API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 16th, 2018
2,235
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 486.13 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Previous Log Processing Stats: "
  3. Information 8/9/2018 6:29:28 AM ESENT 300 Logging/Recovery svchost (4812,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  4. Information 8/9/2018 6:29:28 AM ESENT 916 General svchost (4812,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  5. Information 8/9/2018 6:29:28 AM ESENT 102 General svchost (4812,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  6. Information 8/9/2018 6:29:27 AM ESENT 916 General svchost (3420,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  7. Information 8/9/2018 6:29:26 AM ESENT 916 General svchost (5912,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  8. Information 8/9/2018 6:03:47 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  9. Information 8/9/2018 6:03:47 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  10. Information 8/9/2018 6:02:59 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  11. Information 8/9/2018 6:00:32 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-16T13:00:32Z. Reason: RulesEngine.
  12. Information 8/9/2018 5:59:59 AM ESENT 916 General svchost (3960,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  13. Information 8/9/2018 5:59:58 AM System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs -p; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore.
  14. Information 8/9/2018 5:59:54 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  15. Information 8/9/2018 5:55:15 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  16. Information 8/9/2018 5:54:31 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  17. "
  18. Information 8/9/2018 5:54:31 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-16T12:54:31Z. Reason: RulesEngine.
  19. Information 8/9/2018 5:54:03 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  20. Information 8/9/2018 5:54:03 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  21. Information 8/9/2018 5:54:01 AM SecurityCenter 1 None The Windows Security Center Service has started.
  22. Information 8/9/2018 5:54:01 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  23. 10.0.17134.112"
  24. Information 8/9/2018 5:54:01 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  25. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  26. Licensing Status=
  27. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  28. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  29. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  30. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  31. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  32. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  33. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  34. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  35. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  36. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  37. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  38. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  39. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  40. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  41. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  42. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  43. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  44. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  45. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  46. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  47. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  48. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  49. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  50. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  51. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  52. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  53. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  54. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  55. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  56. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  57. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  58. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  59. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  60. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  61. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  62. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  63. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  64. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  65. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  66. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  67. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  68. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  69. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  70. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  71. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  72. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  73.  
  74. "
  75. Information 8/9/2018 5:54:00 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  76. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  77. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  78. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  79. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  80. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  81. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  82. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  83. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  84. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  85. "
  86. Information 8/9/2018 5:54:00 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  87. Information 8/9/2018 5:54:00 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  88. Parameters:<explicit>"
  89. Information 8/9/2018 5:52:20 AM ESENT 916 General DllHost (5980,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  90. Information 8/9/2018 5:52:17 AM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11.
  91. Information 8/9/2018 5:52:17 AM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11.
  92. Information 8/9/2018 5:52:15 AM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11.
  93. Information 8/9/2018 5:52:08 AM ESENT 916 General svchost (7712,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  94. Information 8/9/2018 5:52:03 AM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  95. Information 8/9/2018 5:52:03 AM ESENT 916 General svchost (3960,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  96. Information 8/9/2018 5:51:56 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  97.  
  98. Information 8/9/2018 5:51:55 AM ESENT 326 General "SearchIndexer (6484,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  99.  
  100. Saved Cache: 0 0
  101. Additional Data: lgposAttach = 00000025:001B:0268
  102.  
  103. Internal Timing Sequence:
  104. [1] 0.000002 +J(0)
  105. [2] 0.000798 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  106. [3] 0.006818 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:148K # 0K, P:148K)
  107. [4] 0.000077 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  108. [5] -
  109. [6] -
  110. [7] 0.037838 -0.000358 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:660K # 0K, P:660K)
  111. [8] 0.000522 -0.000388 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:280K # 0K, PF:260K # 132K, P:260K)
  112. [9] 0.000256 -0.000186 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  113. [10] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  114. [11] 0.000027 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  115. [12] 0.0 +J(0)
  116. [13] 0.0 +J(0)
  117. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  118. Information 8/9/2018 5:51:55 AM ESENT 105 General "SearchIndexer (6484,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  119.  
  120. Additional Data:
  121.  
  122.  
  123. Internal Timing Sequence:
  124. [1] 0.005705 +J(0) +M(C:0K, Fs:176, WS:680K # 680K, PF:5084K # 5084K, P:5084K)
  125. [2] 0.000205 +J(0) +M(C:0K, Fs:160, WS:644K # 644K, PF:396K # 396K, P:396K)
  126. [3] 0.000021 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  127. [4] 0.000061 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:228K # 228K, P:228K)
  128. [5] 0.000469 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  129. [6] 0.004252 +J(0) +M(C:0K, Fs:34, WS:132K # 132K, PF:32K # 32K, P:32K)
  130. [7] 0.003872 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  131. [8] -
  132. [9] -
  133. [10] -
  134. [11] -
  135. [12] -
  136. [13] 0.014584 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-1000K # 16K, PF:-1020K # 16K, P:-1020K)
  137. [14] 0.000017 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  138. [15] 0.000037 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  139. [16] 0.000107 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  140. Information 8/9/2018 5:51:55 AM ESENT 916 General SearchIndexer (6484,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  141. Information 8/9/2018 5:51:55 AM ESENT 102 General SearchIndexer (6484,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  142. Information 8/9/2018 5:51:55 AM ESENT 916 General taskhostw (3148,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  143. Information 8/9/2018 5:51:54 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  144. Information 8/9/2018 5:51:54 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  145. Information 8/9/2018 5:51:54 AM ESENT 916 General svchost (3568,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  146. Information 8/9/2018 5:51:53 AM ESENT 916 General svchost (3420,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  147. Information 8/9/2018 5:51:53 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  148.  
  149. "
  150. Information 8/9/2018 5:51:53 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  151. Information 8/9/2018 5:51:53 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  152. Information 8/9/2018 5:51:53 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  153. Information 8/8/2018 10:45:32 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  154.  
  155. "
  156. Information 8/8/2018 10:45:32 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  157.  
  158. DETAIL -
  159. 10 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  160. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  161. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  162. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  163. Process 6452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  164. Process 6452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  165. Process 6452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  166. Process 6452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  167. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  168. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  169. Process 6452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  170. "
  171. Information 8/8/2018 10:45:32 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  172.  
  173. DETAIL -
  174. 29 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  175. Process 744 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  176. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  177. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\CommsAPHost\Test
  178. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  179. Process 4080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  180. Process 7484 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  181. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  182. Process 6452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  183. Process 4312 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  184. Process 3148 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  185. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  186. Process 4080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  187. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Unified Store\HighWaterMarks\C:_Users_Desky_AppData_Local_Comms_UnistoreDB_store.vol
  188. Process 3148 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  189. Process 4312 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  190. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  191. Process 4080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  192. Process 6452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  193. Process 4312 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  194. Process 3148 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  195. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  196. Process 4312 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  197. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  198. Process 3148 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  199. Process 640 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  200. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  201. Process 4312 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  202. Process 1772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  203. Process 3148 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  204. "
  205. Information 8/8/2018 10:45:31 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  206. Information 8/8/2018 10:45:32 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  207. Information 8/8/2018 10:45:31 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  208. Information 8/8/2018 10:45:29 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  209. Information 8/8/2018 10:45:26 PM ESENT 916 General DllHost (7908,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  210. Information 8/8/2018 10:13:46 PM ESENT 916 General svchost (3992,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  211. Information 8/8/2018 10:13:12 PM ESENT 916 General DllHost (7908,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  212. Information 8/8/2018 10:13:12 PM ESENT 916 General svchost (1044,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  213. Information 8/8/2018 10:13:02 PM ESENT 916 General svchost (1772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  214. Information 8/8/2018 4:32:36 PM ESENT 916 General svchost (3148,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  215. Information 8/8/2018 4:31:00 PM ESENT 916 General svchost (3992,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  216. Information 8/8/2018 3:40:07 PM ESENT 916 General svchost (3992,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  217. Information 8/8/2018 3:34:59 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  218. Information 8/8/2018 3:34:02 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-15T22:34:01Z. Reason: RulesEngine.
  219. Information 8/8/2018 3:33:41 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  220. Information 8/8/2018 3:33:41 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  221. Information 8/8/2018 3:33:24 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  222. Information 8/8/2018 3:32:58 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  223. "
  224. Information 8/8/2018 3:32:58 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-15T22:32:58Z. Reason: RulesEngine.
  225. Information 8/8/2018 3:32:30 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  226. Information 8/8/2018 3:32:30 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  227. Information 8/8/2018 3:32:28 PM SecurityCenter 1 None The Windows Security Center Service has started.
  228. Information 8/8/2018 3:32:28 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  229. 10.0.17134.112"
  230. Information 8/8/2018 3:32:28 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  231. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  232. Licensing Status=
  233. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  234. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  235. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  236. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  237. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  238. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  239. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  240. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  241. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  242. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  243. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  244. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  245. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  246. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  247. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  248. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  249. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  250. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  251. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  252. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  253. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  254. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  255. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  256. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  257. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  258. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  259. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  260. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  261. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  262. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  263. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  264. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  265. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  266. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  267. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  268. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  269. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  270. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  271. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  272. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  273. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  274. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  275. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  276. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  277. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  278. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  279.  
  280. "
  281. Information 8/8/2018 3:32:27 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  282. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  283. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  284. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  285. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  286. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  287. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  288. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  289. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  290. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  291. "
  292. Information 8/8/2018 3:32:27 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  293. Information 8/8/2018 3:32:27 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  294. Parameters:<explicit>"
  295. Information 8/8/2018 3:32:12 PM ESENT 916 General svchost (4048,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  296. Information 8/8/2018 3:30:53 PM ESENT 916 General svchost (5100,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  297. Information 8/8/2018 3:30:25 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  298.  
  299. Information 8/8/2018 3:30:25 PM ESENT 326 General "SearchIndexer (6672,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  300.  
  301. Saved Cache: 0 0
  302. Additional Data: lgposAttach = 00000024:00CE:0268
  303.  
  304. Internal Timing Sequence:
  305. [1] 0.000001 +J(0)
  306. [2] 0.000711 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  307. [3] 0.005819 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:120K # 0K, PF:148K # 0K, P:148K)
  308. [4] 0.000179 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  309. [5] -
  310. [6] -
  311. [7] 0.013375 -0.000279 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:660K # 0K, P:660K)
  312. [8] 0.000381 -0.000235 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:280K # 0K, PF:260K # 152K, P:260K)
  313. [9] 0.000291 -0.000219 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  314. [10] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  315. [11] 0.000027 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  316. [12] 0.0 +J(0)
  317. [13] 0.0 +J(0)
  318. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  319. Information 8/8/2018 3:30:25 PM ESENT 105 General "SearchIndexer (6672,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  320.  
  321. Additional Data:
  322.  
  323.  
  324. Internal Timing Sequence:
  325. [1] 0.000493 +J(0) +M(C:0K, Fs:174, WS:676K # 676K, PF:5084K # 5084K, P:5084K)
  326. [2] 0.000196 +J(0) +M(C:0K, Fs:162, WS:648K # 648K, PF:400K # 400K, P:400K)
  327. [3] 0.000016 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  328. [4] 0.000063 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:228K # 228K, P:228K)
  329. [5] 0.000451 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  330. [6] 0.462992 +J(0) +M(C:0K, Fs:189, WS:740K # 740K, PF:184K # 192K, P:184K)
  331. [7] 0.003337 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1016K, P:1024K)
  332. [8] -
  333. [9] -
  334. [10] -
  335. [11] -
  336. [12] -
  337. [13] 0.010307 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1020K # 12K, P:-1020K)
  338. [14] 0.000016 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:4K # 0K, P:4K)
  339. [15] 0.000033 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  340. [16] 0.000253 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  341. Information 8/8/2018 3:30:25 PM ESENT 916 General SearchIndexer (6672,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  342. Information 8/8/2018 3:30:24 PM ESENT 102 General SearchIndexer (6672,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  343. Information 8/8/2018 3:30:24 PM ESENT 916 General taskhostw (3732,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  344. Information 8/8/2018 3:30:23 PM ESENT 916 General svchost (3992,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  345. Information 8/8/2018 3:30:23 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  346. Information 8/8/2018 3:30:22 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  347. Information 8/8/2018 3:30:22 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  348.  
