENT 102 General SearchIndexer (4608,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-19 20:09:44 ESENT 916 General taskhostw (3032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:09:40 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-19 20:09:40 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259196)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 20:09:39 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-19 20:09:38 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-19 20:09:35 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:09:35 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 20:09:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 20:09:34 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 20:09:34 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-19 20:08:37 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:37 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 ESENT 916 General taskhostw (3032,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:08:36 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7686268 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:36 Service1 0 None Service started successfully. Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: The log sequence numbers 7680603 and 7680603 in ibdata files do not match the log sequence number 7686268 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-19 20:08:35 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:08:35 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-19 20:08:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-19 20:08:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-19 20:08:33 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-19 20:08:33 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-19 20:08:32 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-19 20:08:30 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-19 20:08:29 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-19 20:08:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-19 20:08:28 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-19 20:08:27 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-19 20:07:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T19:05:44Z. Reason: RulesEngine. Information 2017-12-19 20:07:13 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-19 20:07:12 ESENT 916 General svchost (7112,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:06:37 ESENT 916 General svchost (2928,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:06:19 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-19 20:06:19 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T19:05:19Z. Reason: RulesEngine. Information 2017-12-19 20:05:56 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-19 20:05:49 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/17:19:05:48;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-19 20:05:46 ESENT 916 General svchost (4548,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:05:40 TV Server 0 None Service started successfully. Information 2017-12-19 20:05:37 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-19 20:05:36 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 20:05:36 ESENT 326 General "SearchIndexer (7740,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000000F:00AE:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001915 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.019139 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000493 +J(0) [5] - [6] - [7] 0.034472 -0.001594 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001084 -0.000626 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000768 -0.000506 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000030 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000102 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000012 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-19 20:05:36 ESENT 105 General "SearchIndexer (7740,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.051343 +J(0) +M(C:0K, Fs:222, WS:868K # 868K, PF:5484K # 5484K, P:5484K) [2] 0.000731 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.000049 +J(0) +M(C:0K, Fs:8, WS:32K # 32K, PF:64K # 64K, P:64K) [4] 0.000200 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:224K # 224K, P:224K) [5] 0.006414 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.004549 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.005387 +J(0) +M(C:0K, Fs:282, WS:1128K # 1128K, PF:1040K # 1040K, P:1040K) [8] - [9] - [10] - [11] - [12] - [13] 0.009840 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000115 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000570 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-19 20:05:36 ESENT 916 General SearchIndexer (7740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:05:36 ESENT 102 General SearchIndexer (7740,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-19 20:05:35 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 20:05:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 20:05:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:05:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:05:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:05:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:05:35 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:05:34 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 20:05:32 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 19:05" Information 2017-12-19 20:05:30 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.70.200.54:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 19:05, 1, 1, 258889, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 20:05:23 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-19 20:05:23 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258889)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 20:05:21 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-19 20:05:18 ESENT 916 General taskhostw (2876,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:05:15 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-19 20:05:05 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 20:05:05 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 20:05:05 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 20:05:05 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-19 20:05:04 ESENT 916 General svchost (2992,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:04:58 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7680603 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:58 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:57 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-19 20:04:57 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 20:04:56 Service1 0 None Service started successfully. Information 2017-12-19 20:04:53 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-19 20:04:45 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-19 20:04:45 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-19 20:04:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-19 20:04:44 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-19 20:04:42 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-19 20:04:41 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-19 20:04:41 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-19 20:04:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-19 20:04:40 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-19 20:04:39 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-19 20:04:11 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-19 20:04:11 Service1 0 None Service has been successfully shut down. Information 2017-12-19 20:04:10 TV Server 0 None Service has been successfully shut down. Information 2017-12-19 20:04:08 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 680 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2144 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2840 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 7768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 3508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 540 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 824 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3508 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2720 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security " Information 2017-12-19 20:04:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-19 20:04:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-19 20:04:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-19 20:03:53 ESENT 916 General DllHost (5940,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 20:03:13 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-19 19:57:37 ESENT 916 General svchost (3508,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 19:55:48 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2017-12-19 19:55:37 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on System Reserved Information 2017-12-19 19:55:11 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on New Volume (G:) Information 2017-12-19 19:47:00 ESENT 916 General svchost (2740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 19:44:58 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Storage (D:) Information 2017-12-19 19:44:50 Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on (C:) Information 2017-12-19 19:43:02 ESENT 916 General DllHost (5940,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 19:39:20 ESENT 916 General svchost (3508,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 19:38:46 ESENT 916 General svchost (704,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 19:38:46 ESENT 916 General DllHost (5940,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 18:46:00 ESENT 916 General svchost (2740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 18:44:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 18:44:58 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 18:43:17 ESENT 916 General svchost (3508,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 18:08:43 Windows Error Reporting 1001 None "Fault bucket 129588937969, type 5 Event Name: RADAR_PRE_LEAK_WOW64 Response: Not available Cab Id: 0 Problem signature: P1: MediaPortal.exe P2: 1.18.0.0 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDR29CC.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER29DD.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BEF.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CFA.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 74dd61f5-4436-40e8-b5ba-b955a0ea33f1 Report Status: 268435456 Hashed bucket: cdd4f4ca404bf0cd2e16345680dc7772" Information 2017-12-19 18:06:54 ESENT 916 General svchost (3508,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 17:45:00 ESENT 916 General svchost (2740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 16:44:00 ESENT 916 General svchost (2740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 15:59:59 ESENT 916 General svchost (5896,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 15:44:00 ESENT 916 General svchost (2740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 15:02:53 ESENT 916 General svchost (2740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 15:01:58 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-19 14:56:48 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-19 14:54:40 ESENT 916 General svchost (2712,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:54:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T13:43:36Z. Reason: RulesEngine. Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:54:05 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:54:03 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 13:54" Information 2017-12-19 14:54:02 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.245.84.119:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 13:54, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 14:53:44 ESENT 325 General "svchost (5524,D,0) DS_Token_DB: The database engine created a new database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Additional Data: lgposCreate = 00000001:0001:0268 Internal Timing Sequence: [1] 0.000275 +J(0) +M(C:0K, Fs:2, WS:8K # 8K, PF:4K # 4K, P:4K) [2] 0.001966 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K) [3] 0.021181 +J(0) +M(C:0K, Fs:21, WS:76K # 80K, PF:36K # 40K, P:36K) [4] 0.078163 +J(0) +M(C:0K, Fs:54, WS:216K # 212K, PF:88K # 84K, P:88K) [5] 0.000424 +J(CM:0, PgRf:3, Rd:0/0, Dy:3/6, Lg:122/4) +M(C:8K, Fs:32, WS:128K # 128K, PF:156K # 160K, P:156K) [6] 0.015882 +J(CM:0, PgRf:249, Rd:0/0, Dy:16/428, Lg:28550/465) +M(C:64K, Fs:91, WS:364K # 364K, PF:616K # 612K, P:616K) [7] 0.002372 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [8] 0.000012 +J(0) [9] 0.009760 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:0K # 4K, P:0K) [10] 0.034148 -0.002050 (4) CM +J(CM:4, PgRf:384, Rd:0/4, Dy:10/92, Lg:12509/128) +M(C:-40K, Fs:34, WS:80K # 108K, PF:112K # 144K, P:112K) [11] 0.000010 +J(0)." Information 2017-12-19 14:53:44 ESENT 637 General "svchost (5524,D,0) DS_Token_DB: New flush map file ""C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm"" will be created to enable persisted lost flush detection." Information 2017-12-19 14:53:44 ESENT 105 General "svchost (5524,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.009859 +J(0) +M(C:0K, Fs:174, WS:692K # 692K, PF:3416K # 3420K, P:3416K) [2] 0.000863 +J(0) +M(C:8K, Fs:88, WS:344K # 344K, PF:300K # 296K, P:300K) [3] 0.000033 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K) [4] 0.000294 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:160K # 160K, P:160K) [5] 0.010370 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:24K # 24K, P:24K) [6] 0.009653 +J(0) +M(C:0K, Fs:28, WS:108K # 108K, PF:20K # 20K, P:20K) [7] - [8] - [9] - [10] - [11] - [12] - [13] 0.035828 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:82, WS:260K # 296K, PF:76K # 80K, P:76K) [14] 0.000035 +J(0) [15] 0.000074 +J(0) +M(C:0K, Fs:16, WS:64K # 28K, PF:64K # 60K, P:64K) [16] 0.007301 +J(0) +M(C:0K, Fs:10, WS:32K # 32K, PF:4K # 8K, P:4K)." Information 2017-12-19 14:53:44 ESENT 916 General svchost (5524,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:53:44 ESENT 102 General svchost (5524,P,0) DS_Token_DB: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-19 14:47:05 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T13:44:05Z. Reason: RulesEngine. Information 2017-12-19 14:46:07 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T13:44:07Z. Reason: RulesEngine. Information 2017-12-19 14:45:36 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-19 14:45:11 ESENT 916 General svchost (2712,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:45:02 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-19 14:45:01 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T13:44:01Z. Reason: RulesEngine. Information 2017-12-19 14:44:33 ESENT 916 General svchost (3508,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:44:31 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/17:13:44:31;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-19 14:44:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-19 14:44:16 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-19 14:44:15 ESENT 326 General "SearchIndexer (7396,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000000F:0023:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.002688 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.029916 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:15, WS:28K # 0K, PF:20K # 0K, P:20K) [4] 0.000657 +J(0) [5] - [6] - [7] 0.075871 -0.001859 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:18, WS:72K # 0K, PF:512K # 0K, P:512K) [8] 0.001166 -0.000703 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.001066 -0.000643 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000048 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000456 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000005 +J(0) [13] 0.0 +J(0) [14] 0.000078 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-19 14:44:15 ESENT 105 General "SearchIndexer (7396,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000000E:00FC:0000 - 0000000F:0001:0000 - 0000000F:0021:0000 - 0000000F:0021:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.003839 +J(0) +M(C:0K, Fs:271, WS:1064K # 1064K, PF:5492K # 5492K, P:5492K) [2] 0.000874 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.000074 +J(0) +M(C:0K, Fs:8, WS:24K # 24K, PF:72K # 72K, P:72K) [4] 0.000194 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:220K # 220K, P:220K) [5] 0.009036 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:20K # 20K, P:20K) [6] 0.006422 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004566 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] 0.085189 -0.002821 (2) CM +J(CM:2, PgRf:3, Rd:17/2, Dy:2/4, Lg:1017335/3640) +M(C:0K, Fs:837, WS:1448K # 1448K, PF:1920K # 1920K, P:1920K) + 1 lgens [9] 0.047788 -0.000287 (17) CM +J(CM:17, PgRf:129, Rd:0/17, Dy:17/241, Lg:129781/487) +M(C:0K, Fs:198, WS:760K # 760K, PF:0K # 32K, P:0K) [10] 0.005082 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000144 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.058511 -0.000009 (19) CM +J(CM:19, PgRf:0, Rd:0/19, Dy:0/0, Lg:0/0) +M(C:0K, Fs:149, WS:12K # 0K, PF:8K # 0K, P:8K) [13] 0.105035 -0.001463 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:304, WS:-1412K # 0K, PF:-1476K # 0K, P:-1476K) [14] 0.000032 +J(0) [15] 0.000047 +J(0) [16] 0.000577 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-19 14:44:15 ESENT 302 Logging/Recovery SearchIndexer (7396,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-19 14:44:15 ESENT 301 Logging/Recovery "SearchIndexer (7396,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.068049 -0.002821 (2) CM +J(CM:2, PgRf:3, Rd:17/2, Dy:2/4, Lg:1017335/3640) +M(C:0K, Fs:576, WS:512K # 416K, PF:1088K # 992K, P:1088K)." Information 2017-12-19 14:44:15 ESENT 301 Logging/Recovery "SearchIndexer (7396,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0000E.jtx. Previous Log Processing Stats: " Information 2017-12-19 14:44:15 ESENT 300 Logging/Recovery SearchIndexer (7396,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-19 14:44:15 ESENT 916 General SearchIndexer (7396,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:44:15 ESENT 102 General SearchIndexer (7396,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-19 14:44:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 14:44:09 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 14:44:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 14:44:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:44:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:44:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:44:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:44:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:44:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 14:44:06 ESENT 916 General taskhostw (3768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:44:06 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 13:44" Information 2017-12-19 14:44:04 TV Server 0 None Service started successfully. Information 2017-12-19 14:44:04 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.52.250.103:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 13:44, 1, 1, 258684, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 14:44:00 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-19 14:44:00 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258684)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 14:43:58 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-19 14:43:57 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-19 14:43:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 14:43:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 14:43:56 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 14:43:56 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-19 14:43:34 ESENT 916 General taskhostw (3768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:43:32 ESENT 916 General svchost (2740,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 14:43:31 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:31 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:30 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:30 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:30 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:30 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:30 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7667218 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:30 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:30 