API tools faq
paste
Advertisement
Guest User

CrashLogXML

a guest
Jun 17th, 2016
200
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 125.73 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="utf-8" standalone="yes"?>
  2. <Events><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Virtual Disk Service'/><EventID Qualifiers='16896'>3</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T07:43:00.097879600Z'/><EventRecordID>9730</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data>@2010005</Data></EventData><RenderingInfo Culture='en-US'><Message>Service started.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-WindowsUpdateClient' Guid='{945A8954-C147-4ACD-923F-40C45405A658}'/><EventID>19</EventID><Version>1</Version><Level>4</Level><Task>1</Task><Opcode>13</Opcode><Keywords>0x8000000000000018</Keywords><TimeCreated SystemTime='2016-06-17T07:41:26.477215700Z'/><EventRecordID>9729</EventRecordID><Correlation/><Execution ProcessID='84' ThreadID='6244'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='updateTitle'>Definition Update for Windows Defender - KB2267602 (Definition 1.223.1814.0)</Data><Data Name='updateGuid'>{ADC7297D-B6CE-4FDE-AE0B-F8985874402C}</Data><Data Name='updateRevisionNumber'>200</Data><Data Name='serviceGuid'>{7971F918-A847-4430-9279-4A52D1EFE18D}</Data></EventData><RenderingInfo Culture='en-US'><Message>Installation Successful: Windows successfully installed the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.223.1814.0)</Message><Level>Information</Level><Task>Windows Update Agent</Task><Opcode>Installation</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-WindowsUpdateClient</Provider><Keywords><Keyword>Installation</Keyword><Keyword>Success</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-WindowsUpdateClient' Guid='{945A8954-C147-4ACD-923F-40C45405A658}'/><EventID>43</EventID><Version>1</Version><Level>4</Level><Task>1</Task><Opcode>13</Opcode><Keywords>0x8000000000002008</Keywords><TimeCreated SystemTime='2016-06-17T07:41:21.293914200Z'/><EventRecordID>9728</EventRecordID><Correlation/><Execution ProcessID='84' ThreadID='6244'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='updateTitle'>Definition Update for Windows Defender - KB2267602 (Definition 1.223.1814.0)</Data><Data Name='updateGuid'>{ADC7297D-B6CE-4FDE-AE0B-F8985874402C}</Data><Data Name='updateRevisionNumber'>200</Data></EventData><RenderingInfo Culture='en-US'><Message>Installation Started: Windows has started installing the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.223.1814.0)</Message><Level>Information</Level><Task>Windows Update Agent</Task><Opcode>Installation</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-WindowsUpdateClient</Provider><Keywords><Keyword>Installation</Keyword><Keyword>Started</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-WindowsUpdateClient' Guid='{945A8954-C147-4ACD-923F-40C45405A658}'/><EventID>44</EventID><Version>1</Version><Level>4</Level><Task>1</Task><Opcode>12</Opcode><Keywords>0x8000000000002004</Keywords><TimeCreated SystemTime='2016-06-17T07:40:25.796811400Z'/><EventRecordID>9727</EventRecordID><Correlation/><Execution ProcessID='84' ThreadID='6244'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='updateTitle'>Definition Update for Windows Defender - KB2267602 (Definition 1.223.1814.0)</Data><Data Name='updateGuid'>{ADC7297D-B6CE-4FDE-AE0B-F8985874402C}</Data><Data Name='updateRevisionNumber'>200</Data></EventData><RenderingInfo Culture='en-US'><Message>Windows Update started downloading an update.</Message><Level>Information</Level><Task>Windows Update Agent</Task><Opcode>Download</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-WindowsUpdateClient</Provider><Keywords><Keyword>Download</Keyword><Keyword>Started</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DistributedCOM' Guid='{1B562E86-B7AA-4131-BADC-B6F3A001407E}' EventSourceName='DCOM'/><EventID Qualifiers='0'>10016</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T07:17:02.781678000Z'/><EventRecordID>9726</EventRecordID><Correlation/><Execution ProcessID='856' ThreadID='2888'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='param1'>machine-default</Data><Data Name='param2'>Local</Data><Data Name='param3'>Activation</Data><Data Name='param4'>{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data><Data Name='param5'>{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data><Data Name='param6'>THEDREAM</Data><Data Name='param7'>Alex Tankersley</Data><Data Name='param8'>S-1-5-21-113487287-4014917537-3712483742-1001</Data><Data Name='param9'>LocalHost (Using LRPC)</Data><Data Name='param10'>Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy</Data><Data Name='param11'>S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795</Data></EventData><RenderingInfo Culture='en-US'><Message>The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  3. {C2F03A33-21F5-47FA-B4BB-156362A2F239}
  4.  and APPID
  5. {316CDED5-E4AE-4B15-9113-7055D84DCC97}
  6.  to the user THEDREAM\Alex Tankersley SID (S-1-5-21-113487287-4014917537-3712483742-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795). This security permission can be modified using the Component Services administrative tool.</Message><Level>Error</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider>Microsoft-Windows-DistributedCOM</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T06:16:15.436517500Z'/><EventRecordID>9725</EventRecordID><Correlation/><Execution ProcessID='632' ThreadID='740'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>ALSysIO</Data><Data Name='ImagePath'>C:\Users\ALEXTA~1\AppData\Local\Temp\ALSysIO64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  7.  
  8. Service Name:  ALSysIO
  9. Service File Name:  C:\Users\ALEXTA~1\AppData\Local\Temp\ALSysIO64.sys
  10. Service Type:  kernel mode driver
  11. Service Start Type:  demand start
  12. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:41:03.149694500Z'/><EventRecordID>9724</EventRecordID><Correlation/><Execution ProcessID='632' ThreadID='76'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>MagicianSataModeReader</Data><Data Name='ImagePath'>C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  13.  
  14. Service Name:  MagicianSataModeReader
  15. Service File Name:  C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys
  16. Service Type:  kernel mode driver
  17. Service Start Type:  demand start
  18. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:40:58.548365500Z'/><EventRecordID>9723</EventRecordID><Correlation/><Execution ProcessID='632' ThreadID='996'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>MagicianSataModeReader</Data><Data Name='ImagePath'>C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  19.  