  349. "
  350. Information 8/8/2018 3:30:22 PM ESENT 916 General svchost (3148,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  351. Information 8/8/2018 3:30:22 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  352. Information 8/8/2018 3:30:22 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  353. Information 8/8/2018 3:30:22 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  354. Information 8/8/2018 7:34:18 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  355.  
  356. "
  357. Information 8/8/2018 7:34:18 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  358.  
  359. DETAIL -
  360. 9 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  361. Process 1812 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  362. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  363. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  364. Process 3844 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  365. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  366. Process 3844 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  367. Process 3844 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  368. Process 8332 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  369. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  370. "
  371. Information 8/8/2018 7:34:18 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  372. Information 8/8/2018 7:34:18 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  373. Information 8/8/2018 7:33:34 AM ESENT 916 General taskhostw (6252,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  374. Information 8/8/2018 7:33:33 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  375. Information 8/8/2018 7:33:33 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  376. Information 8/8/2018 7:33:31 AM Windows Error Reporting 1001 None "Fault bucket , type 0
  377. Event Name: LiveKernelEvent
  378. Response: Not available
  379. Cab Id: 0
  380.  
  381. Problem signature:
  382. P1: ab
  383. P2: 1
  384. P3: 90
  385. P4: 0
  386. P5: 3
  387. P6: 10_0_17134
  388. P7: 0_0
  389. P8: 256_1
  390. P9:
  391. P10:
  392.  
  393. Attached files:
  394. \\?\C:\Windows\LiveKernelReports\win32k.sys\win32k.sys-20180808-0733.dmp
  395. \\?\C:\Windows\TEMP\WER-53647453-0.sysdata.xml
  396. \\?\C:\Windows\LiveKernelReports\win32k.sys-20180808-0733.dmp
  397. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA250.tmp.WERInternalMetadata.xml
  398. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA260.tmp.xml
  399. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA25F.tmp.csv
  400. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA270.tmp.txt
  401.  
  402. These files may be available here:
  403. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_ab_c9f1d6507faba152f649db9a15806ab677dc335a_00000000_cab_20cea453
  404.  
  405. Analysis symbol:
  406. Rechecking for solution: 0
  407. Report Id: c8242860-2ad5-417f-9cce-4e4b54ee5f9f
  408. Report Status: 2049
  409. Hashed bucket:
  410. Cab Guid: 0"
  411. Information 8/8/2018 7:33:31 AM Windows Error Reporting 1001 None "Fault bucket , type 0
  412. Event Name: LiveKernelEvent
  413. Response: Not available
  414. Cab Id: 0
  415.  
  416. Problem signature:
  417. P1: ab
  418. P2: 1
  419. P3: 90
  420. P4: 0
  421. P5: 3
  422. P6: 10_0_17134
  423. P7: 0_0
  424. P8: 256_1
  425. P9:
  426. P10:
  427.  
  428. Attached files:
  429. \\?\C:\Windows\LiveKernelReports\win32k.sys\win32k.sys-20180808-0733.dmp
  430. \\?\C:\Windows\TEMP\WER-53647453-0.sysdata.xml
  431. \\?\C:\Windows\LiveKernelReports\win32k.sys-20180808-0733.dmp
  432. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA250.tmp.WERInternalMetadata.xml
  433. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA260.tmp.xml
  434. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA25F.tmp.csv
  435. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA270.tmp.txt
  436.  
  437. These files may be available here:
  438. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_ab_c9f1d6507faba152f649db9a15806ab677dc335a_00000000_0876a26f
  439.  
  440. Analysis symbol:
  441. Rechecking for solution: 0
  442. Report Id: c8242860-2ad5-417f-9cce-4e4b54ee5f9f
  443. Report Status: 4
  444. Hashed bucket:
  445. Cab Guid: 0"
  446. Information 8/7/2018 10:43:17 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  447.  
  448. DETAIL -
  449. 10 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  450. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  451. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  452. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  453. Process 10116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  454. Process 10116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  455. Process 10116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  456. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  457. Process 10116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  458. Process 10116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  459. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  460. "
  461. Information 8/7/2018 10:43:17 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  462.  
  463. DETAIL -
  464. 29 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  465. Process 732 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  466. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  467. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\CommsAPHost\Test
  468. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  469. Process 3844 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  470. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  471. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  472. Process 10116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  473. Process 4984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  474. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  475. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  476. Process 3844 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  477. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Unified Store\HighWaterMarks\C:_Users_Desky_AppData_Local_Comms_UnistoreDB_store.vol
  478. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  479. Process 4984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  480. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  481. Process 3844 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  482. Process 10116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  483. Process 4984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  484. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  485. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  486. Process 4984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  487. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  488. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  489. Process 628 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  490. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  491. Process 4984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  492. Process 8260 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  493. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  494. "
  495. Information 8/7/2018 10:43:17 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  496. Information 8/7/2018 10:43:17 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  497. Information 8/7/2018 10:43:17 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  498. Information 8/7/2018 10:43:15 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  499. Information 8/7/2018 10:43:13 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  500. Information 8/7/2018 10:43:13 PM Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port.
  501. Information 8/7/2018 10:43:09 PM ESENT 916 General DllHost (3300,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  502. Information 8/7/2018 10:15:47 PM ESENT 916 General DllHost (3300,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  503. Information 8/7/2018 10:15:47 PM ESENT 916 General svchost (9404,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  504. Information 8/7/2018 10:04:21 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  505. Information 8/7/2018 10:03:43 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  506. Information 8/7/2018 10:02:43 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  507. Information 8/7/2018 10:02:43 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  508. Information 8/7/2018 10:01:23 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  509. Information 8/7/2018 10:01:23 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  510. Information 8/7/2018 10:01:21 PM ESENT 326 General "svchost (3464,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  511.  
  512. Saved Cache: 1 0
  513. Additional Data: lgposAttach = 00000004:0006:0268
  514.  
  515. Internal Timing Sequence:
  516. [1] 0.000002 +J(0)
  517. [2] 0.000642 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  518. [3] 0.004275 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K)
  519. [4] 0.000623 +J(0)
  520. [5] -
  521. [6] -
  522. [7] 0.000450 -0.000364 (1) CM +J(CM:1, PgRf:2, Rd:4/0, Dy:0/0, Lg:0/0) +M(C:8K, Fs:4, WS:16K # 0K, PF:8K # 0K, P:8K)
  523. [8] 0.001220 -0.001011 (6) CM +J(CM:6, PgRf:23, Rd:0/6, Dy:0/0, Lg:0/0) +M(C:0K, Fs:31, WS:124K # 112K, PF:196K # 176K, P:196K)
  524. [9] 0.000581 -0.000465 (4) CM +J(CM:4, PgRf:40, Rd:0/4, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:64K # 64K, P:64K)
  525. [10] 0.000149 -0.000117 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  526. [11] 0.000065 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  527. [12] 0.0 +J(0)
  528. [13] 0.0 +J(0)
  529. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  530. Information 8/7/2018 10:01:21 PM ESENT 105 General "svchost (3464,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  531.  
  532. Additional Data:
  533. lgposV2[] = 00000004:0001:0000 - 00000004:0004:0000 - 00000000:0000:0000 - 00000004:0004:0000 (00000000:0000:0000)
  534. cReInits = 1
  535.  
  536.  
  537. Internal Timing Sequence:
  538. [1] 0.000369 +J(0) +M(C:0K, Fs:131, WS:516K # 516K, PF:2460K # 2460K, P:2460K)
  539. [2] 0.000169 +J(0) +M(C:8K, Fs:100, WS:392K # 392K, PF:1160K # 1160K, P:1160K)
  540. [3] 0.000009 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K)
  541. [4] 0.000074 +J(0) +M(C:0K, Fs:49, WS:196K # 196K, PF:168K # 168K, P:168K)
  542. [5] 0.000554 +J(0) +M(C:0K, Fs:48, WS:192K # 192K, PF:16K # 16K, P:16K)
  543. [6] 0.007106 +J(0) +M(C:0K, Fs:36, WS:140K # 140K, PF:32K # 32K, P:32K)
  544. [7] 0.003766 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:64K # 64K, P:64K)
  545. [8] 0.016585 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:12168/7) +M(C:0K, Fs:126, WS:356K # 356K, PF:252K # 256K, P:252K)
  546. [9] -
  547. [10] 0.000545 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K)
  548. [11] 0.000015 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  549. [12] 0.001000 +J(0) +M(C:0K, Fs:22, WS:84K # 36K, PF:68K # 4K, P:68K)
  550. [13] 0.021793 -0.000216 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:57, WS:108K # 172K, PF:160K # 228K, P:160K)
  551. [14] 0.000014 +J(0)
  552. [15] 0.000007 +J(0)
  553. [16] 0.000840 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  554. Information 8/7/2018 10:01:21 PM ESENT 302 Logging/Recovery svchost (3464,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  555. Information 8/7/2018 10:01:21 PM ESENT 301 Logging/Recovery "svchost (3464,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  556.  
  557. Previous Log Processing Stats: "
  558. Information 8/7/2018 10:01:21 PM ESENT 300 Logging/Recovery svchost (3464,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  559. Information 8/7/2018 10:01:21 PM ESENT 916 General svchost (3464,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  560. Information 8/7/2018 10:01:21 PM ESENT 102 General svchost (3464,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  561. Information 8/7/2018 10:01:21 PM ESENT 916 General svchost (3268,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  562. Information 8/7/2018 9:44:00 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  563. Information 8/7/2018 8:43:02 PM ESENT 916 General svchost (3268,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  564. Information 8/7/2018 8:43:00 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  565. Information 8/7/2018 7:42:00 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  566. Information 8/7/2018 7:18:31 PM Windows Error Reporting 1001 None "Fault bucket 107422991725, type 1
  567. Event Name: APPCRASH
  568. Response: Not available
  569. Cab Id: 0
  570.  
  571. Problem signature:
  572. P1: Borderlands2.exe
  573. P2: 1.0.38.7335
  574. P3: 55809cef
  575. P4: Borderlands2.exe
  576. P5: 1.0.38.7335
  577. P6: 55809cef
  578. P7: c0000005
  579. P8: 008937e9
  580. P9:
  581. P10:
  582.  
  583. Attached files:
  584. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4F6.tmp.dmp
  585. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB611.tmp.WERInternalMetadata.xml
  586. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB621.tmp.xml
  587. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB61F.tmp.csv
  588. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERB630.tmp.txt
  589.  
  590. These files may be available here:
  591. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Borderlands2.exe_9f3e91677c980d86f5fddc3c4edafd2acffa9a1_257e43d6_2009ba17
  592.  
  593. Analysis symbol:
  594. Rechecking for solution: 0
  595. Report Id: b0453a9c-22bd-459c-9df5-cd7b01b625e4
  596. Report Status: 268435456
  597. Hashed bucket: 3c022e2997b0cc2812660d321e59c4fe
  598. Cab Guid: 0"
  599. Error 8/7/2018 7:18:30 PM Application Error 1000 (100) "Faulting application name: Borderlands2.exe, version: 1.0.38.7335, time stamp: 0x55809cef
  600. Faulting module name: Borderlands2.exe, version: 1.0.38.7335, time stamp: 0x55809cef
  601. Exception code: 0xc0000005
  602. Fault offset: 0x008937e9
  603. Faulting process id: 0x21d0
  604. Faulting application start time: 0x01d42ebbe8b54b40
  605. Faulting application path: D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
  606. Faulting module path: D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
  607. Report Id: b0453a9c-22bd-459c-9df5-cd7b01b625e4
  608. Faulting package full name:
  609. Faulting package-relative application ID: "
  610. Information 8/7/2018 6:55:22 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  611. Information 8/7/2018 6:47:30 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  612. Information 8/7/2018 6:44:36 PM Windows Error Reporting 1001 None "Fault bucket 1971847825972909020, type 5
  613. Event Name: WindowsUpdateFailure3
  614. Response: Not available
  615. Cab Id: 0
  616.  