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: The log sequence numbers 7659568 and 7659568 in ibdata files do not match the log sequence number 7667218 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:29 Service1 0 None Service started successfully. Warning 2017-12-19 14:43:29 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 14:43:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-19 14:43:28 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-19 14:43:27 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-19 14:43:26 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-19 14:43:26 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-19 14:43:25 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-19 14:43:23 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-19 14:43:20 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-19 14:43:19 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-19 14:43:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-19 14:43:17 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-19 14:43:18 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-19 06:14:52 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-19 06:11:32 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-19 06:08:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T04:57:34Z. Reason: RulesEngine. Information 2017-12-19 06:08:03 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 06:08:03 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 06:08:03 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 06:08:03 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 06:08:03 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 06:08:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 06:08:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 06:08:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 06:07:59 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 05:07" Information 2017-12-19 06:07:57 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.124.76.101:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 05:07, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 06:07:21 ESENT 916 General MicrosoftEdge (1188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 06:02:54 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T04:57:54Z. Reason: RulesEngine. Information 2017-12-19 06:00:10 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T04:57:10Z. Reason: RulesEngine. Information 2017-12-19 05:59:39 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-19 05:59:38 ESENT 916 General svchost (6152,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:58:40 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-19 05:58:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-18T04:57:40Z. Reason: RulesEngine. Information 2017-12-19 05:58:20 ESENT 916 General svchost (3552,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:58:15 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-19 05:58:10 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/17:04:58:09;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-19 05:58:10 ESENT 916 General svchost (4372,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:58:00 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 05:58:00 TV Server 0 None Service started successfully. Information 2017-12-19 05:57:59 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-19 05:57:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-19 05:57:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 05:57:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 05:57:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 05:57:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 05:57:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 05:57:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-19 05:57:56 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/19 04:57" Information 2017-12-19 05:57:55 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.53.21.184:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/19 04:57, 1, 1, 258611, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 05:57:50 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-19 05:57:47 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-19 05:57:47 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 258611)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-19 05:57:47 ESENT 326 General "SearchIndexer (6108,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000000E:00FD:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.008310 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.030706 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:128K # 0K, PF:152K # 0K, P:152K) [4] 0.000515 +J(0) [5] - [6] - [7] 0.054394 -0.001496 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:51, WS:204K # 0K, PF:640K # 0K, P:640K) [8] 0.001127 -0.000661 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 116K, P:256K) [9] 0.000828 -0.000544 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:12, WS:44K # 0K, PF:100K # 100K, P:100K) [10] 0.000033 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000109 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-19 05:57:47 ESENT 105 General "SearchIndexer (6108,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001993 +J(0) +M(C:0K, Fs:171, WS:668K # 668K, PF:4968K # 4968K, P:4968K) [2] 0.000998 +J(0) +M(C:10240K, Fs:128, WS:508K # 508K, PF:892K # 892K, P:892K) [3] 0.000076 +J(0) +M(C:0K, Fs:15, WS:56K # 56K, PF:68K # 68K, P:68K) [4] 0.000313 +J(0) +M(C:0K, Fs:38, WS:152K # 152K, PF:220K # 220K, P:220K) [5] 0.005632 +J(0) +M(C:0K, Fs:15, WS:60K # 60K, PF:20K # 24K, P:20K) [6] 0.004695 +J(0) +M(C:0K, Fs:96, WS:380K # 380K, PF:44K # 48K, P:44K) [7] 0.004533 +J(0) +M(C:0K, Fs:280, WS:1120K # 1120K, PF:1024K # 1016K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.011915 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000032 +J(0) [15] 0.000109 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000540 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-19 05:57:47 ESENT 916 General SearchIndexer (6108,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:57:47 ESENT 102 General SearchIndexer (6108,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-19 05:57:46 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-19 05:57:42 ESENT 916 General taskhostw (2884,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:57:39 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-19 05:57:31 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 05:57:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 05:57:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 05:57:30 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-19 05:57:30 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-19 05:57:24 ESENT 916 General svchost (3572,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:57:17 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:17 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:17 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:17 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:17 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:17 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:17 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 7659568 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:16 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:15 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-19 05:57:15 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:57:15 Service1 0 None Service started successfully. Information 2017-12-19 05:57:14 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-19 05:57:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-19 05:57:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-19 05:57:08 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-19 05:57:08 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-19 05:57:06 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-19 05:57:06 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-19 05:57:05 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-19 05:57:04 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-19 05:57:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-19 05:57:03 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-19 05:57:02 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-19 05:56:32 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-19 05:56:32 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:56:32 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:56:32 MySQL 100 None "Giving 1 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:56:32 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-19 05:56:32 TV Server 0 None Service has been successfully shut down. Information 2017-12-19 05:56:29 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 28 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 652 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3084 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2156 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 8004 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 532 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3584 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 3584 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 3584 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 3584 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 3584 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 3584 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 3584 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2017-12-19 05:56:29 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-19 05:56:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-19 05:56:29 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-19 05:56:14 ESENT 916 General svchost (3444,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:56:14 ESENT 916 General DllHost (184,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:51:34 ESENT 916 General svchost (2848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 05:06:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 04:49:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T18:58:25Z. Reason: RulesEngine. Information 2017-12-19 04:05:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 03:51:06 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T18:58:06Z. Reason: RulesEngine. Information 2017-12-19 03:50:18 ESENT 916 General svchost (2848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 03:45:16 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T18:58:15Z. Reason: RulesEngine. Information 2017-12-19 03:04:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 02:03:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 01:02:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 00:01:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 23:00:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:59:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:41:55 ESENT 916 General svchost (2848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 20:58:00 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 20:13:49 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 20:08:39 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T18:57:39Z. Reason: RulesEngine. Information 2017-12-18 20:08:09 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 20:08:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 20:08:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 20:08:09 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 20:08:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 20:08:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 20:08:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 20:08:08 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 20:08:06 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 19:08" Information 2017-12-18 20:08:05 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.166.126.215:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 19:08, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 20:03:41 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T18:57:41Z. Reason: RulesEngine. Information 2017-12-18 20:03:35 TV Server 0 None Service started successfully. Information 2017-12-18 20:03:23 TV Server 0 None Service stopped successfully. Information 2017-12-18 20:01:36 TV Server 0 None Service started successfully. Information 2017-12-18 20:00:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T18:57:40Z. Reason: RulesEngine. Information 2017-12-18 20:00:09 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-18 19:59:54 ESENT 916 General svchost (2928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:59:03 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 19:59:03 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T18:58:03Z. Reason: RulesEngine. Information 2017-12-18 19:58:52 ESENT 916 General svchost (2964,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:58:40 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 19:58:34 ESENT 916 General svchost (2848,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:58:33 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/16:18:58:32;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-18 19:58:18 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 19:58:17 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 19:58:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 19:58:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 19:58:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 19:58:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 19:58:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 19:58:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 19:58:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 19:58:14 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 18:58" Information 2017-12-18 19:58:12 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.242.162.20:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 18:58, 1, 1, 259065, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 19:58:09 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 19:58:09 ESENT 326 General "SearchIndexer (6676,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 0000000E:009C:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.003186 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.024784 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000512 +J(0) [5] - [6] - [7] 0.020371 -0.001599 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:52, WS:208K # 0K, PF:660K # 0K, P:660K) [8] 0.001361 -0.000699 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:68, WS:268K # 0K, PF:260K # 128K, P:260K) [9] 0.000889 -0.000576 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000039 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000110 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 19:58:09 ESENT 105 General "SearchIndexer (6676,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.011520 +J(0) +M(C:0K, Fs:231, WS:904K # 904K, PF:5480K # 5480K, P:5480K) [2] 0.000809 +J(0) +M(C:10240K, Fs:112, WS:448K # 448K, PF:376K # 376K, P:376K) [3] 0.002595 +J(0) +M(C:0K, Fs:23, WS:84K # 84K, PF:136K # 136K, P:136K) [4] 0.000485 +J(0) +M(C:0K, Fs:36, WS:144K # 144K, PF:220K # 220K, P:220K) [5] 0.006180 +J(0) +M(C:0K, Fs:40, WS:160K # 160K, PF:24K # 32K, P:24K) [6] 0.018334 +J(0) +M(C:0K, Fs:34, WS:132K # 132K, PF:32K # 24K, P:32K) [7] 0.025705 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.011217 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:11, WS:-992K # 24K, PF:-1020K # 16K, P:-1020K) [14] 0.000043 +J(0) [15] 0.000096 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.001422 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 19:58:09 ESENT 916 General SearchIndexer (6676,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:58:09 ESENT 102 General SearchIndexer (6676,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 19:58:08 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 19:58:08 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259065)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 19:58:07 ESENT 916 General taskhostw (2900,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:58:06 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 19:58:02 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 19:58:00 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 19:58:00 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 19:58:00 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 19:58:00 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 19:57:50 ESENT 916 General svchost (2972,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:57:41 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:41 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:41 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:41 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:41 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:41 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:41 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 2877636 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 Service1 0 None Service started successfully. Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:40 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:39 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 19:57:39 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:39 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 19:57:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 19:57:38 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 19:57:37 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 19:57:37 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 19:57:36 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 19:57:34 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 19:57:33 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 19:57:33 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-18 19:57:32 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 19:57:31 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 19:57:32 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 19:57:00 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-18 19:57:00 Service1 0 None Service has been successfully shut down. Information 2017-12-18 19:57:00 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:00 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:57:00 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 19:56:58 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-18 19:56:58 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 676 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2900 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2900 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 6468 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 3552 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 3552 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 3552 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3552 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 540 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 828 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 3552 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 2692 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 7128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7128 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2172 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-18 19:56:57 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 19:56:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-18 19:56:57 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-18 19:47:52 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T18:45:17.985265800Z. Information 2017-12-18 19:47:52 MsiInstaller 1042 None Ending a Windows Installer transaction: {F8E166E4-971C-4DBD-8D06-4C360622B63A}. Client Process Id: 1488. Information 2017-12-18 19:47:52 MsiInstaller 1034 None Windows Installer removed the product. Product Name: MediaPortal 2. Product Version: 2.1.1711.10489. Product Language: 1033. Manufacturer: Team MediaPortal. Removal success or error status: 0. Information 2017-12-18 19:47:52 MsiInstaller 11724 None Product: MediaPortal 2 -- Removal completed successfully. Information 2017-12-18 19:45:17 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T18:45:17.985265800Z. Information 2017-12-18 19:45:17 MsiInstaller 1040 None Beginning a Windows Installer transaction: {F8E166E4-971C-4DBD-8D06-4C360622B63A}. Client Process Id: 1488. Information 2017-12-18 19:44:52 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:34:30 Windows Error Reporting 1001 None "Fault bucket 1955122973886307947, type 1 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: Kodi.exe P2: 17.6.0.0 P3: 5a2d50f5 P4: ntdll.dll P5: 10.0.16299.64 P6: ac8afc81 P7: c0000008 P8: 0002d078 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E35.