  20. Service Name:  MagicianSataModeReader
  21. Service File Name:  C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys
  22. Service Type:  kernel mode driver
  23. Service Start Type:  demand start
  24. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DistributedCOM' Guid='{1B562E86-B7AA-4131-BADC-B6F3A001407E}' EventSourceName='DCOM'/><EventID Qualifiers='0'>10016</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:40:53.885510300Z'/><EventRecordID>9722</EventRecordID><Correlation/><Execution ProcessID='856' ThreadID='2704'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='param1'>machine-default</Data><Data Name='param2'>Local</Data><Data Name='param3'>Activation</Data><Data Name='param4'>{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data><Data Name='param5'>{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data><Data Name='param6'>THEDREAM</Data><Data Name='param7'>Alex Tankersley</Data><Data Name='param8'>S-1-5-21-113487287-4014917537-3712483742-1001</Data><Data Name='param9'>LocalHost (Using LRPC)</Data><Data Name='param10'>Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy</Data><Data Name='param11'>S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795</Data></EventData><RenderingInfo Culture='en-US'><Message>The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  25. {C2F03A33-21F5-47FA-B4BB-156362A2F239}
  26.  and APPID
  27. {316CDED5-E4AE-4B15-9113-7055D84DCC97}
  28.  to the user THEDREAM\Alex Tankersley SID (S-1-5-21-113487287-4014917537-3712483742-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795). This security permission can be modified using the Component Services administrative tool.</Message><Level>Error</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider>Microsoft-Windows-DistributedCOM</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Winlogon' Guid='{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}'/><EventID>7001</EventID><Version>0</Version><Level>4</Level><Task>1101</Task><Opcode>0</Opcode><Keywords>0x2000200000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:40:14.721833700Z'/><EventRecordID>9721</EventRecordID><Correlation/><Execution ProcessID='716' ThreadID='948'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='TSId'>1</Data><Data Name='UserSid'>S-1-5-21-113487287-4014917537-3712483742-1001</Data></EventData><RenderingInfo Culture='en-US'><Message>User Logon Notification for Customer Experience Improvement Program</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Winlogon</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='49152'>7026</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:59.187267800Z'/><EventRecordID>9720</EventRecordID><Correlation/><Execution ProcessID='632' ThreadID='636'/><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data Name='param1'>
  29. dam
  30. VBoxNetAdp</Data></EventData><RenderingInfo Culture='en-US'><Message>The following boot-start or system-start driver(s) did not load:
  31. dam
  32. VBoxNetAdp</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DHCPv6-Client' Guid='{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}'/><EventID>51046</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>62</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.753266100Z'/><EventRecordID>9719</EventRecordID><Correlation/><Execution ProcessID='1380' ThreadID='1740'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-19'/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>DHCPv6 client service is started</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStart</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DHCPv6-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Dhcp-Client' Guid='{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}'/><EventID>50036</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>68</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.746359600Z'/><EventRecordID>9718</EventRecordID><Correlation/><Execution ProcessID='1380' ThreadID='1708'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-19'/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>DHCPv4 client service is started</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStart</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Dhcp-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.593947900Z'/><EventRecordID>9717</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>10</Data><Data Name='DeviceName'>storqosflt</Data><Data Name='DeviceTime'>2015-10-29T22:37:39.000000000Z</Data><Data Name='ExtraInfoLength'>203</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000000" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Quota Management" , "instances" : [["244000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0009-0000-3044-A58B5AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'storqosflt' (10.0, ‎2015‎-‎10‎-‎29T22:37:39.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.591430200Z'/><EventRecordID>9716</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>5</Data><Data Name='DeviceName'>luafv</Data><Data Name='DeviceTime'>2015-10-29T22:34:43.000000000Z</Data><Data Name='ExtraInfoLength'>201</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "instances" : [["135000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0008-0000-F4F5-A48B5AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'luafv' (10.0, ‎2015‎-‎10‎-‎29T22:34:43.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:38:56.080821700Z'/><EventRecordID>9715</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='172'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>\\?\Volume{fd10a08c-0000-0000-0000-c0af68000000}</Data><Data Name='DeviceName'>\Device\HarddiskVolume5</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume \\?\Volume{fd10a08c-0000-0000-0000-c0af68000000} (\Device\HarddiskVolume5) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:38:56.067735100Z'/><EventRecordID>9714</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>\\?\Volume{fd10a08c-0000-0000-0000-100000000000}</Data><Data Name='DeviceName'>\Device\HarddiskVolume3</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume \\?\Volume{fd10a08c-0000-0000-0000-100000000000} (\Device\HarddiskVolume3) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.972332100Z'/><EventRecordID>9713</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>E:</Data><Data Name='DeviceName'>\Device\HarddiskVolume2</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume E: (\Device\HarddiskVolume2) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.698237900Z'/><EventRecordID>9712</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>3</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 3 in group 0 exposes the following power management capabilities:
  33.  
  34. Idle state type: ACPI Idle (C) States (2 state(s))
  35.  
  36. Performance state type: ACPI Performance (P) / Throttle (T) States
  37. Nominal Frequency (MHz): 3401
  38. Maximum performance percentage: 100
  39. Minimum performance percentage: 23
  40. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.697815800Z'/><EventRecordID>9711</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>2</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 2 in group 0 exposes the following power management capabilities:
  41.  
  42. Idle state type: ACPI Idle (C) States (2 state(s))
  43.  
  44. Performance state type: ACPI Performance (P) / Throttle (T) States
  45. Nominal Frequency (MHz): 3401
  46. Maximum performance percentage: 100
  47. Minimum performance percentage: 23
  48. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.697438000Z'/><EventRecordID>9710</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>1</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 1 in group 0 exposes the following power management capabilities:
  49.  
  50. Idle state type: ACPI Idle (C) States (2 state(s))
  51.  
  52. Performance state type: ACPI Performance (P) / Throttle (T) States
  53. Nominal Frequency (MHz): 3401
  54. Maximum performance percentage: 100
  55. Minimum performance percentage: 23
  56. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.694693800Z'/><EventRecordID>9709</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>0</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 0 in group 0 exposes the following power management capabilities:
  57.  
  58. Idle state type: ACPI Idle (C) States (2 state(s))
  59.  