  617. Problem signature:
  618. P1: 10.0.17134.137
  619. P2: 80246013
  620. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  621. P4: Install
  622. P5: 200
  623. P6: 0
  624. P7: 80246013
  625. P8: UpdateOrchestrator
  626. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  627. P10: 0
  628.  
  629. Attached files:
  630. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA4F.tmp.WERInternalMetadata.xml
  631.  
  632. These files may be available here:
  633. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.17134.137_88b9fe744a5cd853a8d3a7cdbbf2954bddb6ca_00000000_0d2aac14
  634.  
  635. Analysis symbol:
  636. Rechecking for solution: 0
  637. Report Id: a58c5b39-4687-456b-b7d4-d7a6634336f9
  638. Report Status: 268435456
  639. Hashed bucket: 7c42021f6b3dc4b29b5d6926823dd3dc
  640. Cab Guid: 0"
  641. Information 8/7/2018 6:44:36 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  642. Event Name: WindowsUpdateFailure3
  643. Response: Not available
  644. Cab Id: 0
  645.  
  646. Problem signature:
  647. P1: 10.0.17134.137
  648. P2: 80246013
  649. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  650. P4: Install
  651. P5: 200
  652. P6: 0
  653. P7: 80246013
  654. P8: UpdateOrchestrator
  655. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  656. P10: 0
  657.  
  658. Attached files:
  659.  
  660. These files may be available here:
  661. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.17134.137_88b9fe744a5cd853a8d3a7cdbbf2954bddb6ca_00000000_2206aa3f
  662.  
  663. Analysis symbol:
  664. Rechecking for solution: 0
  665. Report Id: a58c5b39-4687-456b-b7d4-d7a6634336f9
  666. Report Status: 4
  667. Hashed bucket:
  668. Cab Guid: 0"
  669. Information 8/7/2018 6:44:35 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  670. Event Name: WindowsUpdateFailure3
  671. Response: Not available
  672. Cab Id: 0
  673.  
  674. Problem signature:
  675. P1: 10.0.17134.137
  676. P2: 80246013
  677. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  678. P4: Install
  679. P5: 200
  680. P6: 0
  681. P7: 80246013
  682. P8: UpdateOrchestrator
  683. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  684. P10: 0
  685.  
  686. Attached files:
  687.  
  688. These files may be available here:
  689.  
  690.  
  691. Analysis symbol:
  692. Rechecking for solution: 0
  693. Report Id: a58c5b39-4687-456b-b7d4-d7a6634336f9
  694. Report Status: 1074003968
  695. Hashed bucket:
  696. Cab Guid: 0"
  697. Information 8/7/2018 6:44:30 PM System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs -p; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore.
  698. Information 8/7/2018 6:44:29 PM ESENT 916 General svchost (3268,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  699. Information 8/7/2018 6:42:49 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  700. Information 8/7/2018 6:41:00 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  701. Information 8/7/2018 6:39:51 PM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10.
  702. Information 8/7/2018 6:39:51 PM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10.
  703. Information 8/7/2018 6:39:50 PM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10.
  704. Information 8/7/2018 6:39:38 PM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  705. Information 8/7/2018 6:39:38 PM ESENT 916 General svchost (3860,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  706. Error 8/7/2018 6:23:46 PM Application Hang 1002 (101) "The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
  707. Process ID: 1e00
  708. Start Time: 01d42eb5fcb1a70e
  709. Termination Time: 27
  710. Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
  711. Report Id: b8ebf162-d774-4b3b-80bd-6ae89d5e79a4
  712. Faulting package full name:
  713. Faulting package-relative application ID:
  714. "
  715. Information 8/7/2018 6:23:46 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  716. Event Name: AppHangB1
  717. Response: Not available
  718. Cab Id: 0
  719.  
  720. Problem signature:
  721. P1: javaw.exe
  722. P2: 8.0.51.16
  723. P3: 55763d32
  724. P4: 3ab2
  725. P5: 134217728
  726. P6:
  727. P7:
  728. P8:
  729. P9:
  730. P10:
  731.  
  732. Attached files:
  733. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D8C.tmp.WERInternalMetadata.xml
  734. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D9C.tmp.xml
  735. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D9B.tmp.csv
  736. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8DAC.tmp.txt
  737. \\?\C:\Users\Desky\AppData\Local\Temp\WER9483.tmp.appcompat.txt
  738.  
  739. These files may be available here:
  740. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_javaw.exe_13df6748497e1793822ac23e08e6c147034e4de_e358b7af_1faf976f
  741.  
  742. Analysis symbol:
  743. Rechecking for solution: 0
  744. Report Id: b8ebf162-d774-4b3b-80bd-6ae89d5e79a4
  745. Report Status: 97
  746. Hashed bucket:
  747. Cab Guid: 0"
  748. Information 8/7/2018 6:06:03 PM ESENT 916 General svchost (3268,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  749. Information 8/7/2018 5:40:00 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  750. Information 8/7/2018 4:45:03 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-14T23:45:03Z. Reason: RulesEngine.
  751. Information 8/7/2018 4:44:53 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  752. Information 8/7/2018 4:44:53 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  753. Information 8/7/2018 4:44:32 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  754. Information 8/7/2018 4:44:30 PM ESENT 916 General svchost (8172,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  755. Information 8/7/2018 4:42:06 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  756. "
  757. Information 8/7/2018 4:42:06 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-14T23:42:06Z. Reason: RulesEngine.
  758. Information 8/7/2018 4:41:38 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  759. Information 8/7/2018 4:41:38 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  760. Information 8/7/2018 4:41:36 PM SecurityCenter 1 None The Windows Security Center Service has started.
  761. Information 8/7/2018 4:41:36 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  762. 10.0.17134.112"
  763. Information 8/7/2018 4:41:36 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  764. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  765. Licensing Status=
  766. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  767. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  768. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  769. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  770. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  771. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  772. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  773. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  774. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  775. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  776. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  777. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  778. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  779. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  780. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  781. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  782. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  783. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  784. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  785. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  786. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  787. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  788. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  789. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  790. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  791. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  792. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  793. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  794. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  795. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  796. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  797. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  798. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  799. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  800. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  801. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  802. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  803. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  804. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  805. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  806. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  807. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  808. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  809. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  810. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  811. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  812.  
  813. "
  814. Information 8/7/2018 4:41:36 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  815. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  816. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  817. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  818. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  819. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  820. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  821. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  822. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  823. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  824. "
  825. Information 8/7/2018 4:41:36 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  826. Information 8/7/2018 4:41:36 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  827. Parameters:<explicit>"
  828. Information 8/7/2018 4:39:44 PM ESENT 916 General svchost (3860,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  829. Information 8/7/2018 4:39:37 PM ESENT 916 General svchost (8260,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  830. Information 8/7/2018 4:39:36 PM ESENT 916 General svchost (2788,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  831. Information 8/7/2018 4:39:33 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  832.  
  833. Information 8/7/2018 4:39:33 PM ESENT 326 General "SearchIndexer (6256,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  834.  
  835. Saved Cache: 0 0
  836. Additional Data: lgposAttach = 00000024:0089:0268
  837.  
  838. Internal Timing Sequence:
  839. [1] 0.000002 +J(0)
  840. [2] 0.002858 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  841. [3] 0.007837 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:38, WS:120K # 0K, PF:136K # 0K, P:136K)
  842. [4] 0.001134 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  843. [5] -
  844. [6] -
  845. [7] 0.014231 -0.000267 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:232K # 0K, PF:664K # 0K, P:664K)
  846. [8] 0.000453 -0.000303 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 124K, P:256K)
  847. [9] 0.000433 -0.000353 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  848. [10] 0.000008 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  849. [11] 0.000028 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  850. [12] 0.0 +J(0)
  851. [13] 0.0 +J(0)
  852. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  853. Information 8/7/2018 4:39:33 PM ESENT 105 General "SearchIndexer (6256,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  854.  
  855. Additional Data:
  856.  
  857.  
  858. Internal Timing Sequence:
  859. [1] 0.000503 +J(0) +M(C:0K, Fs:172, WS:668K # 668K, PF:4548K # 4548K, P:4548K)
  860. [2] 0.000173 +J(0) +M(C:0K, Fs:137, WS:548K # 548K, PF:932K # 932K, P:932K)
  861. [3] 0.000017 +J(0) +M(C:0K, Fs:18, WS:68K # 68K, PF:68K # 68K, P:68K)
  862. [4] 0.000079 +J(0) +M(C:0K, Fs:46, WS:184K # 184K, PF:236K # 236K, P:236K)
  863. [5] 0.000585 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  864. [6] 0.589711 +J(0) +M(C:0K, Fs:200, WS:792K # 792K, PF:224K # 232K, P:224K)
  865. [7] 0.006332 +J(0) +M(C:0K, Fs:271, WS:1080K # 1080K, PF:1028K # 1020K, P:1028K)
  866. [8] -
  867. [9] -
  868. [10] -
  869. [11] -
  870. [12] -
  871. [13] 0.020599 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1024K # 12K, P:-1024K)
  872. [14] 0.000014 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  873. [15] 0.000079 +J(0) +M(C:0K, Fs:34, WS:132K # 0K, PF:68K # 0K, P:68K)
  874. [16] 0.000867 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  875. Information 8/7/2018 4:39:33 PM ESENT 916 General SearchIndexer (6256,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  876. Information 8/7/2018 4:39:32 PM ESENT 102 General SearchIndexer (6256,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  877. Information 8/7/2018 4:39:32 PM ESENT 916 General taskhostw (3108,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  878. Information 8/7/2018 4:39:31 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  879. Information 8/7/2018 4:39:31 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  880. Information 8/7/2018 4:39:31 PM ESENT 916 General svchost (4008,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  881. Information 8/7/2018 4:39:31 PM ESENT 916 General svchost (3268,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  882. Information 8/7/2018 4:39:30 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  883.  
  884. "
  885. Information 8/7/2018 4:39:30 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  886. Information 8/7/2018 4:39:30 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  887. Information 8/7/2018 4:39:30 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  888. Information 8/7/2018 6:29:59 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  889.  
  890. "
  891. Information 8/7/2018 6:29:59 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  892.  
  893. DETAIL -
  894. 5 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  895. Process 5596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  896. Process 5596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  897. Process 5596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  898. Process 5596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  899. Process 5596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  900. "
  901. Information 8/7/2018 6:29:59 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  902.  
  903. DETAIL -
  904. 26 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  905. Process 736 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  906. Process 1020 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  907. Process 1020 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  908. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  909. Process 8780 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  910. Process 5596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  911. Process 3280 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  912. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  913. Process 4992 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  914. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  915. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  916. Process 4992 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  917. Process 3280 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  918. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  919. Process 5596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  920. Process 3280 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  921. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  922. Process 4992 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  923. Process 4992 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  924. Process 3280 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  925. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  926. Process 632 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  927. Process 1020 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  928. Process 4992 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  929. Process 3280 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  930. Process 3976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  931. "
  932. Information 8/7/2018 6:29:59 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  933. Information 8/7/2018 6:29:59 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  934. Information 8/7/2018 6:29:56 AM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  935. Information 8/7/2018 6:29:53 AM ESENT 916 General DllHost (8216,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  936. Information 8/7/2018 6:04:24 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-14T13:04:24Z. Reason: RulesEngine.
  937. Information 8/7/2018 6:03:58 AM ESENT 916 General svchost (3280,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  938. Information 8/7/2018 6:03:47 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  939. Information 8/7/2018 6:01:45 AM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  940. Information 8/6/2018 11:49:39 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  941. Information 8/6/2018 11:29:00 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  942. Information 8/6/2018 11:08:58 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  943. Information 8/6/2018 10:38:36 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  944. Information 8/6/2018 10:28:00 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  945. Information 8/6/2018 10:26:11 PM Windows Error Reporting 1001 None "Fault bucket 129604957459, type 5
  946. Event Name: AppHangB1
  947. Response: Not available
  948. Cab Id: 0
  949.  