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER27BD.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER27EA.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2858.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Kodi.exe_4c7559dd131aa7a622f2fc172ff661d2cd9bbff_f1a0da8d_18e82f1d Analysis symbol: Rechecking for solution: 0 Report Id: ea02af95-847b-4a3f-af19-25e759f0ac3f Report Status: 268435456 Hashed bucket: cd4dc583e6f8856beb21fdfc6eb2de6b" Error 2017-12-18 19:34:25 Application Error 1000 (100) "Faulting application name: Kodi.exe, version: 17.6.0.0, time stamp: 0x5a2d50f5 Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0xac8afc81 Exception code: 0xc0000008 Fault offset: 0x0002d078 Faulting process id: 0x247c Faulting application start time: 0x01d3782ecdc63665 Faulting application path: C:\Program Files (x86)\Kodi\Kodi.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: ea02af95-847b-4a3f-af19-25e759f0ac3f Faulting package full name: Faulting package-relative application ID: " Information 2017-12-18 19:34:00 ESENT 916 General svchost (2736,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:31:17 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:10:50 ESENT 916 General svchost (10896,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:10:43 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 18:33:00 ESENT 916 General svchost (2736,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 18:09:12 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 18:08:50 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 18:01:55 ESENT 325 General "Music.UI (10172,D,0) {5722B48A-1A6E-4D75-B1C9-5878B45EEB5A}: The database engine created a new database (1, C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb). (Time=0 seconds) Additional Data: lgposCreate = 00000001:0001:0268 Internal Timing Sequence: [1] 0.000327 +J(0) +M(C:0K, Fs:4, WS:12K # 0K, PF:12K # 0K, P:12K) [2] 0.000820 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [3] 0.026644 +J(0) +M(C:0K, Fs:53, WS:184K # 0K, PF:308K # 0K, P:308K) [4] 0.002877 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K) [5] 0.000433 +J(CM:0, PgRf:3, Rd:0/0, Dy:3/6, Lg:122/4) +M(C:0K, Fs:34, WS:136K # 0K, PF:172K # 0K, P:172K) [6] 0.011318 +J(CM:0, PgRf:209, Rd:0/0, Dy:12/408, Lg:24454/447) +M(C:0K, Fs:67, WS:268K # 0K, PF:316K # 0K, P:316K) [7] 0.007163 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [8] 0.000008 +J(0) [9] 0.077747 +J(CM:15, PgRf:0, Rd:0/15, Dy:0/0, Lg:0/0) +M(C:0K, Fs:514, WS:1904K # 928K, PF:468K # 0K, P:468K) [10] 0.005506 -0.000023 (1) CM +J(CM:1, PgRf:346, Rd:0/1, Dy:7/93, Lg:12509/128) +M(C:0K, Fs:82, WS:296K # 304K, PF:204K # 0K, P:204K) [11] 0.000007 +J(0)." Information 2017-12-18 18:01:55 ESENT 637 General "Music.UI (10172,D,0) {5722B48A-1A6E-4D75-B1C9-5878B45EEB5A}: New flush map file ""C:\Users\Eglobal\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm"" will be created to enable persisted lost flush detection." Information 2017-12-18 18:01:55 ESENT 105 General "Music.UI (10172,D,0) {5722B48A-1A6E-4D75-B1C9-5878B45EEB5A}: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.009795 +J(0) +M(C:0K, Fs:320, WS:1252K # 1252K, PF:3064K # 3064K, P:3064K) [2] 0.000662 +J(0) +M(C:16K, Fs:115, WS:460K # 460K, PF:340K # 340K, P:340K) [3] 0.000035 +J(0) +M(C:0K, Fs:2, WS:8K # 8K, PF:68K # 68K, P:68K) [4] 0.000296 +J(0) +M(C:112K, Fs:37, WS:144K # 144K, PF:184K # 184K, P:184K) [5] 0.016326 +J(0) +M(C:0K, Fs:209, WS:828K # 828K, PF:100K # 100K, P:100K) [6] 0.005274 +J(0) +M(C:0K, Fs:96, WS:380K # 380K, PF:40K # 48K, P:40K) [7] - [8] - [9] - [10] - [11] - [12] - [13] 0.092282 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:2449, WS:7356K # 9372K, PF:2232K # 4272K, P:2232K) [14] 0.000036 +J(0) [15] 0.000094 +J(0) +M(C:0K, Fs:18, WS:68K # 0K, PF:72K # 0K, P:72K) [16] 0.023783 +J(0) +M(C:0K, Fs:42, WS:152K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 18:01:54 ESENT 916 General Music.UI (10172,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 18:01:54 ESENT 102 General Music.UI (10172,P,0) {5722B48A-1A6E-4D75-B1C9-5878B45EEB5A}: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 17:54:42 ESENT 916 General DllHost (6020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:54:14 ESENT 916 General MicrosoftEdge (5296,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:43:35 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T16:42:35Z. Reason: RulesEngine. Information 2017-12-18 17:43:05 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/16:16:43:04;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-18 17:42:55 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 17:42:55 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 17:42:55 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 17:42:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:42:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:42:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:42:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:42:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:42:54 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:42:52 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 16:42" Information 2017-12-18 17:42:51 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.219.18.66:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 16:42, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 17:40:04 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 17:39:46 ESENT 916 General DllHost (6020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:39:27 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T16:39:27.035157100Z. Information 2017-12-18 17:39:27 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T16:39:27.035157100Z. Information 2017-12-18 17:39:23 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T16:39:23.615114900Z. Information 2017-12-18 17:39:23 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T16:39:23.615114900Z. Information 2017-12-18 17:38:48 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T16:38:48.063964400Z. Information 2017-12-18 17:38:48 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T16:38:48.063964400Z. Information 2017-12-18 17:37:12 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T16:37:12.733427300Z. Information 2017-12-18 17:37:12 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T16:37:12.733427300Z. Information 2017-12-18 17:36:09 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:09Z. Reason: RulesEngine. Information 2017-12-18 17:35:22 ESENT 916 General svchost (3552,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:34:57 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:57Z. Reason: RulesEngine. Information 2017-12-18 17:34:26 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-18 17:33:38 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 17:33:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:38Z. Reason: RulesEngine. Information 2017-12-18 17:33:19 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:33:07 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:33:04 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 16:33" Information 2017-12-18 17:33:02 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.114.190.126:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 16:33, 1, 1, 259190, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 17:33:01 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 17:32:59 ESENT 326 General "SearchIndexer (6888,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000008:00E2:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001137 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.034668 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:20K # 0K, P:20K) [4] 0.000531 +J(0) [5] - [6] - [7] 0.059185 -0.001621 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:104K # 0K, PF:512K # 0K, P:512K) [8] 0.001278 -0.000800 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.001095 -0.000750 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000038 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000106 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 17:32:59 ESENT 105 General "SearchIndexer (6888,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000008:00D0:0000 - 00000008:00E0:0000 - 00000000:0000:0000 - 00000008:00E0:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.005563 +J(0) +M(C:0K, Fs:213, WS:836K # 836K, PF:5460K # 5460K, P:5460K) [2] 0.000660 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.002076 +J(0) +M(C:0K, Fs:23, WS:88K # 88K, PF:76K # 76K, P:76K) [4] 0.000318 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:224K # 224K, P:224K) [5] 0.022236 +J(0) +M(C:0K, Fs:64, WS:256K # 256K, PF:36K # 44K, P:36K) [6] 0.004675 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 12K, P:20K) [7] 0.046447 +J(0) +M(C:0K, Fs:281, WS:1124K # 1124K, PF:1036K # 1036K, P:1036K) [8] 0.204741 -0.014786 (16) CM +J(CM:16, PgRf:73, Rd:0/16, Dy:16/130, Lg:899155/5803) +M(C:0K, Fs:978, WS:2016K # 2016K, PF:1820K # 1820K, P:1820K) [9] - [10] 0.002093 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000077 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.042592 -0.000015 (16) CM +J(CM:16, PgRf:0, Rd:0/16, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.071873 -0.001639 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:307, WS:-1304K # 0K, PF:-572K # 0K, P:-572K) [14] 0.000037 +J(0) [15] 0.000052 +J(0) [16] 0.000642 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 17:32:59 ESENT 302 Logging/Recovery SearchIndexer (6888,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-18 17:32:59 ESENT 301 Logging/Recovery "SearchIndexer (6888,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-18 17:32:59 ESENT 300 Logging/Recovery SearchIndexer (6888,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-18 17:32:59 ESENT 916 General SearchIndexer (6888,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:32:59 ESENT 102 General SearchIndexer (6888,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 17:32:56 ESENT 916 General taskhostw (3240,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:32:50 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 17:32:50 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259190)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 17:32:49 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 17:32:48 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 17:32:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:32:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:32:41 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:32:41 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 17:32:37 ESENT 916 General taskhostw (3240,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:32:35 ESENT 916 General svchost (2748,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:32:26 ESENT 916 General svchost (2736,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:32:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 17:32:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 17:32:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 17:32:20 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:20 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 2877626 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 Service1 0 None Service started successfully. Information 2017-12-18 17:32:19 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:19 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: The log sequence numbers 2876176 and 2876176 in ibdata files do not match the log sequence number 2877626 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:18 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 17:32:18 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:32:17 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 17:32:17 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 17:32:15 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 17:32:12 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 17:32:11 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 17:32:10 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 17:32:09 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 17:28:45 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T16:28:45.400472000Z. Information 2017-12-18 17:28:45 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T16:28:45.400472000Z. Information 2017-12-18 17:27:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:25Z. Reason: RulesEngine. Information 2017-12-18 17:26:37 ESENT 916 General svchost (4504,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:24:16 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:16Z. Reason: RulesEngine. Information 2017-12-18 17:23:44 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Error 2017-12-18 17:23:24 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1720 Start Time: 01d3781c515fb32e Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: a036aecf-4db8-4c34-978b-fc70dbe98eb3 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-18 17:23:24 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER22A.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER248.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A7.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_233a07b6 Analysis symbol: Rechecking for solution: 0 Report Id: a036aecf-4db8-4c34-978b-fc70dbe98eb3 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2017-12-18 17:23:21 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-18 17:23:17 ESENT 916 General svchost (3684,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:23:01 ESENT 916 General DllHost (6084,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:22:59 ESENT 916 General MicrosoftEdge (3220,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:22:44 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 17:22:44 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:44Z. Reason: RulesEngine. Information 2017-12-18 17:22:32 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 17:22:14 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 17:22:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 17:22:14 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:22:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:22:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:22:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:22:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:22:13 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:22:11 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 16:22" Information 2017-12-18 17:22:09 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.246.144.148:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 16:22, 1, 1, 259192, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 17:22:02 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 17:22:01 ESENT 326 General "SearchIndexer (1372,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000008:00D1:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.004940 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.053600 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000515 +J(0) [5] - [6] - [7] 0.032519 -0.001560 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:54, WS:212K # 0K, PF:664K # 0K, P:664K) [8] 0.002430 -0.001968 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 128K, P:256K) [9] 0.000926 -0.000593 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000034 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 17:22:01 ESENT 105 General "SearchIndexer (1372,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.010310 +J(0) +M(C:0K, Fs:240, WS:936K # 936K, PF:5476K # 5476K, P:5476K) [2] 0.000899 +J(0) +M(C:10240K, Fs:102, WS:408K # 408K, PF:384K # 384K, P:384K) [3] 0.006894 +J(0) +M(C:0K, Fs:10, WS:36K # 36K, PF:68K # 68K, P:68K) [4] 0.000377 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.020346 +J(0) +M(C:0K, Fs:59, WS:236K # 236K, PF:80K # 84K, P:80K) [6] 0.005336 +J(0) +M(C:0K, Fs:31, WS:120K # 120K, PF:32K # 28K, P:32K) [7] 0.015132 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.005843 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:11, WS:-988K # 28K, PF:-1020K # 12K, P:-1020K) [14] 0.000030 +J(0) [15] 0.000100 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.000538 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 17:22:01 ESENT 916 General SearchIndexer (1372,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:22:01 ESENT 102 General SearchIndexer (1372,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 17:22:01 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 17:22:00 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259192)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 17:22:00 ESENT 916 General taskhostw (2808,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:21:59 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 17:21:57 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 17:21:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:21:52 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:21:51 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:21:51 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 17:21:49 ESENT 916 General svchost (3744,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:21:34 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:34 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:34 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:33 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:33 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:33 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:33 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 2876176 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:33 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:33 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 Service1 0 None Service started successfully. Information 2017-12-18 17:21:32 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 17:21:32 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:21:32 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 17:21:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 17:21:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 17:21:26 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 17:21:26 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 17:21:24 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 17:21:24 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 17:21:24 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 17:21:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 17:21:21 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 17:21:22 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 17:20:52 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-18 17:20:51 MySQL 100 None "Shutting down slave threads For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:20:51 MySQL 100 None "Event Scheduler: Purging the queue. 