  60. Performance state type: ACPI Performance (P) / Throttle (T) States
  61. Nominal Frequency (MHz): 3401
  62. Maximum performance percentage: 100
  63. Minimum performance percentage: 23
  64. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.386265400Z'/><EventRecordID>9708</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>D:</Data><Data Name='DeviceName'>\Device\HarddiskVolume1</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume D: (\Device\HarddiskVolume1) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='MEIx64'/><EventID Qualifiers='16391'>2</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.238775500Z'/><EventRecordID>9707</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data></Data><Binary>00000000010000000000000002000740000000000000000000000000000000000000000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>Intel(R) Management Engine Interface driver has started successfully.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-PnP' Guid='{9C205A39-1250-487D-ABD7-E831C6290539}'/><EventID>219</EventID><Version>0</Version><Level>3</Level><Task>212</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.061494000Z'/><EventRecordID>9706</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriverNameLength'>13</Data><Data Name='DriverName'>ROOT\WPD\0000</Data><Data Name='Status'>3221226341</Data><Data Name='FailureNameLength'>14</Data><Data Name='FailureName'>\Driver\WudfRd</Data><Data Name='Version'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The driver \Driver\WudfRd failed to load for the device ROOT\WPD\0000.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-PnP</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DriverFrameworks-UserMode' Guid='{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}'/><EventID>10114</EventID><Version>1</Version><Level>4</Level><Task>101</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:55.061413600Z'/><EventRecordID>9705</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><UserData><UMDFReflectorDependencyMissing xmlns='http://www.microsoft.com/DriverFrameworks/UserMode/Event'><Dependency>WUDFPf</Dependency></UMDFReflectorDependencyMissing></UserData><RenderingInfo Culture='en-US'><Message>WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.</Message><Level>Information</Level><Task>Startup of the UMDF reflector</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DriverFrameworks-UserMode</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Power' Guid='{331C3B3A-2005-44C2-AC5E-77220C37D6B4}'/><EventID>41</EventID><Version>3</Version><Level>1</Level><Task>63</Task><Opcode>0</Opcode><Keywords>0x8000400000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.946540900Z'/><EventRecordID>9704</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BugcheckCode'>0</Data><Data Name='BugcheckParameter1'>0x0</Data><Data Name='BugcheckParameter2'>0x0</Data><Data Name='BugcheckParameter3'>0x0</Data><Data Name='BugcheckParameter4'>0x0</Data><Data Name='SleepInProgress'>0</Data><Data Name='PowerButtonTimestamp'>0</Data><Data Name='BootAppStatus'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.</Message><Level>Critical</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.932140200Z'/><EventRecordID>9703</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>9</Data><Data Name='DeviceName'>npsvctrig</Data><Data Name='DeviceTime'>2015-10-29T22:40:23.000000000Z</Data><Data Name='ExtraInfoLength'>183</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000008" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "(null)" , "instances" : [["46000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0007-0000-25C1-75895AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'npsvctrig' (10.0, ‎2015‎-‎10‎-‎29T22:40:23.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.881141700Z'/><EventRecordID>9702</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>9</Data><Data Name='DeviceName'>FileCrypt</Data><Data Name='DeviceTime'>2016-04-23T00:29:32.000000000Z</Data><Data Name='ExtraInfoLength'>197</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000000" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Encryption" , "instances" : [["141100","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0006-0000-079A-6E895AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'FileCrypt' (10.0, ‎2016‎-‎04‎-‎23T00:29:32.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.832108900Z'/><EventRecordID>9701</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>C:</Data><Data Name='DeviceName'>\Device\HarddiskVolume4</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume C: (\Device\HarddiskVolume4) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.266004300Z'/><EventRecordID>9700</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>6</Data><Data Name='DeviceVersionMinor'>1</Data><Data Name='DeviceNameLength'>18</Data><Data Name='DeviceName'>SamsungRapidFSFltr</Data><Data Name='DeviceTime'>2015-09-04T02:36:14.000000000Z</Data><Data Name='ExtraInfoLength'>203</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000202" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Activity Monitor" , "instances" : [["388980","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0004-0000-FB3A-0F895AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'SamsungRapidFSFltr' (6.1, ‎2015‎-‎09‎-‎04T02:36:14.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.265544900Z'/><EventRecordID>9699</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>8</Data><Data Name='DeviceName'>WdFilter</Data><Data Name='DeviceTime'>2015-10-29T22:34:35.000000000Z</Data><Data Name='ExtraInfoLength'>196</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : true , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Anti-Virus" , "instances" : [["328010","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0003-0000-FB3A-0F895AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'WdFilter' (10.0, ‎2015‎-‎10‎-‎29T22:34:35.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.265135400Z'/><EventRecordID>9698</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>3</Data><Data Name='DeviceName'>Wof</Data><Data Name='DeviceTime'>2015-10-29T22:38:16.000000000Z</Data><Data Name='ExtraInfoLength'>196</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : true , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Compression" , "instances" : [["40700","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0002-0000-FB3A-0F895AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'Wof' (10.0, ‎2015‎-‎10‎-‎29T22:38:16.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:54.264795600Z'/><EventRecordID>9697</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>8</Data><Data Name='DeviceName'>FileInfo</Data><Data Name='DeviceTime'>2015-10-29T22:37:17.000000000Z</Data><Data Name='ExtraInfoLength'>192</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Bottom" , "instances" : [["45000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0001-0000-FB3A-0F895AC8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'FileInfo' (10.0, ‎2015‎-‎10‎-‎29T22:37:17.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>30</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:53.586289400Z'/><EventRecordID>9696</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='ResetEndStart'>0</Data><Data Name='LoadOSImageStart'>0</Data><Data Name='StartOSImageStart'>6155</Data><Data Name='ExitBootServicesEntry'>0</Data><Data Name='ExitBootServicesExit'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The firmware reported boot metrics.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>32</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:53.586260800Z'/><EventRecordID>9695</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BitlockerUserInputTime'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The bootmgr spent 0 ms waiting for user input.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>18</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:53.586243000Z'/><EventRecordID>9694</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='EntryCount'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>There are 0x1 boot options on this system.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>25</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:53.586208100Z'/><EventRecordID>9693</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BootMenuPolicy'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>The boot menu policy was 0x1.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>27</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:53.586207800Z'/><EventRecordID>9692</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BootType'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The boot type was 0x0.