  950. Problem signature:
  951. P1: Sims2EP9.exe
  952. P2: 1.17.0.66
  953. P3: 48f12b6f
  954. P4: a1fa
  955. P5: 67246080
  956. P6:
  957. P7:
  958. P8:
  959. P9:
  960. P10:
  961.  
  962. Attached files:
  963. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A.tmp.WERInternalMetadata.xml
  964.  
  965. These files may be available here:
  966. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_Sims2EP9.exe_d2313311f344515263c1fafeaab2224b34e1d964_32cbe8fc_085103a5
  967.  
  968. Analysis symbol:
  969. Rechecking for solution: 0
  970. Report Id: 4c9e31c5-a707-4d78-b3bc-161e9d99ad7a
  971. Report Status: 268435456
  972. Hashed bucket: 5ffccd8e00e16c3395367d1680ce33f2
  973. Cab Guid: 0"
  974. Error 8/6/2018 10:26:10 PM Application Hang 1002 (101) "The program Sims2EP9.exe version 1.17.0.66 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
  975. Process ID: e0c
  976. Start Time: 01d42e0af9296215
  977. Termination Time: 4294967295
  978. Application Path: C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
  979. Report Id: 4c9e31c5-a707-4d78-b3bc-161e9d99ad7a
  980. Faulting package full name:
  981. Faulting package-relative application ID:
  982. "
  983. Information 8/6/2018 10:26:10 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  984. Event Name: AppHangB1
  985. Response: Not available
  986. Cab Id: 0
  987.  
  988. Problem signature:
  989. P1: Sims2EP9.exe
  990. P2: 1.17.0.66
  991. P3: 48f12b6f
  992. P4: a1fa
  993. P5: 67246080
  994. P6:
  995. P7:
  996. P8:
  997. P9:
  998. P10:
  999.  
  1000. Attached files:
  1001.  
  1002. These files may be available here:
  1003. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_Sims2EP9.exe_d2313311f344515263c1fafeaab2224b34e1d964_32cbe8fc_253d000c
  1004.  
  1005. Analysis symbol:
  1006. Rechecking for solution: 0
  1007. Report Id: 4c9e31c5-a707-4d78-b3bc-161e9d99ad7a
  1008. Report Status: 4
  1009. Hashed bucket:
  1010. Cab Guid: 0"
  1011. Information 8/6/2018 10:24:03 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-14T05:24:03Z. Reason: RulesEngine.
  1012. Information 8/6/2018 10:23:33 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1013. Information 8/6/2018 10:23:32 PM ESENT 916 General svchost (3280,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1014. Information 8/6/2018 10:22:35 PM ESENT 916 General DllHost (8216,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1015. Information 8/6/2018 9:56:06 PM ESENT 916 General DllHost (8216,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1016. Information 8/6/2018 9:27:00 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1017. Information 8/6/2018 9:11:27 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1018. Information 8/6/2018 8:38:32 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1019. Information 8/6/2018 8:26:00 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1020. Information 8/6/2018 7:58:33 PM ESENT 916 General DllHost (8216,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1021. Information 8/6/2018 7:57:44 PM Windows Error Reporting 1001 None "Fault bucket 2097101029002567711, type 5
  1022. Event Name: RADAR_PRE_LEAK_WOW64
  1023. Response: Not available
  1024. Cab Id: 0
  1025.  
  1026. Problem signature:
  1027. P1: StardewModdingAPI.exe
  1028. P2: 2.6.0.0
  1029. P3: 10.0.17134.2.0.0
  1030. P4:
  1031. P5:
  1032. P6:
  1033. P7:
  1034. P8:
  1035. P9:
  1036. P10:
  1037.  
  1038. Attached files:
  1039. \\?\C:\Users\Desky\AppData\Local\Temp\RDR1697.tmp\empty.txt
  1040. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER1698.tmp.WERInternalMetadata.xml
  1041. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER16A8.tmp.xml
  1042. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER16B6.tmp.csv
  1043. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER16D6.tmp.txt
  1044.  
  1045. These files may be available here:
  1046.  
  1047.  
  1048. Analysis symbol:
  1049. Rechecking for solution: 0
  1050. Report Id: 66fd7c8e-706d-48b1-a464-bd03a2d5f53e
  1051. Report Status: 268435456
  1052. Hashed bucket: 8dad3af3770bcd961d1a664663cde01f
  1053. Cab Guid: 0"
  1054. Information 8/6/2018 7:25:00 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1055. Information 8/6/2018 6:55:12 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1056. Information 8/6/2018 6:48:08 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1057. Information 8/6/2018 6:47:25 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1058. Information 8/6/2018 6:46:24 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1059. Information 8/6/2018 6:46:24 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1060. Information 8/6/2018 6:45:12 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1061. Information 8/6/2018 6:45:10 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1062. Information 8/6/2018 6:45:10 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1063. Information 8/6/2018 6:45:09 PM ESENT 326 General "svchost (7036,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  1064.  
  1065. Saved Cache: 1 0
  1066. Additional Data: lgposAttach = 00000004:0002:0268
  1067.  
  1068. Internal Timing Sequence:
  1069. [1] 0.000001 +J(0)
  1070. [2] 0.000425 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  1071. [3] 0.003195 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:40K # 0K, P:40K)
  1072. [4] 0.000706 +J(0)
  1073. [5] -
  1074. [6] -
  1075. [7] 0.000225 -0.000156 (1) CM +J(CM:1, PgRf:2, Rd:4/0, Dy:0/0, Lg:0/0) +M(C:8K, Fs:4, WS:16K # 0K, PF:8K # 0K, P:8K)
  1076. [8] 0.000806 -0.000654 (6) CM +J(CM:6, PgRf:23, Rd:0/6, Dy:0/0, Lg:0/0) +M(C:0K, Fs:30, WS:120K # 112K, PF:196K # 180K, P:196K)
  1077. [9] 0.000536 -0.000416 (4) CM +J(CM:4, PgRf:40, Rd:0/4, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:68K # 68K, P:68K)
  1078. [10] 0.000151 -0.000136 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  1079. [11] 0.000033 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  1080. [12] 0.0 +J(0)
  1081. [13] 0.0 +J(0)
  1082. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  1083. Information 8/6/2018 6:45:09 PM ESENT 105 General "svchost (7036,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  1084.  
  1085. Additional Data:
  1086. lgposV2[] = 00000003:000B:0000 - 00000003:000E:0000 - 00000000:0000:0000 - 00000003:000E:0000 (00000000:0000:0000)
  1087. cReInits = 3
  1088.  
  1089.  
  1090. Internal Timing Sequence:
  1091. [1] 0.000445 +J(0) +M(C:0K, Fs:133, WS:520K # 520K, PF:2468K # 2468K, P:2468K)
  1092. [2] 0.000164 +J(0) +M(C:8K, Fs:100, WS:392K # 392K, PF:1160K # 1160K, P:1160K)
  1093. [3] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K)
  1094. [4] 0.000073 +J(0) +M(C:0K, Fs:37, WS:144K # 144K, PF:168K # 168K, P:168K)
  1095. [5] 0.000602 +J(0) +M(C:0K, Fs:60, WS:240K # 240K, PF:16K # 16K, P:16K)
  1096. [6] 0.003676 +J(0) +M(C:0K, Fs:34, WS:132K # 132K, PF:24K # 24K, P:24K)
  1097. [7] 0.003663 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:72K # 72K, P:72K)
  1098. [8] 0.017078 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52728/32) +M(C:0K, Fs:158, WS:352K # 352K, PF:244K # 248K, P:244K)
  1099. [9] -
  1100. [10] 0.000521 +J(0) +M(C:0K, Fs:4, WS:-48K # 0K, PF:-4K # 0K, P:-4K)
  1101. [11] 0.000014 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  1102. [12] 0.001044 +J(0) +M(C:0K, Fs:17, WS:68K # 28K, PF:4K # 0K, P:4K)
  1103. [13] 0.015092 -0.000501 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4713/4) +M(C:0K, Fs:79, WS:192K # 256K, PF:160K # 224K, P:160K)
  1104. [14] 0.000010 +J(0)
  1105. [15] 0.000007 +J(0)
  1106. [16] 0.000685 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  1107. Information 8/6/2018 6:45:09 PM ESENT 302 Logging/Recovery svchost (7036,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  1108. Information 8/6/2018 6:45:09 PM ESENT 301 Logging/Recovery "svchost (7036,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  1109.  
  1110. Previous Log Processing Stats: "
  1111. Information 8/6/2018 6:45:09 PM ESENT 300 Logging/Recovery svchost (7036,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  1112. Information 8/6/2018 6:45:09 PM ESENT 916 General svchost (7036,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1113. Information 8/6/2018 6:45:09 PM ESENT 102 General svchost (7036,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  1114. Information 8/6/2018 6:45:08 PM ESENT 916 General svchost (3280,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1115. Information 8/6/2018 6:32:18 PM ESENT 916 General DllHost (8216,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1116. Information 8/6/2018 6:24:00 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1117. Error 8/6/2018 6:13:59 PM Application Hang 1002 (101) "The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
  1118. Process ID: 5f8
  1119. Start Time: 01d42deb90721524
  1120. Termination Time: 26
  1121. Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
  1122. Report Id: 919f7e6d-4478-4b96-82e9-3d667153cfb9
  1123. Faulting package full name:
  1124. Faulting package-relative application ID:
  1125. "
  1126. Information 8/6/2018 6:13:58 PM Windows Error Reporting 1001 None "Fault bucket 128875186028, type 5
  1127. Event Name: AppHangB1
  1128. Response: Not available
  1129. Cab Id: 0
  1130.  
  1131. Problem signature:
  1132. P1: javaw.exe
  1133. P2: 8.0.51.16
  1134. P3: 55763d32
  1135. P4: 3ab2
  1136. P5: 134217728
  1137. P6:
  1138. P7:
  1139. P8:
  1140. P9:
  1141. P10:
  1142.  
  1143. Attached files:
  1144. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER484.tmp.WERInternalMetadata.xml
  1145. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER494.tmp.xml
  1146. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER493.tmp.csv
  1147. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A4.tmp.txt
  1148. \\?\C:\Users\Desky\AppData\Local\Temp\WER159D.tmp.appcompat.txt
  1149.  
  1150. These files may be available here:
  1151. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_javaw.exe_13df6748497e1793822ac23e08e6c147034e4de_e358b7af_0a1219b2
  1152.  
  1153. Analysis symbol:
  1154. Rechecking for solution: 0
  1155. Report Id: 919f7e6d-4478-4b96-82e9-3d667153cfb9
  1156. Report Status: 268435456
  1157. Hashed bucket: 767f8b0d44bc616be6c807e5709776a0
  1158. Cab Guid: 0"
  1159. Information 8/6/2018 5:59:20 PM ESENT 916 General svchost (3280,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1160. Information 8/6/2018 5:35:08 PM ESENT 916 General svchost (3280,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1161. Information 8/6/2018 5:23:00 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1162. Information 8/6/2018 4:42:37 PM ESENT 916 General DllHost (8216,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1163. Information 8/6/2018 4:42:37 PM ESENT 916 General svchost (9564,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1164. Information 8/6/2018 4:32:11 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-13T23:32:11Z. Reason: RulesEngine.
  1165. Information 8/6/2018 4:32:09 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1166. Information 8/6/2018 4:32:09 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1167. Information 8/6/2018 4:31:41 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1168. Information 8/6/2018 4:26:01 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1169. Information 8/6/2018 4:25:15 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  1170. "
  1171. Information 8/6/2018 4:25:15 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-13T23:25:15Z. Reason: RulesEngine.