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:20:51 MySQL 100 None "Giving 0 client threads a chance to die gracefully For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:20:51 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: Normal shutdown For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:20:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-18 17:20:49 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 50 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 3184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3316 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 3316 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 672 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 604 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 4156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 4156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 540 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 3316 (\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Avg\AWL\Nag Process 832 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 4156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 3132 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 8064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 8064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 8064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 8064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 3184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 8064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 8064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 8064 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2124 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-18 17:20:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 17:20:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-18 17:20:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-18 17:15:55 ESENT 916 General DllHost (12792,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:13:48 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:48Z. Reason: RulesEngine. Information 2017-12-18 17:13:18 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 17:13:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 17:13:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:13:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:13:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:13:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:13:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:13:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:13:15 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 16:13" Information 2017-12-18 17:13:13 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.54.16.170:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 16:13, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 17:12:00 ESENT 916 General MicrosoftEdge (4928,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:08:59 TV Server 0 None Service stopped successfully. Information 2017-12-18 17:08:18 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:17Z. Reason: RulesEngine. Information 2017-12-18 17:07:32 ESENT 916 General svchost (4156,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:05:34 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:33Z. Reason: RulesEngine. Information 2017-12-18 17:05:02 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-18 17:04:46 TV Server 0 None Service started successfully. Information 2017-12-18 17:04:32 TV Server 0 None Service stopped successfully. Information 2017-12-18 17:03:55 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 17:03:55 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:55Z. Reason: RulesEngine. Information 2017-12-18 17:03:50 ESENT 916 General svchost (3096,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:03:36 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 17:03:28 TV Server 0 None Service started successfully. Information 2017-12-18 17:03:24 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 17:03:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 17:03:24 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 17:03:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:03:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:03:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:03:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:03:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:03:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 17:03:23 ESENT 326 General "SearchIndexer (7608,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000008:004D:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001020 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.028892 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:14, WS:24K # 0K, PF:20K # 0K, P:20K) [4] 0.000527 +J(0) [5] - [6] - [7] 0.037245 -0.001525 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:17, WS:68K # 0K, PF:512K # 0K, P:512K) [8] 0.001251 -0.000801 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:224K # 0K, P:224K) [9] 0.000999 -0.000643 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:32K # 0K, P:32K) [10] 0.000048 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000113 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 17:03:23 ESENT 105 General "SearchIndexer (7608,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000007:0097:0000 - 00000008:0001:0000 - 00000008:004B:0000 - 00000008:004B:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.008263 +J(0) +M(C:0K, Fs:258, WS:1016K # 1016K, PF:5464K # 5472K, P:5464K) [2] 0.000840 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 380K, P:388K) [3] 0.000949 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000250 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.017961 +J(0) +M(C:0K, Fs:16, WS:64K # 64K, PF:24K # 24K, P:24K) [6] 0.004982 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.010069 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] 0.196991 -0.027654 (36) CM +J(CM:36, PgRf:1301, Rd:11/36, Dy:36/2679, Lg:1024944/8174) +M(C:0K, Fs:1454, WS:3072K # 3092K, PF:3040K # 3040K, P:3040K) + 1 lgens [9] 0.042970 -0.000240 (11) CM +J(CM:11, PgRf:340, Rd:0/11, Dy:11/690, Lg:299511/1220) +M(C:0K, Fs:129, WS:480K # 460K, PF:0K # 36K, P:0K) [10] 0.003159 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000220 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.081807 -0.000017 (47) CM +J(CM:47, PgRf:0, Rd:0/47, Dy:0/0, Lg:0/0) +M(C:0K, Fs:264, WS:12K # 0K, PF:8K # 0K, P:8K) [13] 0.067415 -0.001786 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:304, WS:-2332K # 0K, PF:-1584K # 0K, P:-1584K) [14] 0.000033 +J(0) [15] 0.000046 +J(0) [16] 0.000528 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 17:03:23 ESENT 302 Logging/Recovery SearchIndexer (7608,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-18 17:03:23 ESENT 301 Logging/Recovery "SearchIndexer (7608,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.186828 -0.027654 (36) CM +J(CM:36, PgRf:1301, Rd:11/36, Dy:36/2679, Lg:1024944/8174) +M(C:0K, Fs:1193, WS:2132K # 2056K, PF:2212K # 2116K, P:2212K)." Information 2017-12-18 17:03:22 ESENT 301 Logging/Recovery "SearchIndexer (7608,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00007.jtx. Previous Log Processing Stats: " Information 2017-12-18 17:03:22 ESENT 300 Logging/Recovery SearchIndexer (7608,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-18 17:03:22 ESENT 916 General SearchIndexer (7608,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:03:22 ESENT 102 General SearchIndexer (7608,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 17:03:20 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 16:03" Information 2017-12-18 17:03:18 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.104.132.232:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 16:03, 1, 1, 259176, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 17:03:12 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 17:03:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259176)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 17:03:10 ESENT 916 General taskhostw (2932,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:03:09 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 17:03:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:03:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:03:04 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 17:03:04 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 17:03:02 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 17:02:52 ESENT 916 General svchost (3144,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:02:38 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:38 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:38 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:38 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:38 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:38 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:38 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 2853040 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:37 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:37 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: from the doublewrite buffer... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Restoring possible half-written data pages For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Reading tablespace information from the .ibd files... For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Starting crash recovery. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Database was not shutdown normally! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: The log sequence numbers 1625977 and 1625977 in ibdata files do not match the log sequence number 2853040 in the ib_logfiles! For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:36 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 17:02:35 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 17:02:35 Service1 0 None Service started successfully. Information 2017-12-18 17:02:35 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 17:02:33 ESENT 916 General taskhostw (2932,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:02:31 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 17:02:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 17:02:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 17:02:31 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 17:02:31 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 17:02:29 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 17:02:26 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 17:02:25 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-18 17:02:25 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 17:02:23 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 17:02:24 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 16:58:47 ESENT 916 General svchost (4208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:58:18 ESENT 916 General DllHost (7160,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:58:18 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-18 16:53:37 TV Server 0 None Service started successfully. Information 2017-12-18 16:52:52 MySQL 100 None "C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe: ready for connections. Version: '5.6.10' socket: '' port: 3306 MySQL Community Server (GPL) For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:52 MySQL 100 None "Event Scheduler: Loaded 0 events For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "Server socket created on IP: '::'. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None " - '::' resolves to '::'; For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "IPv6 is available. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "Server hostname (bind-address): '*'; port: 3306 For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 16:52:51 MySQL 100 None "No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 80f1df8c-e40b-11e7-a73b-00e04c68bb8b. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "InnoDB: 1.2.10 started; log sequence number 1625977 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "InnoDB: Waiting for purge to start For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "InnoDB: 128 rollback segment(s) are active. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 16:52:51 MySQL 100 None "InnoDB: New log files created, LSN=1625977 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "InnoDB: Renaming log file .\ib_logfile101 to .\ib_logfile0 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:51 MySQL 100 None "InnoDB: Setting log file .\ib_logfile1 size to 50 MB For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:50 MySQL 100 None "InnoDB: Setting log file .\ib_logfile101 size to 50 MB For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 16:52:50 MySQL 100 None "InnoDB: Starting to delete and rewrite log files. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 16:52:50 MySQL 100 None "InnoDB: Resizing redo log from 2*3072 to 2*3200 pages, LSN=1625977 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:50 MySQL 100 None "InnoDB: Highest supported file format is Barracuda. For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:49 MySQL 100 None "InnoDB: Completed initialization of buffer pool For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:49 MySQL 100 None "InnoDB: Initializing buffer pool, size = 96.0M For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:49 MySQL 100 None "InnoDB: CPU does not support crc32 instructions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:49 MySQL 100 None "InnoDB: Compressed tables use zlib 1.2.3 For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:49 MySQL 100 None "InnoDB: Mutexes and rw_locks use Windows interlocked functions For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:49 MySQL 100 None "InnoDB: The InnoDB memory heap is disabled For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:49 MySQL 100 None "Plugin 'FEDERATED' is disabled. For more information, see Help and Support Center at http://www.mysql.com. " Warning 2017-12-18 16:52:49 MySQL 100 None "TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). For more information, see Help and Support Center at http://www.mysql.com. " Information 2017-12-18 16:52:44 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:52:31.131336000Z. Information 2017-12-18 16:52:44 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\MediaPortal Installation\deploy\mysql-5.6.10-winx64.msi. Client Process Id: 3960. Information 2017-12-18 16:52:44 MsiInstaller 1033 None Windows Installer installed the product. Product Name: MySQL Server 5.6. Product Version: 5.6.10. Product Language: 1033. Manufacturer: Oracle Corporation. Installation success or error status: 0. Information 2017-12-18 16:52:44 MsiInstaller 11707 None Product: MySQL Server 5.6 -- Installation completed successfully. Information 2017-12-18 16:52:31 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:52:31.131336000Z. Information 2017-12-18 16:52:30 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\MediaPortal Installation\deploy\mysql-5.6.10-winx64.msi. Client Process Id: 3960. Error 2017-12-18 16:42:09 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Information 2017-12-18 16:39:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:31Z. Reason: RulesEngine. Information 2017-12-18 16:39:00 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 16:39:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 16:39:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:39:00 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:38:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:38:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:38:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:38:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:38:57 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 15:38" Information 2017-12-18 16:38:55 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.222.81.6:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 15:38, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 16:34:25 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <91C6D6EE3E8AC86384E548C299295C756C817B81>." Information 2017-12-18 16:33:08 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:08Z. Reason: RulesEngine. Information 2017-12-18 16:31:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:49Z. Reason: RulesEngine. Information 2017-12-18 16:31:41 ESENT 916 General svchost (4208,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:31:07 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Error 2017-12-18 16:30:17 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1810 Start Time: 01d37814e68aed6e Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 0150c031-71ea-4b2d-a3de-ebd558f90847 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-18 16:30:17 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CB.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F9.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA5.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_2d7611d8 Analysis symbol: Rechecking for solution: 0 Report Id: 0150c031-71ea-4b2d-a3de-ebd558f90847 Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2017-12-18 16:30:13 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-18 16:30:12 ESENT 916 General svchost (3624,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:29:50 ESENT 916 General DllHost (7160,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:29:48 ESENT 916 General MicrosoftEdge (6656,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:29:42 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 16:29:42 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:42Z. Reason: RulesEngine. Information 2017-12-18 16:29:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 16:29:12 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 16:29:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 16:29:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:29:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:29:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:29:11 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:29:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:29:10 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:29:07 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 15:29" Information 2017-12-18 16:29:05 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.140.84.13:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 15:29, 1, 1, 259195, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 16:29:00 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 16:28:58 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 16:28:58 ESENT 326 General "SearchIndexer (1596,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000007:0098:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001271 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.048462 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:16, WS:32K # 0K, PF:32K # 0K, P:32K) [4] 0.000537 +J(0) [5] - [6] - [7] 0.240543 -0.001562 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:104K # 0K, PF:512K # 0K, P:512K) [8] 0.001078 -0.000581 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000741 -0.000510 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [10] 0.000029 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000119 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000015 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 16:28:58 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259195)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 16:28:58 ESENT 105 General "SearchIndexer (1596,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000007:0064:0000 - 00000007:0096:0000 - 00000000:0000:0000 - 00000007:0096:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.007329 +J(0) +M(C:0K, Fs:195, WS:764K # 764K, PF:5492K # 5492K, P:5492K) [2] 0.000984 +J(0) +M(C:10240K, Fs:143, WS:568K # 568K, PF:388K # 388K, P:388K) [3] 0.002972 +J(0) +M(C:0K, Fs:28, WS:108K # 108K, PF:76K # 76K, P:76K) [4] 0.000278 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:220K # 220K, P:220K) [5] 0.017095 +J(0) +M(C:0K, Fs:67, WS:268K # 268K, PF:24K # 32K, P:24K) [6] 0.004935 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 12K, P:20K) [7] 0.010609 +J(0) +M(C:0K, Fs:280, WS:1116K # 1116K, PF:1028K # 1028K, P:1028K) [8] 0.160601 -0.020467 (20) CM +J(CM:20, PgRf:584, Rd:0/20, Dy:20/1266, Lg:599787/3799) +M(C:0K, Fs:994, WS:2116K # 2116K, PF:2112K # 2112K, P:2112K) [9] - [10] 0.002574 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000087 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.069378 -0.000010 (20) CM +J(CM:20, PgRf:0, Rd:0/20, Dy:0/0, Lg:0/0) +M(C:0K, Fs:93, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.145118 -0.028586 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:306, WS:-1428K # 0K, PF:-1452K # 0K, P:-1452K) [14] 0.000032 +J(0) [15] 0.000048 +J(0) [16] 0.000572 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 16:28:58 ESENT 302 Logging/Recovery SearchIndexer (1596,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-18 16:28:58 ESENT 301 Logging/Recovery "SearchIndexer (1596,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-18 16:28:57 ESENT 300 Logging/Recovery SearchIndexer (1596,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-18 16:28:57 ESENT 916 General SearchIndexer (1596,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:28:57 ESENT 102 General SearchIndexer (1596,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 16:28:57 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 16:28:53 ESENT 916 General taskhostw (2920,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:28:50 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 16:28:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 16:28:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 16:28:45 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 16:28:45 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 16:28:34 ESENT 916 General svchost (3612,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:28:26 Service1 0 None Service started successfully. Information 2017-12-18 16:28:26 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 16:28:21 ESENT 916 