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>20</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:53.586171300Z'/><EventRecordID>9691</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='LastShutdownGood'>false</Data><Data Name='LastBootGood'>true</Data></EventData><RenderingInfo Culture='en-US'><Message>The last shutdown's success status was false. The last boot's success status was true.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Lfsvc'/><EventID Qualifiers='0'>1</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.671177500Z'/><EventRecordID>9690</EventRecordID><Channel>System</Channel><Computer>THEDREAM</Computer><Security/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>Geolocation positioning is enabled.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6013</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.643142800Z'/><EventRecordID>9689</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data></Data><Data></Data><Data></Data><Data></Data><Data>5</Data><Data>60</Data><Data>300 Eastern Standard Time</Data><Binary>31002E003100000030000000570069006E0064006F00770073002000310030002000500072006F000000310030002E0030002E003100300035003800360020004200750069006C0064002000310030003500380036002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000310030003500380036002E007400680032005F00720065006C0065006100730065005F007300650063002E003100360030003500320037002D00310038003300340000003500370031003800360034003200320000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003400000038003100310032000000340030003900000054006800650044007200650061006D0000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The system uptime is 5 seconds.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6005</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.642141100Z'/><EventRecordID>9688</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Binary>E007060005001100050026003A0082020000000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The Event log service was started.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6009</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.642141100Z'/><EventRecordID>9687</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data>10.00.</Data><Data>10586</Data><Data></Data><Data>Multiprocessor Free</Data><Data>16384</Data></EventData><RenderingInfo Culture='en-US'><Message>Microsoft (R) Windows (R) 10.00. 10586  Multiprocessor Free.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6008</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:58.642141100Z'/><EventRecordID>9686</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data>1:38:13 AM</Data><Data>‎6/‎17/‎2016</Data><Data></Data><Data></Data><Data>4</Data><Data></Data><Data></Data><Binary>E007060005001100010026000D003100E007060005001100050026000D0031003C0000003C000000000000000000000000000000000000000100000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The previous system shutdown at 1:38:13 AM on ‎6/‎17/‎2016 was unexpected.</Message><Level>Error</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-General' Guid='{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}'/><EventID>12</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:38:53.586090000Z'/><EventRecordID>9685</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='MajorVersion'>10</Data><Data Name='MinorVersion'>0</Data><Data Name='BuildVersion'>10586</Data><Data Name='QfeVersion'>16384</Data><Data Name='ServiceVersion'>0</Data><Data Name='BootMode'>0</Data><Data Name='StartTime'>2016-06-17T05:38:53.494352000Z</Data></EventData><RenderingInfo Culture='en-US'><Message>The operating system started at system time ‎2016‎-‎06‎-‎17T05:38:53.494352000Z.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-General</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Dhcp-Client' Guid='{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}'/><EventID>50037</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>69</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:56.311183900Z'/><EventRecordID>9684</EventRecordID><Correlation/><Execution ProcessID='1372' ThreadID='1700'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-19'/></System><EventData><Data Name='DwordVal'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>DHCPv4 client service is stopped. ShutDown Flag value is 1</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStop</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Dhcp-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DHCPv6-Client' Guid='{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}'/><EventID>51047</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>63</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:56.308882800Z'/><EventRecordID>9683</EventRecordID><Correlation/><Execution ProcessID='1372' ThreadID='1728'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-19'/></System><EventData><Data Name='DwordVal'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>DHCPv6 client service is stopped. ShutDown Flag value is 1</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStop</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DHCPv6-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Winlogon' Guid='{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}'/><EventID>7002</EventID><Version>0</Version><Level>4</Level><Task>1102</Task><Opcode>0</Opcode><Keywords>0x2000200000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:56.039812400Z'/><EventRecordID>9682</EventRecordID><Correlation/><Execution ProcessID='724' ThreadID='948'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='TSId'>1</Data><Data Name='UserSid'>S-1-5-21-113487287-4014917537-3712483742-1001</Data></EventData><RenderingInfo Culture='en-US'><Message>User Logoff Notification for Customer Experience Improvement Program</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Winlogon</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DistributedCOM' Guid='{1B562E86-B7AA-4131-BADC-B6F3A001407E}' EventSourceName='DCOM'/><EventID Qualifiers='0'>10010</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:55.998171200Z'/><EventRecordID>9681</EventRecordID><Correlation/><Execution ProcessID='856' ThreadID='4236'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='param1'>{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data></EventData><RenderingInfo Culture='en-US'><Message>The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.</Message><Level>Error</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider>Microsoft-Windows-DistributedCOM</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6006</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:56.300590900Z'/><EventRecordID>9680</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Binary>0100000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The Event log service was stopped.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='49152'>7031</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:55.078646300Z'/><EventRecordID>9679</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='92'/><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data Name='param1'>User Data Access_3b7bb</Data><Data Name='param2'>1</Data><Data Name='param3'>10000</Data><Data Name='param4'>1</Data><Data Name='param5'>Restart the service</Data><Binary>550073006500720044006100740061005300760063005F00330062003700620062000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The User Data Access_3b7bb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.</Message><Level>Error</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='49152'>7031</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:55.078646300Z'/><EventRecordID>9678</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='92'/><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data Name='param1'>User Data Storage_3b7bb</Data><Data Name='param2'>1</Data><Data Name='param3'>10000</Data><Data Name='param4'>1</Data><Data Name='param5'>Restart the service</Data><Binary>55006E006900730074006F00720065005300760063005F00330062003700620062000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The User Data Storage_3b7bb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.</Message><Level>Error</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='49152'>7031</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:55.078646300Z'/><EventRecordID>9677</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='92'/><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data Name='param1'>Contact Data_3b7bb</Data><Data Name='param2'>1</Data><Data Name='param3'>10000</Data><Data Name='param4'>1</Data><Data Name='param5'>Restart the service</Data><Binary>500069006D0049006E006400650078004D00610069006E00740065006E0061006E00630065005300760063005F00330062003700620062000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The Contact Data_3b7bb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.