  1172. Information 8/6/2018 4:24:46 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1173. Information 8/6/2018 4:24:46 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1174. Information 8/6/2018 4:24:45 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  1175. 10.0.17134.112"
  1176. Information 8/6/2018 4:24:44 PM SecurityCenter 1 None The Windows Security Center Service has started.
  1177. Information 8/6/2018 4:24:44 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  1178. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  1179. Licensing Status=
  1180. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1181. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1182. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1183. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1184. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1185. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1186. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1187. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1188. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1189. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1190. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1191. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1192. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1193. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1194. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1195. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1196. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1197. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  1198. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1199. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1200. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1201. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1202. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1203. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1204. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1205. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1206. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1207. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1208. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1209. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1210. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1211. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1212. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1213. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1214. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1215. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1216. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1217. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1218. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1219. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1220. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1221. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1222. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1223. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1224. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1225. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1226.  
  1227. "
  1228. Information 8/6/2018 4:24:44 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  1229. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  1230. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  1231. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  1232. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  1233. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  1234. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  1235. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  1236. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  1237. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  1238. "
  1239. Information 8/6/2018 4:24:44 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1240. Information 8/6/2018 4:24:44 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  1241. Parameters:<explicit>"
  1242. Information 8/6/2018 4:24:11 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  1243. Information 8/6/2018 4:23:03 PM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9.
  1244. Information 8/6/2018 4:23:03 PM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9.
  1245. Information 8/6/2018 4:23:01 PM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9.
  1246. Information 8/6/2018 4:22:50 PM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  1247. Information 8/6/2018 4:22:50 PM ESENT 916 General svchost (3952,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1248. Information 8/6/2018 4:22:48 PM ESENT 916 General svchost (8684,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1249. Information 8/6/2018 4:22:41 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  1250.  
  1251. Information 8/6/2018 4:22:41 PM ESENT 326 General "SearchIndexer (6756,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  1252.  
  1253. Saved Cache: 0 0
  1254. Additional Data: lgposAttach = 00000024:005D:0268
  1255.  
  1256. Internal Timing Sequence:
  1257. [1] 0.000002 +J(0)
  1258. [2] 0.001988 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  1259. [3] 0.004913 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:120K # 0K, PF:144K # 0K, P:144K)
  1260. [4] 0.000078 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  1261. [5] -
  1262. [6] -
  1263. [7] 0.018862 -0.000236 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:660K # 0K, P:660K)
  1264. [8] 0.000322 -0.000197 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 140K, P:256K)
  1265. [9] 0.000261 -0.000192 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  1266. [10] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  1267. [11] 0.000027 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  1268. [12] 0.0 +J(0)
  1269. [13] 0.0 +J(0)
  1270. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  1271. Information 8/6/2018 4:22:41 PM ESENT 105 General "SearchIndexer (6756,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  1272.  
  1273. Additional Data:
  1274.  
  1275.  
  1276. Internal Timing Sequence:
  1277. [1] 0.000726 +J(0) +M(C:0K, Fs:230, WS:896K # 896K, PF:5088K # 5088K, P:5088K)
  1278. [2] 0.000169 +J(0) +M(C:0K, Fs:104, WS:416K # 416K, PF:392K # 392K, P:392K)
  1279. [3] 0.000013 +J(0) +M(C:0K, Fs:7, WS:28K # 28K, PF:64K # 64K, P:64K)
  1280. [4] 0.000064 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:232K # 232K, P:232K)
  1281. [5] 0.000441 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:24K # 24K, P:24K)
  1282. [6] 0.004457 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:20K # 20K, P:20K)
  1283. [7] 0.004139 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  1284. [8] -
  1285. [9] -
  1286. [10] -
  1287. [11] -
  1288. [12] -
  1289. [13] 0.009942 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1020K # 12K, P:-1020K)
  1290. [14] 0.000018 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:4K # 0K, P:4K)
  1291. [15] 0.000035 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  1292. [16] 0.000091 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  1293. Information 8/6/2018 4:22:41 PM ESENT 916 General SearchIndexer (6756,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1294. Information 8/6/2018 4:22:41 PM ESENT 102 General SearchIndexer (6756,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  1295. Information 8/6/2018 4:22:40 PM ESENT 916 General taskhostw (3132,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1296. Information 8/6/2018 4:22:39 PM ESENT 916 General svchost (4084,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1297. Information 8/6/2018 4:22:39 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  1298. Information 8/6/2018 4:22:39 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  1299. Information 8/6/2018 4:22:39 PM ESENT 916 General svchost (3280,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1300. Information 8/6/2018 4:22:38 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  1301.  
  1302. "
  1303. Information 8/6/2018 4:22:39 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  1304. Information 8/6/2018 4:22:38 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  1305. Information 8/6/2018 4:22:38 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  1306. Information 8/6/2018 7:29:32 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  1307.  
  1308. "
  1309. Information 8/6/2018 7:29:32 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  1310.  
  1311. DETAIL -
  1312. 5 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  1313. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1314. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1315. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1316. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  1317. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  1318. "
  1319. Information 8/6/2018 7:29:32 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  1320.  
  1321. DETAIL -
  1322. 27 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  1323. Process 728 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  1324. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  1325. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\CommsAPHost\Test
  1326. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  1327. Process 4116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  1328. Process 9720 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  1329. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  1330. Process 3416 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1331. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1332. Process 4736 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1333. Process 4116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  1334. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Unified Store\HighWaterMarks\C:_Users_Desky_AppData_Local_Comms_UnistoreDB_store.vol
  1335. Process 3416 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1336. Process 4736 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1337. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1338. Process 4116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  1339. Process 3416 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1340. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1341. Process 4736 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1342. Process 4736 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1343. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1344. Process 3416 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1345. Process 624 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  1346. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  1347. Process 4736 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  1348. Process 9060 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  1349. Process 3416 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  1350. "
  1351. Information 8/6/2018 7:29:32 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  1352. Information 8/6/2018 7:29:32 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  1353. Information 8/6/2018 7:29:29 AM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  1354. Information 8/6/2018 7:29:27 AM ESENT 916 General DllHost (3032,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1355. Information 8/6/2018 6:58:22 AM ESENT 916 General svchost (3416,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1356. Information 8/6/2018 6:41:00 AM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1357. Information 8/6/2018 6:37:19 AM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1358. Information 8/6/2018 6:27:56 AM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1359. Information 8/6/2018 5:43:54 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-13T12:43:54Z. Reason: RulesEngine.
  1360. Information 8/6/2018 5:43:29 AM ESENT 916 General svchost (3416,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1361. Information 8/6/2018 5:43:17 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1362. Information 8/6/2018 5:41:43 AM ESENT 916 General DllHost (3032,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1363. Information 8/6/2018 5:40:47 AM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1364. Information 8/5/2018 9:12:57 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1365. Information 8/5/2018 8:52:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1366. Information 8/5/2018 8:08:41 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1367. Information 8/5/2018 7:51:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1368. Information 8/5/2018 6:50:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1369. Information 8/5/2018 6:07:12 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1370. Information 8/5/2018 6:02:42 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1371. Information 8/5/2018 6:02:17 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1372. Information 8/5/2018 6:01:17 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1373. Information 8/5/2018 6:01:17 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1374. Information 8/5/2018 5:59:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1375. Information 8/5/2018 5:59:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1376. Information 8/5/2018 5:59:42 PM ESENT 326 General "svchost (7292,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  1377.  
  1378. Saved Cache: 1 0
  1379. Additional Data: lgposAttach = 00000003:000C:0268
  1380.  
  1381. Internal Timing Sequence:
  1382. [1] 0.000002 +J(0)
  1383. [2] 0.003552 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  1384. [3] 0.009190 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K)
  1385. [4] 0.001392 +J(0)
  1386. [5] -
  1387. [6] -
  1388. [7] 0.000274 -0.000178 (1) CM +J(CM:1, PgRf:2, Rd:4/0, Dy:0/0, Lg:0/0) +M(C:8K, Fs:4, WS:16K # 0K, PF:8K # 0K, P:8K)
  1389. [8] 0.001854 -0.001413 (6) CM +J(CM:6, PgRf:23, Rd:0/6, Dy:0/0, Lg:0/0) +M(C:0K, Fs:31, WS:124K # 112K, PF:196K # 176K, P:196K)
  1390. [9] 0.000754 -0.000653 (4) CM +J(CM:4, PgRf:40, Rd:0/4, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:64K # 64K, P:64K)
  1391. [10] 0.000134 -0.000117 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  1392. [11] 0.000040 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  1393. [12] 0.000001 +J(0)
  1394. [13] 0.0 +J(0)
  1395. [14] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  1396. Information 8/5/2018 5:59:42 PM ESENT 105 General "svchost (7292,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  1397.  
  1398. Additional Data:
  1399. lgposV2[] = 00000003:0007:0000 - 00000003:000A:0000 - 00000000:0000:0000 - 00000003:000A:0000 (00000000:0000:0000)
  1400. cReInits = 2
  1401.  
  1402.  
  1403. Internal Timing Sequence:
  1404. [1] 0.000659 +J(0) +M(C:0K, Fs:135, WS:532K # 532K, PF:2468K # 2468K, P:2468K)
  1405. [2] 0.000656 +J(0) +M(C:8K, Fs:155, WS:612K # 612K, PF:1164K # 1164K, P:1164K)
  1406. [3] 0.000015 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K)
  1407. [4] 0.000076 +J(0) +M(C:0K, Fs:27, WS:104K # 104K, PF:164K # 164K, P:164K)
  1408. [5] 0.000902 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K)
  1409. [6] 0.005579 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:16K # 16K, P:16K)
  1410. [7] 0.005208 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:64K # 64K, P:64K)
  1411. [8] 0.028124 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:36504/22) +M(C:0K, Fs:146, WS:360K # 360K, PF:264K # 268K, P:264K)
  1412. [9] -
  1413. [10] 0.000887 +J(0) +M(C:0K, Fs:17, WS:8K # 8K, PF:-4K # 0K, P:-4K)
  1414. [11] 0.000014 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)
  1415. [12] 0.001102 +J(0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)
  1416. [13] 0.037553 -0.000388 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:58, WS:112K # 176K, PF:164K # 224K, P:164K)
  1417. [14] 0.000013 +J(0)
  1418. [15] 0.000007 +J(0)
  1419. [16] 0.004183 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  1420. Information 8/5/2018 5:59:42 PM ESENT 302 Logging/Recovery svchost (7292,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  1421. Information 8/5/2018 5:59:42 PM ESENT 301 Logging/Recovery "svchost (7292,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  1422.  
  1423. Previous Log Processing Stats: "
  1424. Information 8/5/2018 5:59:42 PM ESENT 300 Logging/Recovery svchost (7292,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  1425. Information 8/5/2018 5:59:42 PM ESENT 916 General svchost (7292,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1426. Information 8/5/2018 5:59:42 PM ESENT 102 General svchost (7292,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  1427. Information 8/5/2018 5:59:42 PM ESENT 916 General svchost (3416,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1428. Information 8/5/2018 5:59:15 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1429. Information 8/5/2018 5:49:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1430. Information 8/5/2018 5:00:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1431. Information 8/5/2018 4:48:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1432. Information 8/5/2018 4:35:34 PM ESENT 916 General svchost (3416,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1433. Information 8/5/2018 3:47:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1434. Information 8/5/2018 2:46:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1435. Information 8/5/2018 2:34:27 PM ESENT 916 General svchost (9060,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1436. Information 8/5/2018 1:45:00 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1437. Information 8/5/2018 12:44:22 PM ESENT 916 General DllHost (3032,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1438. Information 8/5/2018 12:44:15 PM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1439. Information 8/5/2018 10:22:32 AM ESENT 916 General svchost (3416,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1440. Information 8/5/2018 10:20:39 AM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1441. Information 8/5/2018 9:58:00 AM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1442. Information 8/5/2018 9:45:15 AM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  1443. Information 8/5/2018 9:00:50 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-12T16:00:50Z. Reason: RulesEngine.