General taskhostw (2920,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:28:20 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 16:28:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 16:28:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 16:28:20 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 16:28:20 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 16:28:18 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 16:28:16 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 16:28:14 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 16:28:14 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 16:28:13 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 16:26:01 MsiInstaller 1033 None Windows Installer installed the product. Product Name: MediaPortal 2. Product Version: 2.1.1711.10489. Product Language: 1033. Manufacturer: Team MediaPortal. Installation success or error status: 0. Information 2017-12-18 16:26:01 MsiInstaller 11707 None Product: MediaPortal 2 -- Installation completed successfully. Information 2017-12-18 16:25:49 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:22:39.324119300Z. Information 2017-12-18 16:25:50 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{F8E166E4-971C-4DBD-8D06-4C360622B63A}v2.1.1711.10489\MP2-Setup.msi. Client Process Id: 5848. Information 2017-12-18 16:25:03 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T15:24:54.664910100Z. Information 2017-12-18 16:24:54 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T15:24:54.664910100Z. Information 2017-12-18 16:23:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:49Z. Reason: RulesEngine. Information 2017-12-18 16:23:17 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 16:23:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 16:23:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:23:17 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:23:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:23:16 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:23:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:23:15 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:23:08 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 15:23" Information 2017-12-18 16:23:05 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.116.80.43:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 15:23, 1, 1, 259190, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 16:22:59 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 16:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 16:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:22:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:22:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:22:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:22:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:22:57 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:22:39 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:22:39.324119300Z. Information 2017-12-18 16:22:38 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{F8E166E4-971C-4DBD-8D06-4C360622B63A}v2.1.1711.10489\MP2-Setup.msi. Client Process Id: 5848. Information 2017-12-18 16:22:15 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:22:08.285796800Z. Information 2017-12-18 16:22:15 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{65A3A964-3DC3-0100-0005-170919164736}v1.0.5.1000\Dokan_x64.msi. Client Process Id: 12116. Information 2017-12-18 16:22:15 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Dokan Library 1.0.5.1000 (x64). Product Version: 1.0.5.1000. Product Language: 1033. Manufacturer: Dokany Project. Installation success or error status: 0. Information 2017-12-18 16:22:15 MsiInstaller 11707 None Product: Dokan Library 1.0.5.1000 (x64) -- Installation completed successfully. Information 2017-12-18 16:22:11 ESENT 916 General svchost (3160,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:22:08 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:22:08.285796800Z. Information 2017-12-18 16:22:07 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{65A3A964-3DC3-0100-0005-170919164736}v1.0.5.1000\Dokan_x64.msi. Client Process Id: 12116. Information 2017-12-18 16:22:06 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:22:03.178019100Z. Information 2017-12-18 16:22:06 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:22:02.383311100Z. Information 2017-12-18 16:22:06 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{F20396E5-D84E-3505-A7A8-7358F0155F6C}v14.0.24212\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi. Client Process Id: 11308. Information 2017-12-18 16:22:06 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212. Product Version: 14.0.24212. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:22:06 MsiInstaller 11707 None Product: Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212 -- Installation completed successfully. Information 2017-12-18 16:22:03 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:22:03.178019100Z. Information 2017-12-18 16:22:02 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:22:02.383311100Z. Information 2017-12-18 16:22:02 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:21:59.684690100Z. Information 2017-12-18 16:22:02 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:21:59.287316800Z. Information 2017-12-18 16:22:02 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{F20396E5-D84E-3505-A7A8-7358F0155F6C}v14.0.24212\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi. Client Process Id: 11308. Information 2017-12-18 16:22:02 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{FAAD7243-0141-3987-AA2F-E56B20F80E41}v14.0.24212\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi. Client Process Id: 11308. Information 2017-12-18 16:22:02 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212. Product Version: 14.0.24212. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:22:02 MsiInstaller 11707 None Product: Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212 -- Installation completed successfully. Information 2017-12-18 16:21:59 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:21:59.684690100Z. Information 2017-12-18 16:21:59 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:21:59.287316800Z. Information 2017-12-18 16:21:59 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{FAAD7243-0141-3987-AA2F-E56B20F80E41}v14.0.24212\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi. Client Process Id: 11308. Information 2017-12-18 16:21:26 ESENT 916 General svchost (12252,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:18:55 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:18:53.490386600Z. Information 2017-12-18 16:18:55 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}v14.0.24215\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 11312. Information 2017-12-18 16:18:55 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215. Product Version: 14.0.24215. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:18:55 MsiInstaller 11707 None Product: Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 -- Installation completed successfully. Information 2017-12-18 16:18:53 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:18:53.490386600Z. Information 2017-12-18 16:18:53 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:18:51.157257500Z. Information 2017-12-18 16:18:53 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}v14.0.24215\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 11312. Information 2017-12-18 16:18:53 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{BBF2AC74-720C-3CB3-8291-5E34039232FA}v14.0.24215\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 11312. Information 2017-12-18 16:18:53 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215. Product Version: 14.0.24215. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:18:53 MsiInstaller 11707 None Product: Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 -- Installation completed successfully. Information 2017-12-18 16:18:51 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:18:51.157257500Z. Information 2017-12-18 16:18:51 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{BBF2AC74-720C-3CB3-8291-5E34039232FA}v14.0.24215\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 11312. Information 2017-12-18 16:18:48 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:18:46.338377700Z. Information 2017-12-18 16:18:48 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 10808. Information 2017-12-18 16:18:48 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005. Product Version: 12.0.21005. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:18:48 MsiInstaller 11707 None Product: Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 -- Installation completed successfully. Information 2017-12-18 16:18:46 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:18:46.338377700Z. Information 2017-12-18 16:18:46 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:18:44.825956800Z. Information 2017-12-18 16:18:46 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 10808. Information 2017-12-18 16:18:46 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 10808. Information 2017-12-18 16:18:46 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005. Product Version: 12.0.21005. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:18:46 MsiInstaller 11707 None Product: Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 -- Installation completed successfully. Information 2017-12-18 16:18:44 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:18:44.825956800Z. Information 2017-12-18 16:18:44 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 10808. Information 2017-12-18 16:18:40 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:18:38.347274000Z. Information 2017-12-18 16:18:40 MsiInstaller 1042 None Ending a Windows Installer transaction: d:\923c5deb9e3d0672559081\vc_red.msi. Client Process Id: 8132. Information 2017-12-18 16:18:40 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319. Product Version: 10.0.30319. Product Language: 0. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:18:40 MsiInstaller 11707 None Product: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 -- Installation completed successfully. Information 2017-12-18 16:18:38 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:18:38.347274000Z. Information 2017-12-18 16:18:38 MsiInstaller 1040 None Beginning a Windows Installer transaction: d:\923c5deb9e3d0672559081\vc_red.msi. Client Process Id: 8132. Information 2017-12-18 16:18:33 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T15:18:24.345794900Z. Information 2017-12-18 16:18:33 MsiInstaller 1042 None Ending a Windows Installer transaction: d:\1848bc76c3a4933619\vc_red.msi. Client Process Id: 10800. Information 2017-12-18 16:18:33 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17. Product Version: 9.0.30729. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 16:18:33 MsiInstaller 11707 None Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 -- Installation completed successfully. Information 2017-12-18 16:18:24 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T15:18:24.345794900Z. Information 2017-12-18 16:18:23 MsiInstaller 1040 None Beginning a Windows Installer transaction: d:\1848bc76c3a4933619\vc_red.msi. Client Process Id: 10800. Information 2017-12-18 16:18:16 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <47BEABC922EAE80E78783462A79F45C254FDE68B>." Information 2017-12-18 16:18:12 System Restore 8195 None System Restore has been disabled (Process = C:\Users\Eglobal\AppData\Local\Temp\{6CF1801B-FADB-4A60-8570-9F731D93AB80}\.be\MP2-Setup.exe -q -burn.elevated BurnPipe.{8AFA799E-9CDA-4FD9-B349-D1D7929408CF} {179EEBB4-2B85-49F4-A37F-83D6BF6393F2} 11740; Volume = ). Information 2017-12-18 16:16:52 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: ." Information 2017-12-18 16:16:52 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: ." Information 2017-12-18 16:16:49 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:49Z. Reason: RulesEngine. Information 2017-12-18 16:15:42 ESENT 916 General svchost (4084,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:15:37 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:36Z. Reason: RulesEngine. Information 2017-12-18 16:15:03 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-18 16:14:15 ESENT 916 General MicrosoftEdge (8116,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:13:33 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 16:13:33 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:33Z. Reason: RulesEngine. Information 2017-12-18 16:13:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 16:13:25 ESENT 916 General svchost (3160,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:13:03 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 16:13:03 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 16:13:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:13:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:13:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:13:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:13:02 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:13:01 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:13:00 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 16:12:59 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 15:12" Information 2017-12-18 16:12:59 ESENT 326 General "SearchIndexer (5416,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000007:0065:0268 Internal Timing Sequence: [1] 0.000010 +J(0) [2] 0.001048 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.031720 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:13, WS:20K # 0K, PF:20K # 0K, P:20K) [4] 0.000537 +J(0) [5] - [6] - [7] 0.124344 -0.001587 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 0K, PF:552K # 0K, P:552K) [8] 0.001266 -0.000803 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:224K # 0K, P:224K) [9] 0.000950 -0.000606 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 0K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 16:12:58 ESENT 105 General "SearchIndexer (5416,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000007:0030:0000 - 00000007:0063:0000 - 00000000:0000:0000 - 00000007:0063:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.012676 +J(0) +M(C:0K, Fs:249, WS:980K # 980K, PF:5548K # 5548K, P:5548K) [2] 0.000673 +J(0) +M(C:10240K, Fs:100, WS:400K # 400K, PF:376K # 376K, P:376K) [3] 0.123342 +J(0) +M(C:0K, Fs:36, WS:144K # 144K, PF:68K # 76K, P:68K) [4] 0.000238 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:228K # 220K, P:228K) [5] 0.006660 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004707 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.038384 +J(0) +M(C:0K, Fs:282, WS:1124K # 1124K, PF:1040K # 1040K, P:1040K) [8] 0.185595 -0.012980 (18) CM +J(CM:18, PgRf:467, Rd:0/18, Dy:18/1026, Lg:393098/1955) +M(C:0K, Fs:756, WS:2012K # 2012K, PF:1844K # 1844K, P:1844K) [9] - [10] 0.002202 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000081 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [12] 0.087803 -0.000008 (18) CM +J(CM:18, PgRf:0, Rd:0/18, Dy:0/0, Lg:0/0) +M(C:0K, Fs:82, WS:8K # 0K, PF:0K # 0K, P:0K) [13] 0.080848 -0.001241 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:308, WS:-1360K # 0K, PF:-1376K # 0K, P:-1376K) [14] 0.000036 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [15] 0.000048 +J(0) [16] 0.000519 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 16:12:58 ESENT 302 Logging/Recovery SearchIndexer (5416,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-18 16:12:58 ESENT 301 Logging/Recovery "SearchIndexer (5416,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: " Information 2017-12-18 16:12:58 ESENT 300 Logging/Recovery SearchIndexer (5416,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-18 16:12:58 ESENT 916 General SearchIndexer (5416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:12:58 ESENT 102 General SearchIndexer (5416,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 16:12:58 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.209.15.159:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 15:12, 1, 1, 259193, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 16:12:52 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 16:12:52 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259194)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 16:12:51 ESENT 916 General taskhostw (2948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:12:50 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 16:12:49 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 16:12:46 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 16:12:46 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 16:12:46 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 16:12:46 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 16:12:37 ESENT 916 General svchost (3188,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:12:27 Service1 0 None Service started successfully. Information 2017-12-18 16:12:27 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 16:12:26 ESENT 916 General taskhostw (2948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:12:24 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 16:12:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 16:12:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 16:12:24 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 16:12:24 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 16:12:22 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 16:12:19 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 16:12:18 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 16:12:18 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 16:12:17 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 16:09:29 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-18 16:06:30 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:30Z. Reason: RulesEngine. Information 2017-12-18 16:06:10 VSS 8224 None The VSS service is shutting down due to idle timeout. Information 2017-12-18 16:05:59 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 16:05:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 16:05:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:05:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:05:59 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:05:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:05:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:05:58 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:05:54 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 15:05" Information 2017-12-18 16:05:53 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.217.95.101:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 15:05, 1, 1, 259190, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 16:02:28 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:28Z. Reason: RulesEngine. Error 2017-12-18 16:01:30 Application Hang 1002 (101) "The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 16b0 Start Time: 01d378103419d843 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 4ba84dad-8ac0-4c88-9bc8-de1fe21b656e Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App " Information 2017-12-18 16:01:30 Windows Error Reporting 1001 None "Fault bucket 133556577791, type 5 Event Name: MoAppHang Response: Not available Cab Id: 0 Problem signature: P1: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy P2: praid:App P3: 10.0.16299.15 P4: 59cda974 P5: ab9b P6: 2097152 P7: P8: P9: P10: Attached files: triagedump.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5131.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER517E.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER523A.