</Message><Level>Error</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='49152'>7031</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:55.078646300Z'/><EventRecordID>9676</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='92'/><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data Name='param1'>Sync Host_3b7bb</Data><Data Name='param2'>1</Data><Data Name='param3'>10000</Data><Data Name='param4'>1</Data><Data Name='param5'>Restart the service</Data><Binary>4F006E006500530079006E0063005300760063005F00330062003700620062000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The Sync Host_3b7bb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.</Message><Level>Error</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DistributedCOM' Guid='{1B562E86-B7AA-4131-BADC-B6F3A001407E}' EventSourceName='DCOM'/><EventID Qualifiers='0'>10016</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:54.988609700Z'/><EventRecordID>9675</EventRecordID><Correlation/><Execution ProcessID='856' ThreadID='888'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='param1'>application-specific</Data><Data Name='param2'>Local</Data><Data Name='param3'>Activation</Data><Data Name='param4'>{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data><Data Name='param5'>{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data><Data Name='param6'>NT AUTHORITY</Data><Data Name='param7'>SYSTEM</Data><Data Name='param8'>S-1-5-18</Data><Data Name='param9'>LocalHost (Using LRPC)</Data><Data Name='param10'>Unavailable</Data><Data Name='param11'>Unavailable</Data></EventData><RenderingInfo Culture='en-US'><Message>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  65. {D63B10C5-BB46-4990-A94F-E40B9D520160}
  66.  and APPID
  67. {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
  68.  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</Message><Level>Error</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider>Microsoft-Windows-DistributedCOM</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='User32' Guid='{b0aa8734-56f7-41cc-b2f4-de228e98b946}' EventSourceName='User32'/><EventID Qualifiers='32768'>1074</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:54.957584100Z'/><EventRecordID>9674</EventRecordID><Correlation/><Execution ProcessID='472' ThreadID='1672'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='param1'>c:\windows\SysWOW64\shutdown.exe (THEDREAM)</Data><Data Name='param2'>THEDREAM</Data><Data Name='param3'>Hardware: Installation (Unplanned)</Data><Data Name='param4'>0x10002</Data><Data Name='param5'>restart</Data><Data Name='param6'></Data><Data Name='param7'>THEDREAM\Alex Tankersley</Data></EventData><RenderingInfo Culture='en-US'><Message>The process c:\windows\SysWOW64\shutdown.exe (THEDREAM) has initiated the restart of computer THEDREAM on behalf of user THEDREAM\Alex Tankersley for the following reason: Hardware: Installation (Unplanned)
  69.  Reason Code: 0x10002
  70.  Shutdown Type: restart
  71.  Comment: </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>User32</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='disk'/><EventID Qualifiers='32772'>32</EventID><Level>3</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:46.623427200Z'/><EventRecordID>9673</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data>\Device\Harddisk2\DR2</Data><Binary>0F00100001000000000000002000048001000000100000C00000000000000000000000000000000004000000000000000000000001000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The driver detected that the device \Device\Harddisk2\DR2 has its write cache enabled. Data corruption may occur.</Message><Level>Warning</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-UserModePowerService' Guid='{CE8DEE0B-D539-4000-B0F8-77BED049C590}'/><EventID>12</EventID><Version>0</Version><Level>4</Level><Task>10</Task><Opcode>0</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:46.486623300Z'/><EventRecordID>9672</EventRecordID><Correlation/><Execution ProcessID='792' ThreadID='4080'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='ProcessPath'>C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe</Data><Data Name='ProcessPid'>4780</Data><Data Name='OldSchemeGuid'>{9F29F05B-5873-4FE4-81DF-86782191C234}</Data><Data Name='NewSchemeGuid'>{9F29F05B-5873-4FE4-81DF-86782191C234}</Data></EventData><RenderingInfo Culture='en-US'><Message>Process C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (process ID:4780) reset policy scheme from {9F29F05B-5873-4FE4-81DF-86782191C234} to {9F29F05B-5873-4FE4-81DF-86782191C234}</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Virtual Disk Service'/><EventID Qualifiers='16896'>3</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:25.878357100Z'/><EventRecordID>9671</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data>@2010005</Data></EventData><RenderingInfo Culture='en-US'><Message>Service started.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:10.161357600Z'/><EventRecordID>9670</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='740'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>MagicianSataModeReader</Data><Data Name='ImagePath'>C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  72.  
  73. Service Name:  MagicianSataModeReader
  74. Service File Name:  C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys
  75. Service Type:  kernel mode driver
  76. Service Start Type:  demand start
  77. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:37:07.271004700Z'/><EventRecordID>9669</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='756'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>MagicianSataModeReader</Data><Data Name='ImagePath'>C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  78.  
  79. Service Name:  MagicianSataModeReader
  80. Service File Name:  C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys
  81. Service Type:  kernel mode driver
  82. Service Start Type:  demand start
  83. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:28:57.969102600Z'/><EventRecordID>9668</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='740'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>cpuz139</Data><Data Name='ImagePath'>C:\Users\ALEXTA~1\AppData\Local\Temp\\cpuz139\cpuz139_x64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  84.  
  85. Service Name:  cpuz139
  86. Service File Name:  C:\Users\ALEXTA~1\AppData\Local\Temp\\cpuz139\cpuz139_x64.sys
  87. Service Type:  kernel mode driver
  88. Service Start Type:  demand start
  89. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Eventlog' Guid='{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}'/><EventID>104</EventID><Version>0</Version><Level>4</Level><Task>104</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:22:42.219922700Z'/><EventRecordID>9667</EventRecordID><Correlation/><Execution ProcessID='1372' ThreadID='1484'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><UserData><LogFileCleared xmlns='http://manifests.microsoft.com/win/2004/08/windows/eventlog'><SubjectUserName>Alex Tankersley</SubjectUserName><SubjectDomainName>THEDREAM</SubjectDomainName><Channel>GoProDesktopApp</Channel><BackupPath></BackupPath></LogFileCleared></UserData><RenderingInfo Culture='en-US'><Message>The GoProDesktopApp log file was cleared.</Message><Level>Information</Level><Task>Log clear</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Eventlog</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:22:13.862363000Z'/><EventRecordID>9666</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='1956'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>MagicianSataModeReader</Data><Data Name='ImagePath'>C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  90.  
  91. Service Name:  MagicianSataModeReader
  92. Service File Name:  C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys
  93. Service Type:  kernel mode driver
  94. Service Start Type:  demand start
  95. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7045</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:22:09.329180800Z'/><EventRecordID>9665</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='1956'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='ServiceName'>MagicianSataModeReader</Data><Data Name='ImagePath'>C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys</Data><Data Name='ServiceType'>kernel mode driver</Data><Data Name='StartType'>demand start</Data><Data Name='AccountName'></Data></EventData><RenderingInfo Culture='en-US'><Message>A service was installed in the system.