  1444. Information 8/5/2018 9:00:33 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1445. Information 8/5/2018 9:00:30 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1446. Information 8/5/2018 9:00:30 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1447. Information 8/5/2018 9:00:11 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1448. Information 8/5/2018 8:59:48 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  1449. "
  1450. Information 8/5/2018 8:59:48 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-12T15:59:48Z. Reason: RulesEngine.
  1451. Information 8/5/2018 8:59:20 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1452. Information 8/5/2018 8:59:20 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1453. Information 8/5/2018 8:59:18 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  1454. 10.0.17134.112"
  1455. Information 8/5/2018 8:59:18 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  1456. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  1457. Licensing Status=
  1458. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1459. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1460. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1461. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1462. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1463. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1464. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1465. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1466. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1467. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1468. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1469. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1470. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1471. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1472. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1473. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1474. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1475. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  1476. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1477. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1478. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1479. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1480. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1481. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1482. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1483. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1484. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1485. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1486. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1487. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1488. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1489. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1490. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1491. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1492. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1493. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1494. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1495. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1496. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1497. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1498. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1499. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1500. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1501. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1502. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1503. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1504.  
  1505. "
  1506. Information 8/5/2018 8:59:18 AM SecurityCenter 1 None The Windows Security Center Service has started.
  1507. Information 8/5/2018 8:59:18 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  1508. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  1509. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  1510. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  1511. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  1512. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  1513. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  1514. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  1515. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  1516. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  1517. "
  1518. Information 8/5/2018 8:59:18 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1519. Information 8/5/2018 8:59:18 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  1520. Parameters:<explicit>"
  1521. Information 8/5/2018 8:57:38 AM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8.
  1522. Information 8/5/2018 8:57:38 AM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8.
  1523. Information 8/5/2018 8:57:33 AM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8.
  1524. Information 8/5/2018 8:57:33 AM ESENT 916 General DllHost (3032,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1525. Information 8/5/2018 8:57:21 AM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  1526. Information 8/5/2018 8:57:21 AM ESENT 916 General svchost (2896,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1527. Information 8/5/2018 8:57:19 AM ESENT 916 General svchost (2896,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1528. Information 8/5/2018 8:57:18 AM ESENT 916 General svchost (8632,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1529. Information 8/5/2018 8:57:12 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  1530.  
  1531. Information 8/5/2018 8:57:12 AM ESENT 326 General "SearchIndexer (6460,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  1532.  
  1533. Saved Cache: 0 0
  1534. Additional Data: lgposAttach = 00000024:001A:0268
  1535.  
  1536. Internal Timing Sequence:
  1537. [1] 0.000002 +J(0)
  1538. [2] 0.003188 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  1539. [3] 0.005082 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:132K # 0K, PF:144K # 0K, P:144K)
  1540. [4] 0.000071 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  1541. [5] -
  1542. [6] -
  1543. [7] 0.010946 -0.000260 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:240K # 0K, PF:660K # 0K, P:660K)
  1544. [8] 0.000316 -0.000184 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:280K # 0K, PF:260K # 136K, P:260K)
  1545. [9] 0.000256 -0.000193 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  1546. [10] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  1547. [11] 0.000029 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  1548. [12] 0.0 +J(0)
  1549. [13] 0.0 +J(0)
  1550. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  1551. Information 8/5/2018 8:57:12 AM ESENT 105 General "SearchIndexer (6460,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  1552.  
  1553. Additional Data:
  1554.  
  1555.  
  1556. Internal Timing Sequence:
  1557. [1] 0.000508 +J(0) +M(C:0K, Fs:176, WS:684K # 684K, PF:5080K # 5080K, P:5080K)
  1558. [2] 0.000195 +J(0) +M(C:0K, Fs:141, WS:564K # 564K, PF:396K # 396K, P:396K)
  1559. [3] 0.000018 +J(0) +M(C:0K, Fs:17, WS:64K # 64K, PF:68K # 68K, P:68K)
  1560. [4] 0.000066 +J(0) +M(C:0K, Fs:38, WS:152K # 152K, PF:228K # 228K, P:228K)
  1561. [5] 0.000444 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  1562. [6] 0.027353 +J(0) +M(C:0K, Fs:35, WS:104K # 104K, PF:20K # 20K, P:20K)
  1563. [7] 0.003841 +J(0) +M(C:0K, Fs:272, WS:1088K # 1088K, PF:1036K # 1036K, P:1036K)
  1564. [8] -
  1565. [9] -
  1566. [10] -
  1567. [11] -
  1568. [12] -
  1569. [13] 0.011167 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K)
  1570. [14] 0.000015 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  1571. [15] 0.000049 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  1572. [16] 0.000153 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  1573. Information 8/5/2018 8:57:12 AM ESENT 916 General SearchIndexer (6460,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1574. Information 8/5/2018 8:57:12 AM ESENT 102 General SearchIndexer (6460,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  1575. Information 8/5/2018 8:57:12 AM ESENT 916 General taskhostw (3244,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1576. Information 8/5/2018 8:57:11 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  1577. Information 8/5/2018 8:57:10 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  1578. Information 8/5/2018 8:57:11 AM ESENT 916 General svchost (4204,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1579. Information 8/5/2018 8:57:10 AM ESENT 916 General svchost (3416,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1580. Information 8/5/2018 8:57:10 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  1581.  
  1582. "
  1583. Information 8/5/2018 8:57:10 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  1584. Information 8/5/2018 8:57:10 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  1585. Information 8/5/2018 8:57:10 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  1586. Information 8/4/2018 11:10:57 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  1587.  
  1588. "
  1589. Information 8/4/2018 11:10:56 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  1590.  
  1591. DETAIL -
  1592. 8 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  1593. Process 5592 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1594. Process 5592 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1595. Process 5592 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1596. Process 1380 (\Device\HarddiskVolume5\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1597. Process 5592 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  1598. Process 1380 (\Device\HarddiskVolume5\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  1599. Process 5592 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  1600. Process 1380 (\Device\HarddiskVolume5\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  1601. "
  1602. Information 8/4/2018 11:10:56 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  1603.  
  1604. DETAIL -
  1605. 26 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  1606. Process 736 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  1607. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  1608. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  1609. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  1610. Process 4288 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  1611. Process 5592 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  1612. Process 5056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1613. Process 3212 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1614. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1615. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  1616. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1617. Process 5056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1618. Process 3212 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1619. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  1620. Process 5592 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  1621. Process 5056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1622. Process 3212 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1623. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1624. Process 5056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1625. Process 3212 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1626. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1627. Process 632 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  1628. Process 340 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  1629. Process 5056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  1630. Process 3212 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  1631. Process 3768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  1632. "
  1633. Information 8/4/2018 11:10:56 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  1634. Information 8/4/2018 11:10:56 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  1635. Information 8/4/2018 11:10:54 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  1636. Information 8/4/2018 11:10:51 PM ESENT 916 General DllHost (4984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1637. Information 8/4/2018 10:57:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1638. Information 8/4/2018 10:15:34 PM ESENT 916 General DllHost (4984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1639. Information 8/4/2018 9:56:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1640. Information 8/4/2018 9:43:01 PM ESENT 916 General svchost (3212,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1641. Information 8/4/2018 9:34:28 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1642. Information 8/4/2018 9:17:44 PM Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on OS2 (F:)
  1643. Information 8/4/2018 9:17:44 PM Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on OS2 (F:)
  1644. Information 8/4/2018 9:17:44 PM Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on (C:)
  1645. Information 8/4/2018 9:17:44 PM Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed retrim on (C:)
  1646. Information 8/4/2018 9:15:35 PM Microsoft-Windows-Defrag 258 None The storage optimizer successfully completed defragmentation on Bucket (D:)
  1647. Information 8/4/2018 8:55:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1648. Information 8/4/2018 8:38:40 PM Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: <CN=Entrust Root Certification Authority - G2, OU=""(c) 2009 Entrust, Inc. - for authorized use only"", OU=See www.entrust.net/legal-terms, O=""Entrust, Inc."", C=US> Sha1 thumbprint: <8CF427FD790C3AD166068DE81E57EFBB932272D4>."
  1649. Information 8/4/2018 8:36:56 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1650. Information 8/4/2018 8:32:11 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-12T03:32:11Z. Reason: RulesEngine.
  1651. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute.
  1652. Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
  1653. App Id=55c92734-d682-4d71-983e-d6ec3f16059f
  1654. Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
  1655. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500
  1656. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1657. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1658. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1659. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1660. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1661. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1662. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1663. Information 8/4/2018 8:31:38 PM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  1664. Information 8/4/2018 8:31:37 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1665. Information 8/4/2018 8:31:36 PM ESENT 916 General svchost (3212,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1666. Information 8/4/2018 7:54:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1667. Information 8/4/2018 7:41:54 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1668. Information 8/4/2018 7:38:58 PM ESENT 916 General svchost (3756,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1669. Information 8/4/2018 6:53:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1670. Information 8/4/2018 6:36:43 PM ESENT 916 General DllHost (4984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1671. Information 8/4/2018 5:52:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1672. Information 8/4/2018 4:51:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1673. Information 8/4/2018 4:35:13 PM ESENT 916 General svchost (3212,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1674. Information 8/4/2018 3:50:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1675. Information 8/4/2018 3:32:59 PM ESENT 916 General DllHost (4984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1676. Information 8/4/2018 3:01:34 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1677. Information 8/4/2018 2:51:57 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1678. Information 8/4/2018 2:49:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1679. Information 8/4/2018 1:50:01 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  1680. Event Name: AppHangTransient
  1681. Response: Not available
  1682. Cab Id: 0
  1683.  
  1684. Problem signature:
  1685. P1: javaw.exe
  1686. P2: 8.0.51.16
  1687. P3: 55763d32
  1688. P4: unknown
  1689. P5: unknown
  1690. P6: unknown
  1691. P7: unknown
  1692. P8:
  1693. P9:
  1694. P10:
  1695.  
  1696. Attached files:
  1697. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2548.tmp.WERInternalMetadata.xml
  1698. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2559.tmp.xml
  1699. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2558.tmp.csv
  1700. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER2568.tmp.txt
  1701.  
  1702. These files may be available here:
  1703.  
  1704.  
  1705. Analysis symbol:
  1706. Rechecking for solution: 0
  1707. Report Id: 5da1cfe3-bc6b-43a4-acd2-7fe13dd3ce95
  1708. Report Status: 2049
  1709. Hashed bucket:
  1710. Cab Guid: 0"
  1711. Information 8/4/2018 1:48:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1712. Information 8/4/2018 12:47:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1713. Information 8/4/2018 12:25:23 PM ESENT 916 General DllHost (4984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1714. Information 8/4/2018 12:18:06 PM Windows Error Reporting 1001 None "Fault bucket 1257110184865172746, type 5
  1715. Event Name: RADAR_PRE_LEAK_64
  1716. Response: Not available
  1717. Cab Id: 0
  1718.  
  1719. Problem signature:
  1720. P1: java.exe
  1721. P2: 8.0.1520.16
  1722. P3: 10.0.17134.2.0.0
  1723. P4:
  1724. P5:
  1725. P6:
  1726. P7:
  1727. P8:
  1728. P9:
  1729. P10:
  1730.  
  1731. Attached files:
  1732. \\?\C:\Users\Desky\AppData\Local\Temp\RDRF865.tmp\empty.txt
  1733. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF866.tmp.WERInternalMetadata.xml
  1734. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF876.tmp.xml
  1735. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF884.tmp.csv
  1736. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF894.tmp.txt
  1737.  
  1738. These files may be available here:
  1739.  
  1740.  