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_e35dbb6b506e88c4f0f7a4a950e5aaad6f7f4351_0ad30128_1dd65900 Analysis symbol: Rechecking for solution: 0 Report Id: 4ba84dad-8ac0-4c88-9bc8-de1fe21b656e Report Status: 268435456 Hashed bucket: 43a00c1b815b0614b2b86bc70e701302" Error 2017-12-18 16:01:25 Microsoft-Windows-Immersive-Shell 2484 (2400) Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Information 2017-12-18 16:01:04 ESENT 916 General MicrosoftEdge (7176,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:00:24 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 16:00:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 16:00:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:00:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:00:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:00:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:00:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:00:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 16:00:10 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T14:59:41.776658800Z. Information 2017-12-18 16:00:10 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Windows\Temp\AvgSetup\2f8205ad-da1e-47ce-984f-9918f159f9df\install\tu\tuneup_x64.msi. Client Process Id: 928. Information 2017-12-18 16:00:10 MsiInstaller 1033 None Windows Installer installed the product. Product Name: AVG PC TuneUp. Product Version: 16.76.2. Product Language: 0. Manufacturer: AVG Technologies. Installation success or error status: 0. Information 2017-12-18 16:00:10 MsiInstaller 11707 None Product: AVG PC TuneUp -- Installation completed successfully. Information 2017-12-18 16:00:10 ESENT 916 General svchost (6284,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:59:41 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T14:59:41.776658800Z. Information 2017-12-18 15:59:40 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Windows\Temp\AvgSetup\2f8205ad-da1e-47ce-984f-9918f159f9df\install\tu\tuneup_x64.msi. Client Process Id: 928. Information 2017-12-18 15:57:31 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:31Z. Reason: RulesEngine. Information 2017-12-18 15:57:00 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-18 15:56:58 ESENT 916 General svchost (3040,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:55:58 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 15:55:58 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:58Z. Reason: RulesEngine. Information 2017-12-18 15:55:55 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 15:55:28 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 15:55:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 15:55:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:55:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:55:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:55:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:55:27 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:55:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:55:25 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 14:55" Information 2017-12-18 15:55:23 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.96.133.230:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 14:55, 1, 1, 259193, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 15:55:19 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 15:55:18 ESENT 326 General "SearchIndexer (6292,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000007:0031:0268 Internal Timing Sequence: [1] 0.000007 +J(0) [2] 0.004427 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.022903 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:44, WS:132K # 0K, PF:148K # 0K, P:148K) [4] 0.000511 +J(0) [5] - [6] - [7] 0.029387 -0.001576 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:55, WS:220K # 0K, PF:660K # 0K, P:660K) [8] 0.001269 -0.000803 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:67, WS:268K # 0K, PF:256K # 136K, P:256K) [9] 0.000892 -0.000560 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:44K # 0K, PF:96K # 96K, P:96K) [10] 0.000035 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000003 +J(0) [13] 0.0 +J(0) [14] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 15:55:18 ESENT 105 General "SearchIndexer (6292,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.007385 +J(0) +M(C:0K, Fs:220, WS:864K # 864K, PF:5472K # 5464K, P:5472K) [2] 0.000736 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.004656 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000326 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.005754 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:20K # 20K, P:20K) [6] 0.004354 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.022775 +J(0) +M(C:0K, Fs:279, WS:1116K # 1116K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.005230 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K) [14] 0.000030 +J(0) [15] 0.000102 +J(0) +M(C:0K, Fs:32, WS:128K # 0K, PF:64K # 0K, P:64K) [16] 0.002445 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 15:55:18 ESENT 916 General SearchIndexer (6292,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:55:18 ESENT 102 General SearchIndexer (6292,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 15:55:17 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 15:55:17 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259193)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 15:55:15 ESENT 916 General taskhostw (2748,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:55:15 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 15:55:14 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 15:55:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 15:55:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 15:55:10 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 15:55:10 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 15:55:06 ESENT 916 General svchost (3720,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:55:03 ESENT 916 General svchost (3760,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:54:55 Service1 0 None Service started successfully. Information 2017-12-18 15:54:54 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 15:54:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 15:54:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 15:54:48 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 15:54:48 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 15:54:47 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 15:54:46 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 15:54:46 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 15:54:44 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 15:54:43 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 15:54:44 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 15:54:14 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-18 15:54:13 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes: Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\CA Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Root Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\trust Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Software\Microsoft\SystemCertificates\Disallowed Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root " Information 2017-12-18 15:54:13 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 34 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 664 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001 Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\CA Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Parents Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\trust Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CloudContent Process 6748 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Main Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Root Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\Disallowed Process 532 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\System\GameConfigStore\Children Process 2768 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Internet Explorer\Security Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 7092 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2192 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Microsoft\SystemCertificates\SmartCardRoot " Information 2017-12-18 15:54:13 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 15:54:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-18 15:54:13 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-18 15:48:57 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T14:48:18.783044400Z. Information 2017-12-18 15:48:18 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T14:48:18.783044400Z. Information 2017-12-18 15:48:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:00Z. Reason: RulesEngine. Information 2017-12-18 15:47:29 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 15:47:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 15:47:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:47:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:47:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:47:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:47:29 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:47:28 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:47:27 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 14:47" Information 2017-12-18 15:47:26 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.227.14.66:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 14:47, 1, 1, 259197, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 15:45:46 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:45Z. Reason: RulesEngine. Information 2017-12-18 15:44:52 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:52Z. Reason: RulesEngine. Information 2017-12-18 15:44:22 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 15:44:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 15:44:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:44:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:44:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:44:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:44:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:44:21 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:44:19 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 14:44" Information 2017-12-18 15:44:18 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.204.177.234:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 14:44, 1, 1, 259190, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 15:44:14 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0xC002001B, 0x00000000, 10.234.228.31:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 14:44, 1, 1, 259191, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-18 15:43:57 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:33:57Z. Reason: RulesEngine. Information 2017-12-18 15:35:14 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2018-01-17T14:34:14Z. Reason: RulesEngine. Information 2017-12-18 15:34:44 Microsoft-Windows-Security-SPP 8197 None "SLUI.exe was launched with the following command-line parameters: RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;Trigger=TimerEvent" Information 2017-12-18 15:34:44 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/06/16:14:34:42;LastConsumptionReason=0x4004f040;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-18 15:34:39 Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2017‎-‎12‎-‎18T23:32:04.194157000Z. Information 2017-12-18 15:34:37 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 15:34:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 15:34:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:37 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:36 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:30 Microsoft-Windows-Security-SPP 12304 None Successfully acquired genuine ticket for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Information 2017-12-18 15:34:29 Microsoft-Windows-Security-SPP 20489 None "Genuine validation data collection ended. " Information 2017-12-18 15:34:25 Microsoft-Windows-Security-SPP 20482 None "Health check passed. " Information 2017-12-18 15:34:23 Microsoft-Windows-Security-SPP 20481 None "Health check initiated. " Information 2017-12-18 15:34:21 Microsoft-Windows-Security-SPP 20488 None "Genuine validation data collection started. " Information 2017-12-18 15:34:20 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 259200)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 15:34:19 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 15:34:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 15:34:19 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:18 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 15:34:15 Microsoft-Windows-Security-SPP 12289 None "The client has processed an activation response from the key management service machine. Info: 0x00000000, 0x00000000, 1, 0, 50, 43200, 43200, 2017/12/18 14:34" Information 2017-12-18 15:34:14 Microsoft-Windows-Security-SPP 12288 None "The client has sent an activation request to the key management service machine. Info: 0x00000000, 0x00000000, 10.172.101.208:1688, 569e8813-4d08-433e-a4e1-8492b40d8c7a, 2017/12/18 14:34, 1, 1, 21705, 73111121-5638-40f6-bc11-f1d7b0d64300, 25" Information 2017-12-19 00:32:04 Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2017‎-‎12‎-‎18T23:32:04.194157000Z. Information 2017-12-19 00:29:28 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: ." Information 2017-12-19 00:25:37 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-19 00:24:53 Windows Error Reporting 1001 None "Fault bucket 1613196643909824620, type 5 Event Name: SkyDriveClientError Response: Not available Cab Id: 0 Problem signature: P1: OneDrive.exe P2: 17.3.7131.1115 P3: OneDrive.exe P4: 17.3.7131.1115 P5: 0x80004005 P6: WatsonFaultCategory::Instrumentation P7: instrumentation.cpp P8: 70 P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Microsoft\OneDrive\logs\Personal\TraceCurrent.7131.1115.etl \\?\C:\Users\Eglobal\AppData\Local\Microsoft\OneDrive\logs\Personal\TraceArchive.7131.1115-1.etl \\?\C:\Users\Eglobal\AppData\Local\Microsoft\OneDrive\logs\Personal\TraceArchive.6816.0313-0.etl \\?\C:\Users\Eglobal\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-12-18.2015.7124.1.aodl \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FC7.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5073.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER50F1.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_OneDrive.exe_32563bc059c61edb1089a8fc212a769f39b80d6_00000000_21fa55c2 Analysis symbol: Rechecking for solution: 0 Report Id: febf0906-bd69-4daf-a77d-5fef107e1a16 Report Status: 268435456 Hashed bucket: b45064938c09a6fd566339ccf118f06c" Information 2017-12-19 00:24:51 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: SkyDriveClientError Response: Not available Cab Id: 0 Problem signature: P1: OneDrive.exe P2: 17.3.7131.1115 P3: OneDrive.exe P4: 17.3.7131.1115 P5: 0x80004005 P6: WatsonFaultCategory::Instrumentation P7: instrumentation.cpp P8: 70 P9: P10: Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: febf0906-bd69-4daf-a77d-5fef107e1a16 Report Status: 1074003968 Hashed bucket: " Information 2017-12-19 00:24:25 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2017-12-19 00:24:24 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_SNOOZED. Information 2017-12-19 00:23:36 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: ." Information 2017-12-19 00:23:36 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: ." Information 2017-12-19 00:20:12 ESENT 916 General svchost (1844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-19 00:17:00 ESENT 916 General svchost (2776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 23:16:00 ESENT 916 General svchost (2776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 22:15:00 ESENT 916 General svchost (2776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:37:29 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 21:30:33 ESENT 916 General DllHost (5948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:29:56 ESENT 916 General svchost (5768,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:29:52 Windows Error Reporting 1001 None "Fault bucket 1443562299247866005, type 5 Event Name: RADAR_PRE_LEAK_64 Response: Not available Cab Id: 0 Problem signature: P1: chrome.exe P2: 63.0.3239.108 P3: 10.0.16299.2.0.0 P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\Users\Eglobal\AppData\Local\Temp\RDREFF.tmp\empty.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF00.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF7C.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER100A.tmp.txt These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: e1b84a5c-5dee-42e7-8bc0-282997db743c Report Status: 268435456 Hashed bucket: 621b9eca8dcf9b9c3408904349d0b095" Information 2017-12-18 21:20:49 ESENT 916 General MicrosoftEdge (6568,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:18:25 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T20:15:25Z. Reason: RulesEngine. Information 2017-12-18 21:17:59 ESENT 916 General DllHost (5948,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:17:20 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T20:15:20Z. Reason: RulesEngine. Information 2017-12-18 21:16:48 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:" Information 2017-12-18 21:16:47 ESENT 916 General svchost (6136,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:16:36 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 21:16:36 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T20:15:36Z. Reason: RulesEngine. Error 2017-12-18 21:16:06 Microsoft-Windows-Security-SPP 8198 None "License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable" Information 2017-12-18 21:16:05 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21363)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 21:16:05 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21363)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Error 2017-12-18 21:16:03 Microsoft-Windows-Security-SPP 8198 None "License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1" Information 2017-12-18 21:16:02 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21363)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 21:16:02 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21363)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 21:15:56 ESENT 916 General svchost (2068,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:15:54 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/01/02:16:18:53;LastConsumptionReason=0x4004f040;LastNotificationId=VolumeRenewalRequired;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-18 21:15:48 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 21:15:44 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 21:15:44 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 21:15:28 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 21:15:27 ESENT 326 General "SearchIndexer (6240,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000006:005E:0268 Internal Timing Sequence: [1] 0.000008 +J(0) [2] 0.001040 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.060396 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:18, WS:40K # 0K, PF:56K # 0K, P:56K) [4] 0.000551 +J(0) [5] - [6] - [7] 0.043177 -0.001658 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:18, WS:72K # 0K, PF:512K # 0K, P:512K) [8] 0.001230 -0.000707 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:57, WS:224K # 0K, PF:228K # 0K, P:228K) [9] 0.000879 -0.000567 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [10] 0.000033 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [11] 0.000108 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K) [12] 0.000002 +J(0) [13] 0.000001 +J(0) [14] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)." Information 2017-12-18 21:15:27 ESENT 105 General "SearchIndexer (6240,D,0) Windows: The database engine started a new instance (0). (Time=1 seconds) Additional Data: lgposV2[] = 00000003:0001:0000 - 00000004:0001:0000 - 00000006:005C:0000 - 00000006:005C:0000 (00000000:0000:0000) Internal Timing Sequence: [1] 0.018501 +J(0) +M(C:0K, Fs:233, WS:916K # 916K, PF:5476K # 5476K, P:5476K) [2] 0.000792 +J(0) +M(C:10240K, Fs:103, WS:412K # 412K, PF:388K # 388K, P:388K) [3] 0.008140 +J(0) +M(C:0K, Fs:9, WS:32K # 32K, PF:68K # 68K, P:68K) [4] 0.000240 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:224K # 224K, P:224K) [5] 0.030909 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:20K # 20K, P:20K) [6] 0.007024 +J(0) +M(C:0K, Fs:52, WS:204K # 204K, PF:24K # 24K, P:24K) [7] 0.067881 +J(0) +M(C:0K, Fs:278, WS:1112K # 1112K, PF:1024K # 1024K, P:1024K) [8] 0.130541 -0.002259 (44) CM +J(CM:44, PgRf:1995, Rd:78/44, Dy:0/0, Lg:1025213/6191) +M(C:0K, Fs:805, WS:3092K # 3092K, PF:3980K # 3980K, P:3980K) + 1 lgens [9] 0.775412 -0.000764 (78) CM +J(CM:78, PgRf:6767, Rd:43/77, Dy:46/5205, Lg:2417948/23510) +M(C:0K, Fs:898, WS:3420K # 3420K, PF:1784K # 1816K, P:1784K) + 2 lgens [10] 0.002042 +J(0) +M(C:0K, Fs:1, WS:-1016K # 0K, PF:-1020K # 0K, P:-1020K) [11] 0.000615 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:-128K # 0K, PF:-184K # 0K, P:-184K) [12] 0.187163 -0.000026 (52) CM +J(CM:52, PgRf:0, Rd:0/52, Dy:0/0, Lg:0/0) +M(C:0K, Fs:419, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.159991 -0.007654 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:305, WS:-4664K # 0K, PF:-3920K # 0K, P:-3920K) [14] 0.000032 +J(0) [15] 0.000047 +J(0) [16] 0.000542 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 21:15:26 ESENT 302 Logging/Recovery SearchIndexer (6240,U,0) Windows: The database engine has successfully completed recovery steps. Information 2017-12-18 21:15:26 ESENT 301 Logging/Recovery "SearchIndexer (6240,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx. Previous Log Processing Stats: [1] 0.404814 -0.000109 (38) CM +J(CM:38, PgRf:3185, Rd:6/37, Dy:33/2796, Lg:1020595/10979) +M(C:0K, Fs:461, WS:1776K # 1812K, PF:524K # 524K, P:524K)." Information 2017-12-18 21:15:26 ESENT 301 Logging/Recovery "SearchIndexer (6240,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00005.jtx. Previous Log Processing Stats: [1] 0.166648 -0.000654 (34) CM +J(CM:34, PgRf:2432, Rd:37/34, Dy:0/0, Lg:1028706/8750) +M(C:0K, Fs:316, WS:1192K # 1192K, PF:1260K # 1260K, P:1260K)." Information 2017-12-18 21:15:25 ESENT 301 Logging/Recovery "SearchIndexer (6240,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00004.jtx. Previous Log Processing Stats: [1] 0.099878 -0.002259 (44) CM +J(CM:44, PgRf:1995, Rd:78/44, Dy:0/0, Lg:1025213/6191) +M(C:0K, Fs:509, WS:1988K # 1988K, PF:2972K # 2968K, P:2972K)." Information 2017-12-18 21:15:25 ESENT 301 Logging/Recovery "SearchIndexer (6240,R,0) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00003.jtx. Previous Log Processing Stats: " Information 2017-12-18 21:15:25 ESENT 300 Logging/Recovery SearchIndexer (6240,R,0) Windows: The database engine is initiating recovery steps. Information 2017-12-18 21:15:25 ESENT 916 General SearchIndexer (6240,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:15:25 ESENT 102 General SearchIndexer (6240,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 21:15:25 Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started. 