  96.  
  97. Service Name:  MagicianSataModeReader
  98. Service File Name:  C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys
  99. Service Type:  kernel mode driver
  100. Service Start Type:  demand start
  101. Service Account:  </Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DistributedCOM' Guid='{1B562E86-B7AA-4131-BADC-B6F3A001407E}' EventSourceName='DCOM'/><EventID Qualifiers='0'>10016</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:22:00.814472100Z'/><EventRecordID>9664</EventRecordID><Correlation/><Execution ProcessID='856' ThreadID='2836'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='param1'>machine-default</Data><Data Name='param2'>Local</Data><Data Name='param3'>Activation</Data><Data Name='param4'>{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data><Data Name='param5'>{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data><Data Name='param6'>THEDREAM</Data><Data Name='param7'>Alex Tankersley</Data><Data Name='param8'>S-1-5-21-113487287-4014917537-3712483742-1001</Data><Data Name='param9'>LocalHost (Using LRPC)</Data><Data Name='param10'>Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy</Data><Data Name='param11'>S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795</Data></EventData><RenderingInfo Culture='en-US'><Message>The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  102. {C2F03A33-21F5-47FA-B4BB-156362A2F239}
  103.  and APPID
  104. {316CDED5-E4AE-4B15-9113-7055D84DCC97}
  105.  to the user THEDREAM\Alex Tankersley SID (S-1-5-21-113487287-4014917537-3712483742-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795). This security permission can be modified using the Component Services administrative tool.</Message><Level>Error</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider>Microsoft-Windows-DistributedCOM</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Winlogon' Guid='{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}'/><EventID>7001</EventID><Version>0</Version><Level>4</Level><Task>1101</Task><Opcode>0</Opcode><Keywords>0x2000200000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:27.597649200Z'/><EventRecordID>9663</EventRecordID><Correlation/><Execution ProcessID='724' ThreadID='948'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='TSId'>1</Data><Data Name='UserSid'>S-1-5-21-113487287-4014917537-3712483742-1001</Data></EventData><RenderingInfo Culture='en-US'><Message>User Logon Notification for Customer Experience Improvement Program</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Winlogon</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='49152'>7026</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:20.072947600Z'/><EventRecordID>9662</EventRecordID><Correlation/><Execution ProcessID='640' ThreadID='644'/><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data Name='param1'>
  106. dam
  107. VBoxNetAdp</Data></EventData><RenderingInfo Culture='en-US'><Message>The following boot-start or system-start driver(s) did not load:
  108. dam
  109. VBoxNetAdp</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DHCPv6-Client' Guid='{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}'/><EventID>51046</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>62</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.621191700Z'/><EventRecordID>9661</EventRecordID><Correlation/><Execution ProcessID='1372' ThreadID='1728'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-19'/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>DHCPv6 client service is started</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStart</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DHCPv6-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Dhcp-Client' Guid='{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}'/><EventID>50036</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>68</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.612905500Z'/><EventRecordID>9660</EventRecordID><Correlation/><Execution ProcessID='1372' ThreadID='1700'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-19'/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>DHCPv4 client service is started</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStart</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Dhcp-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.463450000Z'/><EventRecordID>9659</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='32'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>10</Data><Data Name='DeviceName'>storqosflt</Data><Data Name='DeviceTime'>2015-10-29T22:37:39.000000000Z</Data><Data Name='ExtraInfoLength'>203</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000000" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Quota Management" , "instances" : [["244000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0009-0000-43D8-5A1458C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'storqosflt' (10.0, ‎2015‎-‎10‎-‎29T22:37:39.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.460788400Z'/><EventRecordID>9658</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='32'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>5</Data><Data Name='DeviceName'>luafv</Data><Data Name='DeviceTime'>2015-10-29T22:34:43.000000000Z</Data><Data Name='ExtraInfoLength'>201</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "instances" : [["135000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0008-0000-EF62-5A1458C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'luafv' (10.0, ‎2015‎-‎10‎-‎29T22:34:43.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.880999200Z'/><EventRecordID>9657</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='172'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>\\?\Volume{fd10a08c-0000-0000-0000-c0af68000000}</Data><Data Name='DeviceName'>\Device\HarddiskVolume5</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume \\?\Volume{fd10a08c-0000-0000-0000-c0af68000000} (\Device\HarddiskVolume5) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.867816500Z'/><EventRecordID>9656</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>\\?\Volume{fd10a08c-0000-0000-0000-100000000000}</Data><Data Name='DeviceName'>\Device\HarddiskVolume3</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume \\?\Volume{fd10a08c-0000-0000-0000-100000000000} (\Device\HarddiskVolume3) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.762397300Z'/><EventRecordID>9655</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='212'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>E:</Data><Data Name='DeviceName'>\Device\HarddiskVolume2</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume E: (\Device\HarddiskVolume2) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.525989700Z'/><EventRecordID>9654</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>3</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 3 in group 0 exposes the following power management capabilities:
  110.  
  111. Idle state type: ACPI Idle (C) States (2 state(s))
  112.  
  113. Performance state type: ACPI Performance (P) / Throttle (T) States
  114. Nominal Frequency (MHz): 3401
  115. Maximum performance percentage: 100
  116. Minimum performance percentage: 23
  117. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.525550800Z'/><EventRecordID>9653</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>2</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 2 in group 0 exposes the following power management capabilities:
  118.  
  119. Idle state type: ACPI Idle (C) States (2 state(s))
  120.  
  121. Performance state type: ACPI Performance (P) / Throttle (T) States
  122. Nominal Frequency (MHz): 3401
  123. Maximum performance percentage: 100
  124. Minimum performance percentage: 23
  125. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.525172700Z'/><EventRecordID>9652</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>1</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 1 in group 0 exposes the following power management capabilities:
  126.  
  127. Idle state type: ACPI Idle (C) States (2 state(s))
  128.  
  129. Performance state type: ACPI Performance (P) / Throttle (T) States
  130. Nominal Frequency (MHz): 3401
  131. Maximum performance percentage: 100
  132. Minimum performance percentage: 23
  133. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.522433900Z'/><EventRecordID>9651</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>0</Data><Data Name='IdleStateCount'>2</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>3401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>23</Data><Data Name='MinimumThrottlePercent'>23</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 0 in group 0 exposes the following power management capabilities:
  134.  