  1741. Analysis symbol:
  1742. Rechecking for solution: 0
  1743. Report Id: 6cc7fcc6-e483-46e9-817d-10ed4a00a8bf
  1744. Report Status: 268435456
  1745. Hashed bucket: 16591fed55b14d22a172270d7c6a0d0a
  1746. Cab Guid: 0"
  1747. Information 8/4/2018 11:46:00 AM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1748. Information 8/4/2018 11:24:20 AM ESENT 916 General DllHost (4984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1749. Information 8/4/2018 11:07:02 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1750. Information 8/4/2018 11:06:13 AM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1751. Information 8/4/2018 11:05:13 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1752. Information 8/4/2018 11:05:13 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1753. Information 8/4/2018 11:04:31 AM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  1754. Information 8/4/2018 11:04:02 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1755. Information 8/4/2018 11:04:02 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1756. Information 8/4/2018 11:04:01 AM ESENT 326 General "svchost (8404,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  1757.  
  1758. Saved Cache: 1 0
  1759. Additional Data: lgposAttach = 00000003:0008:0268
  1760.  
  1761. Internal Timing Sequence:
  1762. [1] 0.000001 +J(0)
  1763. [2] 0.000490 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  1764. [3] 0.003421 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K)
  1765. [4] 0.000741 +J(0)
  1766. [5] -
  1767. [6] -
  1768. [7] 0.000491 -0.000207 (1) CM +J(CM:1, PgRf:2, Rd:6/0, Dy:0/0, Lg:0/0) +M(C:24K, Fs:6, WS:24K # 0K, PF:24K # 0K, P:24K)
  1769. [8] 0.000517 -0.000334 (3) CM +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:-16K, Fs:33, WS:112K # 116K, PF:184K # 196K, P:184K)
  1770. [9] 0.000434 -0.000344 (3) CM +J(CM:3, PgRf:40, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 8K, PF:64K # 48K, P:64K)
  1771. [10] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  1772. [11] 0.000027 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  1773. [12] 0.0 +J(0)
  1774. [13] 0.0 +J(0)
  1775. [14] 0.000002 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  1776. Information 8/4/2018 11:04:01 AM ESENT 105 General "svchost (8404,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  1777.  
  1778. Additional Data:
  1779. lgposV2[] = 00000003:0003:0000 - 00000003:0006:0000 - 00000000:0000:0000 - 00000003:0006:0000 (00000000:0000:0000)
  1780. cReInits = 1
  1781.  
  1782.  
  1783. Internal Timing Sequence:
  1784. [1] 0.000521 +J(0) +M(C:0K, Fs:141, WS:548K # 548K, PF:3312K # 3312K, P:3312K)
  1785. [2] 0.000191 +J(0) +M(C:8K, Fs:150, WS:596K # 596K, PF:328K # 328K, P:328K)
  1786. [3] 0.000006 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K)
  1787. [4] 0.000075 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:160K # 160K, P:160K)
  1788. [5] 0.000540 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:16K # 16K, P:16K)
  1789. [6] 0.003535 +J(0) +M(C:0K, Fs:33, WS:128K # 128K, PF:20K # 20K, P:20K)
  1790. [7] 0.003459 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:64K # 64K, P:64K)
  1791. [8] 0.015218 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:20280/12) +M(C:0K, Fs:124, WS:352K # 352K, PF:244K # 248K, P:244K)
  1792. [9] -
  1793. [10] 0.000798 +J(0) +M(C:0K, Fs:18, WS:8K # 64K, PF:0K # 56K, P:0K)
  1794. [11] 0.000012 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  1795. [12] 0.001092 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K)
  1796. [13] 0.020295 -0.000270 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:59, WS:108K # 136K, PF:160K # 168K, P:160K)
  1797. [14] 0.000018 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K)
  1798. [15] 0.000009 +J(0)
  1799. [16] 0.000729 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  1800. Information 8/4/2018 11:04:01 AM ESENT 302 Logging/Recovery svchost (8404,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  1801. Information 8/4/2018 11:04:01 AM ESENT 301 Logging/Recovery "svchost (8404,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  1802.  
  1803. Previous Log Processing Stats: "
  1804. Information 8/4/2018 11:04:01 AM ESENT 300 Logging/Recovery svchost (8404,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  1805. Information 8/4/2018 11:04:01 AM ESENT 916 General svchost (8404,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1806. Information 8/4/2018 11:04:01 AM ESENT 102 General svchost (8404,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  1807. Information 8/4/2018 11:04:00 AM ESENT 916 General svchost (3212,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1808. Information 8/4/2018 10:58:59 AM Microsoft-Windows-CAPI2 4111 None Successful auto update of third-party root list with effective date: ‎Wednesday, ‎July ‎18, ‎2018 2:09:13 PM.
  1809. Information 8/4/2018 10:45:00 AM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1810. Information 8/4/2018 9:44:00 AM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1811. Information 8/4/2018 8:43:00 AM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1812. Information 8/4/2018 7:53:13 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1813. Information 8/4/2018 7:53:13 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1814. Information 8/4/2018 7:52:37 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-11T14:52:37Z. Reason: RulesEngine.
  1815. Information 8/4/2018 7:51:59 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1816. Information 8/4/2018 7:46:19 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  1817. Information 8/4/2018 7:45:37 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  1818. "
  1819. Information 8/4/2018 7:45:37 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-11T14:45:37Z. Reason: RulesEngine.
  1820. Information 8/4/2018 7:45:08 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1821. Information 8/4/2018 7:45:08 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  1822. Information 8/4/2018 7:45:07 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  1823. 10.0.17134.112"
  1824. Information 8/4/2018 7:45:06 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  1825. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  1826. Licensing Status=
  1827. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1828. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1829. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1830. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1831. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1832. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1833. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1834. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1835. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1836. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1837. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1838. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1839. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1840. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1841. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1842. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1843. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1844. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  1845. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1846. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1847. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1848. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1849. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1850. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1851. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1852. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1853. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1854. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1855. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1856. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1857. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1858. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1859. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1860. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1861. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1862. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1863. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1864. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1865. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1866. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1867. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1868. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1869. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1870. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1871. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1872. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  1873.  
  1874. "
  1875. Information 8/4/2018 7:45:06 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  1876. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  1877. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  1878. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  1879. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  1880. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  1881. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  1882. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  1883. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  1884. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  1885. "
  1886. Information 8/4/2018 7:45:06 AM SecurityCenter 1 None The Windows Security Center Service has started.
  1887. Information 8/4/2018 7:45:06 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  1888. Information 8/4/2018 7:45:06 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  1889. Parameters:<explicit>"
  1890. Information 8/4/2018 7:43:22 AM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7.
  1891. Information 8/4/2018 7:43:22 AM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7.
  1892. Information 8/4/2018 7:43:21 AM ESENT 916 General svchost (3984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1893. Information 8/4/2018 7:43:21 AM ESENT 916 General DllHost (4984,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1894. Information 8/4/2018 7:43:20 AM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7.
  1895. Information 8/4/2018 7:43:08 AM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  1896. Information 8/4/2018 7:43:08 AM ESENT 916 General svchost (3756,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1897. Information 8/4/2018 7:43:00 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  1898.  
  1899. Information 8/4/2018 7:43:00 AM ESENT 326 General "SearchIndexer (6416,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  1900.  
  1901. Saved Cache: 0 0
  1902. Additional Data: lgposAttach = 0000000B:00BB:0268
  1903.  
  1904. Internal Timing Sequence:
  1905. [1] 0.000002 +J(0)
  1906. [2] 0.001864 +J(0) +M(C:0K, Fs:33, WS:68K # 12K, PF:44K # 0K, P:44K)
  1907. [3] 0.006820 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:116K # 84K, PF:144K # 0K, P:144K)
  1908. [4] 0.000396 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  1909. [5] -
  1910. [6] -
  1911. [7] 0.014514 -0.000282 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:236K # 212K, PF:664K # 192K, P:664K)
  1912. [8] 0.000530 -0.000367 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 280K, PF:256K # 256K, P:256K)
  1913. [9] 0.000323 -0.000233 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 56K, PF:96K # 96K, P:96K)
  1914. [10] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  1915. [11] 0.000028 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:0K # 0K, P:0K)
  1916. [12] 0.0 +J(0)
  1917. [13] 0.0 +J(0)
  1918. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  1919. Information 8/4/2018 7:43:00 AM ESENT 105 General "SearchIndexer (6416,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  1920.  
  1921. Additional Data:
  1922.  
  1923.  
  1924. Internal Timing Sequence:
  1925. [1] 0.000513 +J(0) +M(C:0K, Fs:174, WS:676K # 676K, PF:5084K # 5084K, P:5084K)
  1926. [2] 0.000194 +J(0) +M(C:0K, Fs:158, WS:640K # 640K, PF:392K # 392K, P:392K)
  1927. [3] 0.000015 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  1928. [4] 0.000062 +J(0) +M(C:0K, Fs:33, WS:128K # 128K, PF:240K # 240K, P:240K)
  1929. [5] 0.000428 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  1930. [6] 0.535882 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:16K # 16K, P:16K)
  1931. [7] 0.004287 +J(0) +M(C:0K, Fs:271, WS:1080K # 1080K, PF:1028K # 1028K, P:1028K)
  1932. [8] -
  1933. [9] -
  1934. [10] -
  1935. [11] -
  1936. [12] -
  1937. [13] 0.013165 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:110, WS:-600K # 16K, PF:-824K # 12K, P:-824K)
  1938. [14] 0.000013 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  1939. [15] 0.000040 +J(0) +M(C:0K, Fs:34, WS:132K # 0K, PF:68K # 0K, P:68K)
  1940. [16] 0.000843 +J(0) +M(C:0K, Fs:77, WS:300K # 0K, PF:96K # 0K, P:96K)."
  1941. Information 8/4/2018 7:43:00 AM ESENT 916 General SearchIndexer (6416,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1942. Information 8/4/2018 7:43:00 AM ESENT 102 General SearchIndexer (6416,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  1943. Information 8/4/2018 7:42:59 AM ESENT 916 General taskhostw (3996,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1944. Information 8/4/2018 7:42:58 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  1945. Information 8/4/2018 7:42:59 AM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1946. Information 8/4/2018 7:42:58 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  1947. Information 8/4/2018 7:42:57 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  1948.  
  1949. "
  1950. Information 8/4/2018 7:42:58 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  1951. Information 8/4/2018 7:42:58 AM ESENT 916 General svchost (3212,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  1952. Information 8/4/2018 7:42:58 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  1953. Information 8/4/2018 7:42:57 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  1954. Information 8/3/2018 11:03:22 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  1955.  
  1956. "
  1957. Information 8/3/2018 11:03:22 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  1958.  
  1959. DETAIL -
  1960. 10 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  1961. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1962. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1963. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1964. Process 944 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1965. Process 944 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1966. Process 944 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  1967. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  1968. Process 944 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  1969. Process 944 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  1970. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  1971. "
  1972. Information 8/3/2018 11:03:22 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  1973.  
  1974. DETAIL -
  1975. 28 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  1976. Process 736 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  1977. Process 68 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  1978. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\CommsAPHost\Test
  1979. Process 68 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  1980. Process 3476 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  1981. Process 7708 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  1982. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  1983. Process 944 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  1984. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1985. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1986. Process 4140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  1987. Process 3476 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  1988. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1989. Process 4140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1990. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  1991. Process 3476 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  1992. Process 944 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  1993. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1994. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1995. Process 4140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  1996. Process 4140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1997. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1998. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  1999. Process 632 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  2000. Process 68 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  2001. Process 4140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2002. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2003. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2004. "
  2005. Information 8/3/2018 11:03:22 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2006. Information 8/3/2018 11:03:22 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  2007. Information 8/3/2018 11:03:21 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  2008. Information 8/3/2018 11:03:19 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  2009. Information 8/3/2018 11:03:13 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2010. Information 8/3/2018 10:39:00 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2011. Information 8/3/2018 9:38:21 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2012. Information 8/3/2018 9:38:07 PM ESENT 916 General svchost (1664,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2013. Information 8/3/2018 9:38:07 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2014. Information 8/3/2018 8:31:00 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2015. Information 8/3/2018 8:27:28 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2016. Information 8/3/2018 7:48:00 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2017. Information 8/3/2018 7:38:27 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2018. Information 8/3/2018 7:32:31 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2019. Information 8/3/2018 7:30:00 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2020. Information 8/3/2018 7:28:25 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  2021. Information 8/3/2018 7:16:54 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2022. Information 8/3/2018 7:12:46 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2023. Information 8/3/2018 6:41:04 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2024. Information 8/3/2018 6:37:53 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2025. Information 8/3/2018 6:35:40 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2026. Information 8/3/2018 6:29:00 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2027. Information 8/3/2018 6:27:26 PM ESENT 916 General DllHost (1744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2028. Information 8/3/2018 6:01:45 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2029. Information 8/3/2018 5:47:30 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2030. Information 8/3/2018 5:35:32 PM ESENT 916 General svchost (3168,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2031. Information 8/3/2018 5:28:00 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2032. Information 8/3/2018 5:25:25 PM ESENT 916 General svchost (1512,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2033. Information 8/3/2018 4:37:00 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-10T23:37:00Z. Reason: RulesEngine.