10.0.16299.125" Information 2017-12-18 21:15:24 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21364)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 21:15:24 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 21:15:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 21:15:24 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 21:15:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 21:15:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 21:15:23 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 21:15:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 21:15:22 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 21:15:22 ESENT 916 General taskhostw (4128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:15:14 Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 " Information 2017-12-18 21:15:07 Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting. Parameters:TriggerStarted:6" Information 2017-12-18 21:15:05 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 21:15:05 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 21:15:05 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 21:15:04 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 21:15:01 ESENT 916 General svchost (2760,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:15:01 ESENT 916 General taskhostw (4128,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:14:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 21:14:53 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 21:14:51 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 21:14:51 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 21:14:48 ESENT 916 General svchost (2776,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 21:14:46 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 21:14:45 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 21:14:45 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 21:14:41 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 21:14:40 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 21:14:39 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 21:14:39 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Information 2017-12-18 20:56:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 19:56:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 18:55:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 17:54:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:53:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 16:14:11 ESENT 916 General svchost (9652,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:59:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 15:59:39 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 15:53:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:52:35 ESENT 916 General svchost (7876,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:39:49 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 15:35:51 .NET Runtime Optimization Service 1130 None .NET Runtime Optimization Service (4.0.30319.0) - Installed from repository: mscorlib Information 2017-12-18 15:20:20 ESENT 916 General svchost (10104,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 15:17:48 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T14:17:47.425167700Z. Information 2017-12-18 15:17:48 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}v14.0.23026\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi. Client Process Id: 9356. Information 2017-12-18 15:17:48 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026. Product Version: 14.0.23026. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 15:17:48 MsiInstaller 11707 None Product: Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 -- Installation completed successfully. Information 2017-12-18 15:17:47 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T14:17:47.425167700Z. Information 2017-12-18 15:17:47 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}v14.0.23026\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi. Client Process Id: 9356. Information 2017-12-18 15:17:47 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T14:17:46.253214000Z. Information 2017-12-18 15:17:46 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T14:17:46.253214000Z. Information 2017-12-18 15:17:47 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}v14.0.23026\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi. Client Process Id: 9356. Information 2017-12-18 15:17:47 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026. Product Version: 14.0.23026. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. Information 2017-12-18 15:17:47 MsiInstaller 11707 None Product: Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 -- Installation completed successfully. Information 2017-12-18 15:17:46 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}v14.0.23026\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi. Client Process Id: 9356. Information 2017-12-18 15:17:45 System Restore 8195 None System Restore has been disabled (Process = C:\Users\Eglobal\AppData\Local\Temp\vc2015\vcredist_x64.exe /install /quiet /norestart; Volume = ). Information 2017-12-18 15:14:44 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <85A408C09C193E5D51587DCDD61330FD8CDE37BF>. Information 2017-12-18 15:14:44 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <85A408C09C193E5D51587DCDD61330FD8CDE37BF>. Information 2017-12-18 15:14:25 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <8782C6C304353BCFD29692D2593E7D44D934FF11>. Information 2017-12-18 15:14:25 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <8782C6C304353BCFD29692D2593E7D44D934FF11>. Information 2017-12-18 15:11:18 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 15:02:35 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 15:02:35 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 15:02:30 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <2796BAE63F1801E277261BA0D77770028F20EEE4>." Information 2017-12-18 15:02:30 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <2796BAE63F1801E277261BA0D77770028F20EEE4>." Information 2017-12-18 14:58:01 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T13:58:00.623800000Z. Information 2017-12-18 14:58:00 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T13:58:00.623800000Z. Information 2017-12-18 14:58:01 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleUpdateHelper.msi. Client Process Id: 848. Information 2017-12-18 14:58:01 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Google Update Helper. Product Version: 1.3.33.7. Product Language: 1033. Manufacturer: Google Inc.. Installation success or error status: 0. Information 2017-12-18 14:58:01 MsiInstaller 11707 None Product: Google Update Helper -- Installation completed successfully. Information 2017-12-18 14:58:00 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleUpdateHelper.msi. Client Process Id: 848. Information 2017-12-18 14:55:34 Windows Error Reporting 1001 None "Fault bucket 128035578600, type 5 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAS P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER608E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER613B.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6284.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_7abf01864c6d23dda978b51d610d452f44f6e28_00000000_2268ee17 Analysis symbol: Rechecking for solution: 0 Report Id: cba528cb-0f18-42a5-83f5-777a9875c7b9 Report Status: 268435456 Hashed bucket: 5dfd70c003544890b92949ff2cf57649" Information 2017-12-18 14:55:30 Windows Error Reporting 1001 None "Fault bucket 128035578462, type 5 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAV P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER56B9.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D22.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5EE8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_54e9a1c4c75a82c7472d17c61bef3af0b89d2_00000000_2268df42 Analysis symbol: Rechecking for solution: 0 Report Id: 61fb40d2-6d1d-4f72-96e7-81279d2eb712 Report Status: 268435456 Hashed bucket: 5ae9f844feb625524d26536062232075" Information 2017-12-18 14:55:29 Windows Error Reporting 1001 None "Fault bucket 128029720187, type 5 Event Name: WinSetupDiag02 Response: Not available Cab Id: 0 Problem signature: P1: X P2: X P3: 9 P4: 0 P5: X P6: X P7: 16299 P8: X P9: X P10: X Attached files: \\?\C:\Windows\Panther\SetupAct.log \\?\C:\Windows\Panther\diagerr.xml \\?\C:\Windows\inf\setupapi.setup.log \\?\C:\Windows\inf\setupapi.dev.log \\?\C:\Windows\inf\setupapi.offline.log \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7C2.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB81F.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB84F.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_X_1561939d491aa0484a7537e6eed5cf734d6cb7b_00000000_2268dafd Analysis symbol: Rechecking for solution: 0 Report Id: ab5ad1d5-2926-4cca-96f5-a90fcc9a63a5 Report Status: 268435456 Hashed bucket: efbe6e48248ae29b97ac70142881f60f" Information 2017-12-18 14:55:27 Microsoft-Windows-RestartManager 10001 None Ending session 2 started ‎2017‎-‎12‎-‎18T13:55:27.747767800Z. Information 2017-12-18 14:55:27 Microsoft-Windows-RestartManager 10000 None Starting session 2 - ‎2017‎-‎12‎-‎18T13:55:27.747767800Z. Information 2017-12-18 14:55:14 ESENT 916 General svchost (5548,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:55:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 14:55:08 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:55:08 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:55:08 SecurityCenter 15 None Updated AVG Antivirus status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 14:55:03 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:55:03 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:55:01 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:55:01 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:54:58 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:54:58 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAS P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER608E.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER613B.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER6284.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_7abf01864c6d23dda978b51d610d452f44f6e28_00000000_cab_0d2462cf Analysis symbol: Rechecking for solution: 0 Report Id: cba528cb-0f18-42a5-83f5-777a9875c7b9 Report Status: 4 Hashed bucket: " Information 2017-12-18 14:54:58 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_OFF. Information 2017-12-18 14:54:57 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: MpTelemetry Response: Not available Cab Id: 0 Problem signature: P1: unspecified P2: HardeningTelemetry P3: HardeningTelemetryDisableAV P4: 4.12.16299.15 P5: unspecified P6: unspecified P7: unspecified P8: P9: P10: Attached files: \\?\C:\Windows\TEMP\MPTelemetrySubmit\client_manifest.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER56B9.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D22.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER5EE8.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_54e9a1c4c75a82c7472d17c61bef3af0b89d2_00000000_cab_0d245ef7 Analysis symbol: Rechecking for solution: 0 Report Id: 61fb40d2-6d1d-4f72-96e7-81279d2eb712 Report Status: 4 Hashed bucket: " Information 2017-12-18 14:52:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:50:44 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Windows\Temp\AvgSetup\99accc0e-da09-47ce-9848-9918f159f9df\install\zen\zen_x64.msi. Client Process Id: 6260. Information 2017-12-18 14:50:44 MsiInstaller 1033 None Windows Installer installed the product. Product Name: AVG. Product Version: 1.211.3. Product Language: 1033. Manufacturer: AVG Technologies. Installation success or error status: 0. Information 2017-12-18 14:50:44 MsiInstaller 11707 None SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Installation completed successfully. Information 2017-12-18 14:50:36 ESENT 916 General svchost (7164,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:50:32 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Windows\Temp\AvgSetup\99accc0e-da09-47ce-9848-9918f159f9df\install\zen\zen_x64.msi. Client Process Id: 6260. Information 2017-12-18 14:50:28 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Windows\Temp\AvgSetup\99accc0e-da09-47ce-9848-9918f159f9df\install\fmw\avgfmwsetupx64.msi. Client Process Id: 3032. Information 2017-12-18 14:50:28 MsiInstaller 1033 None Windows Installer installed the product. Product Name: FMW 1. Product Version: 1.226.3. Product Language: 1033. Manufacturer: AVG Technologies. Installation success or error status: 0. Information 2017-12-18 14:50:28 MsiInstaller 11707 None Product: FMW 1 -- Installation completed successfully. Information 2017-12-18 14:50:06 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Windows\Temp\AvgSetup\99accc0e-da09-47ce-9848-9918f159f9df\install\fmw\avgfmwsetupx64.msi. Client Process Id: 3032. Information 2017-12-18 14:49:11 Microsoft-Windows-RestartManager 10001 None Ending session 2 started ‎2017‎-‎12‎-‎18T13:45:57.486464900Z. Information 2017-12-18 14:46:36 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <07E032E020B72C3F192F0628A2593A19A70F069E>. Information 2017-12-18 14:45:57 Microsoft-Windows-RestartManager 10000 None Starting session 2 - ‎2017‎-‎12‎-‎18T13:45:57.486464900Z. Information 2017-12-18 14:45:55 Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2017‎-‎12‎-‎18T13:44:52.341460400Z. Information 2017-12-18 14:45:55 MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\9B5999~1\GoogleChromeStandaloneEnterprise64.msi. Client Process Id: 3768. Information 2017-12-18 14:45:55 MsiInstaller 1033 None Windows Installer installed the product. Product Name: Google Chrome. Product Version: 67.41.49260. Product Language: 1033. Manufacturer: Google, Inc.. Installation success or error status: 0. Information 2017-12-18 14:45:55 MsiInstaller 11707 None Product: Google Chrome -- Installation completed successfully. Information 2017-12-18 14:45:34 ESENT 916 General svchost (4252,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:44:59 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 14:44:52 Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2017‎-‎12‎-‎18T13:44:52.341460400Z. Information 2017-12-18 14:44:52 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <3679CA35668772304D30A5FB873B0FA77BB70D54>." Information 2017-12-18 14:44:50 MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Eglobal\AppData\Local\Temp\9B5999~1\GoogleChromeStandaloneEnterprise64.msi. Client Process Id: 3768. Information 2017-12-18 14:44:47 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 14:44:47 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 14:44:36 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 14:44:36 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 14:43:38 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <75E0ABB6138512271C04F85FDDDE38E4B7242EFE>. Information 2017-12-18 14:43:21 ESENT 916 General DllHost (1528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:43:19 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25>. Information 2017-12-18 14:43:18 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 14:43:13 ESENT 916 General MicrosoftEdge (5780,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:42:05 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 14:42:05 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 14:41:06 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 14:41:06 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 14:40:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:39:48 Microsoft-Windows-Search-ProfileNotify 1 None "Windows Search Service indexed data for user 'S-1-5-21-1417560648-1617758165-1390362260-1000' successfully removed in response to user profile deletion. " Information 2017-12-18 14:39:48 Microsoft-Windows-Search-ProfileNotify 1 None "Windows Search Service indexed data for user 'S-1-5-21-1417560648-1617758165-1390362260-1000' successfully removed in response to user profile deletion. " Information 2017-12-18 14:38:16 ESENT 916 General svchost (3196,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:35:27 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 14:35:08 ESENT 916 General DllHost (1528,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:32:55 ESENT 916 General svchost (6036,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:32:53 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T13:22:53Z. Reason: RulesEngine. Information 2017-12-18 14:31:58 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 14:31:58 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Error 2017-12-18 14:31:13 Microsoft-Windows-Perflib 1008 None "The Open Procedure for service ""BITS"" in DLL ""C:\Windows\System32\bitsperf.dll"" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code." Information 2017-12-18 14:29:44 System Restore 8195 None System Restore has been disabled (Process = c:\windows\system32\svchost.exe -k netsvcs; Volume = ). Information 2017-12-18 14:29:38 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T13:22:38Z. Reason: RulesEngine. Information 2017-12-18 14:28:30 .NET Runtime Optimization Service 1130 None .NET Runtime Optimization Service (4.0.30319.0) - Installed from repository: mscorlib Information 2017-12-18 14:25:20 ESENT 916 General svchost (6416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:23:52 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 14:23:35 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T13:22:35Z. Reason: RulesEngine. Error 2017-12-18 14:23:05 Microsoft-Windows-Security-SPP 8198 None "License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=2" Information 2017-12-18 14:23:04 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21776)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 14:23:04 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21776)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 14:22:59 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/01/02:16:19:59;LastConsumptionReason=0x4004f040;LastNotificationId=VolumeRenewalRequired;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Error 2017-12-18 14:22:46 ESENT 522 General "ShellExperienceHost (6732,P,0) TILEREPOSITORYS-1-5-21-1417560648-1617758165-1390362260-1001: An attempt to open the device with name ""\\.\C:"" containing ""C:\"" failed with system error 5 (0x00000005): ""Access is denied. "". The operation will fail with error -1032 (0xfffffbf8)." Error 2017-12-18 14:22:46 ESENT 522 General "ShellExperienceHost (6732,P,0) TILEREPOSITORYS-1-5-21-1417560648-1617758165-1390362260-1001: An attempt to open the device with name ""\\.\C:"" containing ""C:\"" failed with system error 5 (0x00000005): ""Access is denied. "". The operation will fail with error -1032 (0xfffffbf8)." Error 2017-12-18 14:22:46 ESENT 522 General "ShellExperienceHost (6732,P,0) TILEREPOSITORYS-1-5-21-1417560648-1617758165-1390362260-1001: An attempt to open the device with name ""\\.