  135. Idle state type: ACPI Idle (C) States (2 state(s))
  136.  
  137. Performance state type: ACPI Performance (P) / Throttle (T) States
  138. Nominal Frequency (MHz): 3401
  139. Maximum performance percentage: 100
  140. Minimum performance percentage: 23
  141. Minimum throttle percentage: 23</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.221930000Z'/><EventRecordID>9650</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='172'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>D:</Data><Data Name='DeviceName'>\Device\HarddiskVolume1</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume D: (\Device\HarddiskVolume1) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='MEIx64'/><EventID Qualifiers='16391'>2</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:16.066564400Z'/><EventRecordID>9649</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data></Data><Binary>00000000010000000000000002000740000000000000000000000000000000000000000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>Intel(R) Management Engine Interface driver has started successfully.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-PnP' Guid='{9C205A39-1250-487D-ABD7-E831C6290539}'/><EventID>219</EventID><Version>0</Version><Level>3</Level><Task>212</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.889283700Z'/><EventRecordID>9648</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriverNameLength'>13</Data><Data Name='DriverName'>ROOT\WPD\0000</Data><Data Name='Status'>3221226341</Data><Data Name='FailureNameLength'>14</Data><Data Name='FailureName'>\Driver\WudfRd</Data><Data Name='Version'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The driver \Driver\WudfRd failed to load for the device ROOT\WPD\0000.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-PnP</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DriverFrameworks-UserMode' Guid='{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}'/><EventID>10114</EventID><Version>1</Version><Level>4</Level><Task>101</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.889202900Z'/><EventRecordID>9647</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='224'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><UserData><UMDFReflectorDependencyMissing xmlns='http://www.microsoft.com/DriverFrameworks/UserMode/Event'><Dependency>WUDFPf</Dependency></UMDFReflectorDependencyMissing></UserData><RenderingInfo Culture='en-US'><Message>WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.</Message><Level>Information</Level><Task>Startup of the UMDF reflector</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DriverFrameworks-UserMode</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Power' Guid='{331C3B3A-2005-44C2-AC5E-77220C37D6B4}'/><EventID>41</EventID><Version>3</Version><Level>1</Level><Task>63</Task><Opcode>0</Opcode><Keywords>0x8000400000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.773686600Z'/><EventRecordID>9646</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BugcheckCode'>0</Data><Data Name='BugcheckParameter1'>0x0</Data><Data Name='BugcheckParameter2'>0x0</Data><Data Name='BugcheckParameter3'>0x0</Data><Data Name='BugcheckParameter4'>0x0</Data><Data Name='SleepInProgress'>0</Data><Data Name='PowerButtonTimestamp'>0</Data><Data Name='BootAppStatus'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.</Message><Level>Critical</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.759490800Z'/><EventRecordID>9645</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>9</Data><Data Name='DeviceName'>npsvctrig</Data><Data Name='DeviceTime'>2015-10-29T22:40:23.000000000Z</Data><Data Name='ExtraInfoLength'>183</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000008" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "(null)" , "instances" : [["46000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0007-0000-8EE6-241258C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'npsvctrig' (10.0, ‎2015‎-‎10‎-‎29T22:40:23.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.709538000Z'/><EventRecordID>9644</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>9</Data><Data Name='DeviceName'>FileCrypt</Data><Data Name='DeviceTime'>2016-04-23T00:29:32.000000000Z</Data><Data Name='ExtraInfoLength'>197</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000000" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Encryption" , "instances" : [["141100","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0006-0000-70BF-1D1258C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'FileCrypt' (10.0, ‎2016‎-‎04‎-‎23T00:29:32.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.660958200Z'/><EventRecordID>9643</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='228'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>C:</Data><Data Name='DeviceName'>\Device\HarddiskVolume4</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume C: (\Device\HarddiskVolume4) is healthy.  No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.265610500Z'/><EventRecordID>9642</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>6</Data><Data Name='DeviceVersionMinor'>1</Data><Data Name='DeviceNameLength'>18</Data><Data Name='DeviceName'>SamsungRapidFSFltr</Data><Data Name='DeviceTime'>2015-09-04T02:36:14.000000000Z</Data><Data Name='ExtraInfoLength'>203</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000202" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Activity Monitor" , "instances" : [["388980","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0004-0000-869A-D81158C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'SamsungRapidFSFltr' (6.1, ‎2015‎-‎09‎-‎04T02:36:14.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.265146600Z'/><EventRecordID>9641</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>8</Data><Data Name='DeviceName'>WdFilter</Data><Data Name='DeviceTime'>2015-10-29T22:34:35.000000000Z</Data><Data Name='ExtraInfoLength'>196</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : true , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Anti-Virus" , "instances" : [["328010","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0003-0000-869A-D81158C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'WdFilter' (10.0, ‎2015‎-‎10‎-‎29T22:34:35.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.264736000Z'/><EventRecordID>9640</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>3</Data><Data Name='DeviceName'>Wof</Data><Data Name='DeviceTime'>2015-10-29T22:38:16.000000000Z</Data><Data Name='ExtraInfoLength'>196</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : true , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Compression" , "instances" : [["40700","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0002-0000-869A-D81158C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'Wof' (10.0, ‎2015‎-‎10‎-‎29T22:38:16.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:15.264402500Z'/><EventRecordID>9639</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>8</Data><Data Name='DeviceName'>FileInfo</Data><Data Name='DeviceTime'>2015-10-29T22:37:17.000000000Z</Data><Data Name='ExtraInfoLength'>192</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Bottom" , "instances" : [["45000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0001-0000-869A-D81158C8D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'FileInfo' (10.0, ‎2015‎-‎10‎-‎29T22:37:17.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>30</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:14.585773400Z'/><EventRecordID>9638</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='ResetEndStart'>0</Data><Data Name='LoadOSImageStart'>0</Data><Data Name='StartOSImageStart'>6139</Data><Data Name='ExitBootServicesEntry'>0</Data><Data Name='ExitBootServicesExit'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The firmware reported boot metrics.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>32</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:14.585744700Z'/><EventRecordID>9637</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BitlockerUserInputTime'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The bootmgr spent 0 ms waiting for user input.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>18</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:14.585727600Z'/><EventRecordID>9636</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='EntryCount'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>There are 0x1 boot options on this system.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>25</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:14.585692300Z'/><EventRecordID>9635</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BootMenuPolicy'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>The boot menu policy was 0x1.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>27</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:14.585692000Z'/><EventRecordID>9634</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='BootType'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The boot type was 0x0.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>20</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:14.585655900Z'/><EventRecordID>9633</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='LastShutdownGood'>false</Data><Data Name='LastBootGood'>true</Data></EventData><RenderingInfo Culture='en-US'><Message>The last shutdown's success status was false. The last boot's success status was true.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Lfsvc'/><EventID Qualifiers='0'>1</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.533108900Z'/><EventRecordID>9632</EventRecordID><Channel>System</Channel><Computer>THEDREAM</Computer><Security/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>Geolocation positioning is enabled.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6013</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.508077800Z'/><EventRecordID>9631</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data></Data><Data></Data><Data></Data><Data></Data><Data>5</Data><Data>60</Data><Data>300 Eastern Standard Time</Data><Binary>31002E003100000030000000570069006E0064006F00770073002000310030002000500072006F000000310030002E0030002E003100300035003800360020004200750069006C0064002000310030003500380036002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000310030003500380036002E007400680032005F00720065006C0065006100730065005F007300650063002E003100360030003500320037002D00310038003300340000003500370031003800360034003200320000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003400000038003100310032000000340030003900000054006800650044007200650061006D0000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The system uptime is 5 seconds.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6005</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.507076400Z'/><EventRecordID>9630</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Binary>E007060005001100050015001300FB010000000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The Event log service was started.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6009</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.507076400Z'/><EventRecordID>9629</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data>10.00.</Data><Data>10586</Data><Data></Data><Data>Multiprocessor Free</Data><Data>16384</Data></EventData><RenderingInfo Culture='en-US'><Message>Microsoft (R) Windows (R) 10.00. 10586  Multiprocessor Free.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='EventLog'/><EventID Qualifiers='32768'>6008</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:19.506075000Z'/><EventRecordID>9628</EventRecordID><Channel>System</Channel><Computer>TheDream</Computer><Security/></System><EventData><Data>1:20:09 AM</Data><Data>‎6/‎17/‎2016</Data><Data></Data><Data></Data><Data>5524</Data><Data></Data><Data></Data><Binary>E007060005001100010014000900EA00E007060005001100050014000900EA003C0000003C000000000000000000000000000000000000000100000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The previous system shutdown at 1:20:09 AM on ‎6/‎17/‎2016 was unexpected.</Message><Level>Error</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-General' Guid='{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}'/><EventID>12</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:21:14.585571800Z'/><EventRecordID>9627</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='MajorVersion'>10</Data><Data Name='MinorVersion'>0</Data><Data Name='BuildVersion'>10586</Data><Data Name='QfeVersion'>16384</Data><Data Name='ServiceVersion'>0</Data><Data Name='BootMode'>0</Data><Data Name='StartTime'>2016-06-17T05:21:14.494186300Z</Data></EventData><RenderingInfo Culture='en-US'><Message>The operating system started at system time ‎2016‎-‎06‎-‎17T05:21:14.494186300Z.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-General</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-General' Guid='{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}'/><EventID>16</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T05:16:01.287243900Z'/><EventRecordID>9626</EventRecordID><Correlation/><Execution ProcessID='4824' ThreadID='6720'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><EventData><Data Name='HiveNameLength'>128</Data><Data Name='HiveName'>\??\C:\Users\Alex Tankersley\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat</Data><Data Name='KeysUpdated'>111</Data><Data Name='DirtyPages'>17</Data></EventData><RenderingInfo Culture='en-US'><Message>The access history in hive \??\C:\Users\Alex Tankersley\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat was cleared updating 111 keys and creating 17 modified pages.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-General</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Eventlog' Guid='{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}'/><EventID>104</EventID><Version>0</Version><Level>4</Level><Task>104</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T04:08:37.641440600Z'/><EventRecordID>9625</EventRecordID><Correlation/><Execution ProcessID='1360' ThreadID='1500'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><UserData><LogFileCleared xmlns='http://manifests.microsoft.com/win/2004/08/windows/eventlog'><SubjectUserName>Alex Tankersley</SubjectUserName><SubjectDomainName>THEDREAM</SubjectDomainName><Channel>Application</Channel><BackupPath></BackupPath></LogFileCleared></UserData><RenderingInfo Culture='en-US'><Message>The Application log file was cleared.</Message><Level>Information</Level><Task>Log clear</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Eventlog</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Eventlog' Guid='{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}'/><EventID>104</EventID><Version>0</Version><Level>4</Level><Task>104</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T04:08:34.131742200Z'/><EventRecordID>9624</EventRecordID><Correlation/><Execution ProcessID='1360' ThreadID='1496'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><UserData><LogFileCleared xmlns='http://manifests.microsoft.com/win/2004/08/windows/eventlog'><SubjectUserName>Alex Tankersley</SubjectUserName><SubjectDomainName>THEDREAM</SubjectDomainName><Channel>Setup</Channel><BackupPath></BackupPath></LogFileCleared></UserData><RenderingInfo Culture='en-US'><Message>The Setup log file was cleared.</Message><Level>Information</Level><Task>Log clear</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Eventlog</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Eventlog' Guid='{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}'/><EventID>104</EventID><Version>0</Version><Level>4</Level><Task>104</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T04:08:23.015943600Z'/><EventRecordID>9623</EventRecordID><Correlation/><Execution ProcessID='1360' ThreadID='1496'/><Channel>System</Channel><Computer>TheDream</Computer><Security UserID='S-1-5-21-113487287-4014917537-3712483742-1001'/></System><UserData><LogFileCleared xmlns='http://manifests.microsoft.com/win/2004/08/windows/eventlog'><SubjectUserName>Alex Tankersley</SubjectUserName><SubjectDomainName>THEDREAM</SubjectDomainName><Channel>System</Channel><BackupPath></BackupPath></LogFileCleared></UserData><RenderingInfo Culture='en-US'><Message>The System log file was cleared.</Message><Level>Information</Level><Task>Log clear</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Eventlog</Provider><Keywords></Keywords></RenderingInfo></Event></Events>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!