\C:"" containing ""C:\"" failed with system error 5 (0x00000005): ""Access is denied. "". The operation will fail with error -1032 (0xfffffbf8)." Error 2017-12-18 14:22:46 ESENT 522 General "ShellExperienceHost (6732,P,0) TILEREPOSITORYS-1-5-21-1417560648-1617758165-1390362260-1001: An attempt to open the device with name ""\\.\C:"" containing ""C:\"" failed with system error 5 (0x00000005): ""Access is denied. "". The operation will fail with error -1032 (0xfffffbf8)." Error 2017-12-18 14:22:46 ESENT 522 General "ShellExperienceHost (6732,P,0) TILEREPOSITORYS-1-5-21-1417560648-1617758165-1390362260-1001: An attempt to open the device with name ""\\.\C:"" containing ""C:\"" failed with system error 5 (0x00000005): ""Access is denied. "". The operation will fail with error -1032 (0xfffffbf8)." Error 2017-12-18 14:22:46 ESENT 522 General "ShellExperienceHost (6732,P,0) TILEREPOSITORYS-1-5-21-1417560648-1617758165-1390362260-1001: An attempt to open the device with name ""\\.\C:"" containing ""C:\"" failed with system error 5 (0x00000005): ""Access is denied. "". The operation will fail with error -1032 (0xfffffbf8)." Information 2017-12-18 14:22:27 ESENT 916 General taskhostw (5020,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:22:23 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 2 The request is not supported " Information 2017-12-18 14:22:22 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 14:22:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 2 The request is not supported " Information 2017-12-18 14:22:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 14:22:21 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 14:22:21 Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port. Information 2017-12-18 14:22:20 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 22 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1000: Process 644 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000 Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\System\GameConfigStore\Parents Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\System\GameConfigStore Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Policies\Microsoft\Windows\CloudContent Process 6496 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 5548 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Windows\CurrentVersion\Privacy Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Policies\Microsoft\Windows\DataCollection Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 5548 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Internet Explorer\Main Process 5548 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Internet Explorer\Main Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Internet Explorer\Main Process 496 () has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 820 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\System\GameConfigStore\Children Process 2256 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Internet Explorer\Security Process 5548 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Internet Explorer\Security Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Internet Explorer\Security Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections " Information 2017-12-18 14:22:20 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 14:22:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 The request is not supported " Information 2017-12-18 14:22:19 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test The request is not supported " Information 2017-12-18 14:22:19 Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1417560648-1617758165-1390362260-1001: Process 4300 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1417560648-1617758165-1390362260-1001\Software\Policies\Microsoft\Windows\DataCollection " Information 2017-12-18 14:22:09 Microsoft-Windows-Search-ProfileNotify 5 None "Windows Search Service has created default configuration for new user 'DESKTOP-57M3LFG\Eglobal' . " Information 2017-12-18 14:21:18 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T09:52:18Z. Reason: RulesEngine. Information 2017-12-18 14:20:28 ESENT 916 General svchost (5548,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 14:19:08 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 14:18:40 SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready Information 2017-12-18 13:52:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 13:49:56 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T09:51:56Z. Reason: RulesEngine. Information 2017-12-18 13:49:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:11 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:10 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:10 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:10 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:09 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:09 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:09 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:08 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:08 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:08 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:07 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:07 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:07 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:06 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:06 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:06 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:05 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:05 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:04 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:04 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:04 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:04 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:03 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:03 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:03 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:02 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:02 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:02 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:01 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:00 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:00 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:49:00 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:48:59 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:48:59 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:48:59 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:48:59 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:48:59 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21810)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 13:48:44 ESENT 916 General svchost (4724,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 13:47:29 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T09:51:29Z. Reason: RulesEngine. Information 2017-12-18 13:47:15 Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5>." Information 2017-12-18 13:47:15 Microsoft-Windows-CAPI2 4111 None Successful auto update of third-party root list with effective date: ‎Tuesday, ‎November ‎21, ‎2017 12:25:07 PM. Information 2017-12-18 13:47:15 Microsoft-Windows-CAPI2 4109 None Successful auto property update of third-party root certificate:: Subject: Sha1 thumbprint: <02FAF3E291435468607857694DF5E45B68851868>. Information 2017-12-18 13:47:15 Microsoft-Windows-CAPI2 4109 None Successful auto property update of third-party root certificate:: Subject: Sha1 thumbprint: <0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43>. Information 2017-12-18 13:47:15 Microsoft-Windows-CAPI2 4108 None "Successful auto delete of third-party root certificate:: Subject: Sha1 thumbprint: <4F65566336DB6598581D584A596C87934D5F2AB4>." Information 2017-12-18 13:47:15 Microsoft-Windows-CAPI2 4109 None "Successful auto property update of third-party root certificate:: Subject: Sha1 thumbprint: <742C3192E607E424EB4549542BE1BBC53E6174E2>." Information 2017-12-18 13:47:15 Microsoft-Windows-CAPI2 4109 None Successful auto property update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 12:58:40 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T09:51:40Z. Reason: RulesEngine. Information 2017-12-18 12:51:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 11:51:00 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 11:06:50 ESENT 916 General svchost (4616,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:53:00 Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped. " Information 2017-12-18 10:53:00 Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2017-12-19T09:52:00Z. Reason: RulesEngine. Information 2017-12-18 10:52:53 Microsoft-Windows-CAPI2 4113 None Successful auto update of pin rules with effective date: ‎Wednesday, ‎May ‎31, ‎2017 3:28:59 PM. Error 2017-12-18 10:52:30 Microsoft-Windows-Security-SPP 8198 None "License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1" Information 2017-12-18 10:52:30 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21987)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 10:52:30 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 10:52:30 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 10:52:30 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21987)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 10:52:28 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 10:52:26 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21987)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 10:52:25 Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule. Kernel policies: Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2018/01/02:16:19:25;LastConsumptionReason=0x4004f040;LastNotificationId=VolumeRenewalRequired;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=2YT43;ProductKeyType=Volume:GVLK;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;ruleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;uxDifferentiator=ENVIRONMENT;volumeActivationOrder=normal" Information 2017-12-18 10:52:01 ESENT 916 General taskhostw (1132,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:51:57 ESENT 916 General svchost (3400,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:51:56 ESENT 916 General svchost (5964,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:51:56 ESENT 916 General svchost (3716,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:51:52 Microsoft-Windows-CAPI2 4112 None Successful auto update of disallowed certificate list with effective date: ‎Thursday, ‎April ‎20, ‎2017 7:59:32 AM. Information 2017-12-18 10:51:52 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: . Information 2017-12-18 10:51:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 The request is not supported " Information 2017-12-18 10:51:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 The request is not supported " Information 2017-12-18 10:51:49 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber was unavailable to handle a notification event. Information 2017-12-18 10:51:49 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 The request is not supported " Information 2017-12-18 10:51:48 Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber was unavailable to handle a critical notification event. Information 2017-12-18 10:51:45 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WinSetupDiag02 Response: Not available Cab Id: 0 Problem signature: P1: X P2: X P3: 9 P4: 0 P5: X P6: X P7: 16299 P8: X P9: X P10: X Attached files: \\?\C:\Windows\Panther\SetupAct.log \\?\C:\Windows\Panther\diagerr.xml \\?\C:\Windows\inf\setupapi.setup.log \\?\C:\Windows\inf\setupapi.dev.log \\?\C:\Windows\inf\setupapi.offline.log \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7C2.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB81F.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB84F.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_X_1561939d491aa0484a7537e6eed5cf734d6cb7b_00000000_cab_107db85e Analysis symbol: Rechecking for solution: 0 Report Id: ab5ad1d5-2926-4cca-96f5-a90fcc9a63a5 Report Status: 4 Hashed bucket: " Information 2017-12-18 10:51:27 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 10:50:29 ESENT 916 General svchost (3416,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:50:27 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 10:50:26 Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 24a0166c-ef8a-436f-bf77-e0ecdf55a41e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 5da22a1c-03e3-44b9-9baa-6cf813821ed3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/volume/1.0 0x4004F040 21989)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )] 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: d4ef7282-3d2c-4cf0-9976-8854e64a8d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: dcc5f846-873c-4a0b-acfc-e6c54257be79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] " Information 2017-12-18 10:50:26 Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=73111121-5638-40f6-bc11-f1d7b0d64300" Information 2017-12-18 10:50:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-IgnoreDeferredActivation Priority=500 Information 2017-12-18 10:50:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 10:50:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 10:50:26 Microsoft-Windows-Search-ProfileNotify 5 None "Windows Search Service has created default configuration for new user 'DESKTOP-57M3LFG\defaultuser0' . " Information 2017-12-18 10:50:26 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 10:50:26 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 10:50:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 10:50:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 10:50:25 Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 Information 2017-12-18 10:50:23 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 10:50:23 Microsoft-Windows-Search 1005 Search service The Windows Search Service has successfully created the new search index. Information 2017-12-18 10:50:22 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 10:50:22 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 10:50:21 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 10:50:21 Microsoft-Windows-Security-SPP 1016 None "Proof of Purchase installed successfully. ACID=73111121-5638-40f6-bc11-f1d7b0d64300 PKeyId=d1c5fcfc-a4e7-f40f-fa49-fe1b4b01a8c5" Information 2017-12-18 10:49:26 Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. " Information 2017-12-18 10:49:26 ESENT 325 General "SearchIndexer (844,D,0) Windows: The database engine created a new database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Additional Data: lgposCreate = 00000001:0001:0268 Internal Timing Sequence: [1] 0.000233 +J(0) +M(C:0K, Fs:9, WS:36K # 0K, PF:32K # 0K, P:32K) [2] 0.000663 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K) [3] 0.025147 +J(0) +M(C:0K, Fs:28, WS:80K # 0K, PF:40K # 0K, P:40K) [4] 0.216607 +J(0) +M(C:0K, Fs:17, WS:68K # 0K, PF:84K # 0K, P:84K) [5] 0.000302 +J(CM:0, PgRf:3, Rd:0/0, Dy:3/6, Lg:122/4) +M(C:0K, Fs:52, WS:208K # 0K, PF:244K # 0K, P:244K) [6] 0.012563 +J(CM:0, PgRf:209, Rd:0/0, Dy:12/408, Lg:24454/447) +M(C:0K, Fs:135, WS:536K # 184K, PF:632K # 92K, P:632K) [7] 0.015332 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K) [8] 0.000010 +J(0) [9] 0.150153 -0.000008 (15) CM +J(CM:15, PgRf:0, Rd:0/15, Dy:0/0, Lg:0/0) +M(C:0K, Fs:153, WS:84K # 84K, PF:20K # 72K, P:20K) [10] 0.013356 +J(CM:0, PgRf:346, Rd:0/0, Dy:7/93, Lg:12509/128) +M(C:0K, Fs:46, WS:152K # 184K, PF:148K # 124K, P:148K) [11] 0.000007 +J(0)." Information 2017-12-18 10:49:25 ESENT 637 General "SearchIndexer (844,D,0) Windows: New flush map file ""C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm"" will be created to enable persisted lost flush detection." Information 2017-12-18 10:49:25 ESENT 105 General "SearchIndexer (844,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.080132 +J(0) +M(C:0K, Fs:314, WS:1240K # 0K, PF:5492K # 5492K, P:5492K) [2] 0.000624 +J(0) +M(C:10240K, Fs:106, WS:424K # 0K, PF:376K # 376K, P:376K) [3] 0.042615 +J(0) +M(C:0K, Fs:9, WS:32K # 0K, PF:68K # 68K, P:68K) [4] 0.000276 +J(0) +M(C:0K, Fs:27, WS:108K # 0K, PF:224K # 224K, P:224K) [5] 0.002527 +J(0) +M(C:0K, Fs:14, WS:56K # 0K, PF:20K # 20K, P:20K) [6] 0.003006 +J(0) +M(C:0K, Fs:22, WS:88K # 0K, PF:12K # 12K, P:12K) [7] - [8] - [9] - [10] - [11] - [12] - [13] 0.176842 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:566, WS:1236K # 1080K, PF:24K # 1048K, P:24K) [14] 0.000035 +J(0) [15] 0.000112 +J(0) +M(C:0K, Fs:33, WS:128K # 0K, PF:68K # 0K, P:68K) [16] 0.033034 +J(0) +M(C:0K, Fs:9, WS:28K # 0K, PF:0K # 0K, P:0K)." Information 2017-12-18 10:49:25 ESENT 916 General SearchIndexer (844,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:49:25 ESENT 102 General SearchIndexer (844,P,0) Windows: The database engine (10.00.16299.0000) is starting a new instance (0). Information 2017-12-18 10:49:25 Microsoft-Windows-Search 1004 Search service The Windows Search service is creating the new search index {Reason: Full Index Reset}. Information 2017-12-18 10:49:25 Microsoft-Windows-Search 1010 Search service The Windows Search Service has successfully removed the old search index. Warning 2017-12-18 10:49:24 Microsoft-Windows-Search 1008 Search service The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Information 2017-12-18 10:48:52 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: WinRMAssert Response: Not available Cab Id: 0 Problem signature: P1: admin\wmi\wmx\automation\session.cpp P2: 181 P3: P4: P5: P6: P7: P8: P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C71.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DCA.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E27.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E66.tmp.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_admin_wmi_wmx_au_7a0a77f8870675b5ccf2153de598e9d72bc52_00000000_0efa2e75 Analysis symbol: Rechecking for solution: 0 Report Id: 5c656e1b-da03-4e51-9dd2-4be137dbcbe6 Report Status: 536870914 Hashed bucket: " Information 2017-12-18 10:47:20 Windows Error Reporting 1001 None "Fault bucket , type 0 Event Name: ServiceHang Response: Not available Cab Id: 0 Problem signature: P1: NcbService P2: ncbservice.dll P3: 10.0.16299.15 P4: 20 P5: 3 P6: P7: P8: P9: P10: Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: ce330dfc-bcc4-41c0-8c90-26a29af1bc15 Report Status: 2147745792 Hashed bucket: " Information 2017-12-18 10:47:16 ESENT 916 General svchost (3228,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:45:18 iBtSiva 3 None "The description for Event ID 3 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker elapsed The request is not supported " Information 2017-12-18 10:44:56 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Error 2017-12-18 10:44:56 SecurityCenter 16 None Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 10:44:56 SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. Error 2017-12-18 10:44:56 SecurityCenter 16 None Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Information 2017-12-18 10:44:54 Microsoft-Windows-Search 1003 Search service The Windows Search Service started. Information 2017-12-18 10:44:54 SecurityCenter 1 None The Windows Security Center Service has started. Information 2017-12-18 10:44:17 iBtSiva 100 None "The description for Event ID 100 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva soft reset The request is not supported " Information 2017-12-18 10:44:17 iBtSiva 1 None "The description for Event ID 1 from source iBtSiva cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: iBtSiva Siva worker starting The request is not supported " Information 2017-12-18 10:44:03 igfxCUIService2.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService2.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed The request is not supported " Information 2017-12-18 10:43:54 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully Information 2017-12-18 10:42:59 ESENT 916 General svchost (1816,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:42:58 ESENT 916 General svchost (1816,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:42:55 ESENT 916 General svchost (2404,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. Information 2017-12-18 10:42:54 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully Information 2017-12-18 10:42:51 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. " Information 2017-12-18 10:42:49 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43>. Information 2017-12-18 10:42:47 Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: Sha1 thumbprint: <02FAF3E291435468607857694DF5E45B68851868>. Information 2017-12-18 10:42:51 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.