  2034. Information 8/3/2018 4:36:45 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2035. Information 8/3/2018 4:36:45 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2036. Information 8/3/2018 4:36:29 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2037. Information 8/3/2018 4:30:04 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  2038. "
  2039. Information 8/3/2018 4:30:04 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-10T23:30:04Z. Reason: RulesEngine.
  2040. Information 8/3/2018 4:29:36 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2041. Information 8/3/2018 4:29:36 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2042. Information 8/3/2018 4:29:34 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  2043. 10.0.17134.112"
  2044. Information 8/3/2018 4:29:34 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  2045. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  2046. Licensing Status=
  2047. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2048. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2049. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2050. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2051. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2052. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2053. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2054. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2055. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2056. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2057. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2058. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2059. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2060. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2061. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2062. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2063. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2064. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  2065. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2066. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2067. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2068. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2069. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2070. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2071. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2072. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2073. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2074. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2075. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2076. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2077. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2078. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2079. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2080. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2081. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2082. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2083. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2084. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2085. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2086. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2087. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2088. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2089. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2090. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2091. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2092. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2093.  
  2094. "
  2095. Information 8/3/2018 4:29:34 PM SecurityCenter 1 None The Windows Security Center Service has started.
  2096. Information 8/3/2018 4:29:34 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  2097. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  2098. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  2099. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  2100. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  2101. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  2102. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  2103. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  2104. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  2105. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  2106. "
  2107. Information 8/3/2018 4:29:33 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2108. Information 8/3/2018 4:29:33 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  2109. Parameters:<explicit>"
  2110. Information 8/3/2018 4:29:33 PM ESENT 916 General svchost (656,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2111. Information 8/3/2018 4:29:17 PM ESENT 916 General svchost (3460,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2112. Information 8/3/2018 4:29:01 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  2113. Information 8/3/2018 4:27:34 PM ESENT 916 General svchost (8256,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2114. Information 8/3/2018 4:27:31 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  2115.  
  2116. Information 8/3/2018 4:27:30 PM ESENT 326 General "SearchIndexer (6664,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  2117.  
  2118. Saved Cache: 0 0
  2119. Additional Data: lgposAttach = 0000000B:008A:0268
  2120.  
  2121. Internal Timing Sequence:
  2122. [1] 0.000001 +J(0)
  2123. [2] 0.000685 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  2124. [3] 0.013047 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:116K # 0K, PF:144K # 0K, P:144K)
  2125. [4] 0.000220 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  2126. [5] -
  2127. [6] -
  2128. [7] 0.011321 -0.000216 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:58, WS:228K # 0K, PF:644K # 0K, P:644K)
  2129. [8] 0.000290 -0.000146 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 108K, P:256K)
  2130. [9] 0.000286 -0.000197 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  2131. [10] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2132. [11] 0.000026 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  2133. [12] 0.0 +J(0)
  2134. [13] 0.0 +J(0)
  2135. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  2136. Information 8/3/2018 4:27:30 PM ESENT 105 General "SearchIndexer (6664,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  2137.  
  2138. Additional Data:
  2139.  
  2140.  
  2141. Internal Timing Sequence:
  2142. [1] 0.002318 +J(0) +M(C:0K, Fs:228, WS:896K # 896K, PF:5076K # 5076K, P:5076K)
  2143. [2] 0.000200 +J(0) +M(C:0K, Fs:105, WS:420K # 420K, PF:396K # 396K, P:396K)
  2144. [3] 0.001355 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  2145. [4] 0.000083 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:228K # 228K, P:228K)
  2146. [5] 0.000485 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  2147. [6] 0.494917 +J(0) +M(C:0K, Fs:201, WS:780K # 780K, PF:232K # 240K, P:232K)
  2148. [7] 0.008328 +J(0) +M(C:0K, Fs:271, WS:1080K # 1080K, PF:1028K # 1020K, P:1028K)
  2149. [8] -
  2150. [9] -
  2151. [10] -
  2152. [11] -
  2153. [12] -
  2154. [13] 0.010986 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1024K # 12K, P:-1024K)
  2155. [14] 0.000014 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2156. [15] 0.000033 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  2157. [16] 0.000393 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  2158. Information 8/3/2018 4:27:30 PM ESENT 916 General SearchIndexer (6664,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2159. Information 8/3/2018 4:27:30 PM ESENT 102 General SearchIndexer (6664,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  2160. Information 8/3/2018 4:27:29 PM ESENT 916 General taskhostw (4536,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2161. Information 8/3/2018 4:27:29 PM ESENT 916 General svchost (3488,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2162. Information 8/3/2018 4:27:28 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2163. Information 8/3/2018 4:27:28 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  2164. Information 8/3/2018 4:27:28 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  2165. Information 8/3/2018 4:27:27 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  2166.  
  2167. "
  2168. Information 8/3/2018 4:27:28 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2169. Information 8/3/2018 4:27:28 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  2170. Information 8/3/2018 4:27:27 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  2171. Information 8/3/2018 7:36:39 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  2172.  
  2173. "
  2174. Information 8/3/2018 7:36:39 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  2175.  
  2176. DETAIL -
  2177. 22 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  2178. Process 732 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  2179. Process 76 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  2180. Process 76 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  2181. Process 3836 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  2182. Process 8256 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  2183. Process 3172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2184. Process 5172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2185. Process 3836 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  2186. Process 3172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2187. Process 5172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2188. Process 3836 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  2189. Process 3172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2190. Process 5172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2191. Process 5172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2192. Process 3172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2193. Process 628 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  2194. Process 76 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  2195. Process 5172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2196. Process 3172 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2197. Process 3100 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  2198. Process 3100 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  2199. Process 3100 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  2200. "
  2201. Information 8/3/2018 7:36:39 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2202. Information 8/3/2018 7:36:39 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  2203. Information 8/3/2018 7:36:37 AM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  2204. Information 8/3/2018 7:36:35 AM ESENT 916 General DllHost (8864,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2205. Information 8/3/2018 7:36:35 AM ESENT 916 General svchost (8848,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2206. Information 8/3/2018 7:04:11 AM ESENT 916 General svchost (3868,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2207. Information 8/3/2018 6:34:00 AM ESENT 916 General svchost (3868,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2208. Information 8/3/2018 6:31:08 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  2209. Information 8/3/2018 6:30:22 AM ESENT 916 General svchost (3868,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2210. Information 8/3/2018 6:29:21 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2211. Information 8/3/2018 6:29:21 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2212. Information 8/3/2018 6:28:38 AM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  2213. Information 8/3/2018 6:28:10 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2214. Information 8/3/2018 6:28:10 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2215. Information 8/3/2018 6:28:09 AM ESENT 326 General "svchost (5876,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  2216.  
  2217. Saved Cache: 1 0
  2218. Additional Data: lgposAttach = 00000003:0004:0268
  2219.  
  2220. Internal Timing Sequence:
  2221. [1] 0.000001 +J(0)
  2222. [2] 0.000525 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  2223. [3] 0.004689 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K)
  2224. [4] 0.000507 +J(0)
  2225. [5] -
  2226. [6] -
  2227. [7] 0.000266 -0.000165 (1) CM +J(CM:1, PgRf:2, Rd:6/0, Dy:0/0, Lg:0/0) +M(C:16K, Fs:6, WS:24K # 0K, PF:16K # 0K, P:16K)
  2228. [8] 0.001109 -0.000938 (6) CM +J(CM:6, PgRf:23, Rd:0/6, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:116K # 112K, PF:196K # 184K, P:196K)
  2229. [9] 0.000572 -0.000472 (4) CM +J(CM:4, PgRf:40, Rd:0/4, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:64K # 64K, P:64K)
  2230. [10] 0.000128 -0.000116 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  2231. [11] 0.000031 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  2232. [12] 0.0 +J(0)
  2233. [13] 0.0 +J(0)
  2234. [14] 0.000016 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  2235. Information 8/3/2018 6:28:09 AM ESENT 105 General "svchost (5876,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  2236.  
  2237. Additional Data:
  2238. lgposV2[] = 00000002:000D:0000 - 00000003:0001:0000 - 00000003:0002:0000 - 00000003:0002:0000 (00000003:0001:0000)
  2239. ForwardLogsV2 = 0.022080 s - 1 lgens
  2240. cReInits = 3
  2241.  
  2242.  
  2243. Internal Timing Sequence:
  2244. [1] 0.000471 +J(0) +M(C:0K, Fs:138, WS:544K # 544K, PF:2468K # 2468K, P:2468K)
  2245. [2] 0.000156 +J(0) +M(C:8K, Fs:125, WS:496K # 496K, PF:1160K # 1160K, P:1160K)
  2246. [3] 0.000007 +J(0) +M(C:0K, Fs:6, WS:24K # 24K, PF:64K # 64K, P:64K)
  2247. [4] 0.000068 +J(0) +M(C:0K, Fs:47, WS:188K # 188K, PF:168K # 168K, P:168K)
  2248. [5] 0.000546 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:16K # 16K, P:16K)
  2249. [6] 0.003453 +J(0) +M(C:0K, Fs:35, WS:132K # 132K, PF:28K # 28K, P:28K)
  2250. [7] 0.003276 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:64K # 64K, P:64K)
  2251. [8] 0.018068 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:53531/145) +M(C:0K, Fs:168, WS:380K # 384K, PF:248K # 256K, P:248K) + 1 lgens
  2252. [9] 0.001937 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4056/2) +M(C:0K, Fs:19, WS:72K # 72K, PF:60K # 56K, P:60K)
  2253. [10] 0.000519 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K)
  2254. [11] 0.000013 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  2255. [12] 0.000739 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K)
  2256. [13] 0.017937 -0.000267 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:55, WS:100K # 124K, PF:160K # 164K, P:160K)
  2257. [14] 0.000014 +J(0)
  2258. [15] 0.000008 +J(0)
  2259. [16] 0.000695 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  2260. Information 8/3/2018 6:28:09 AM ESENT 302 Logging/Recovery svchost (5876,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  2261. Information 8/3/2018 6:28:09 AM ESENT 301 Logging/Recovery "svchost (5876,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  2262.  
  2263. Previous Log Processing Stats:
  2264. [1] 0.008345 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:53531/145) +M(C:0K, Fs:112, WS:232K # 172K, PF:160K # 100K, P:160K)."
  2265. Information 8/3/2018 6:28:09 AM ESENT 301 Logging/Recovery "svchost (5876,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS00002.log.
  2266.  
  2267. Previous Log Processing Stats: "
  2268. Information 8/3/2018 6:28:09 AM ESENT 300 Logging/Recovery svchost (5876,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  2269. Information 8/3/2018 6:28:09 AM ESENT 916 General svchost (5876,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2270. Information 8/3/2018 6:28:09 AM ESENT 102 General svchost (5876,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  2271. Information 8/3/2018 6:28:08 AM ESENT 916 General svchost (3172,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2272. Information 8/3/2018 5:43:57 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2273. Information 8/3/2018 5:43:57 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2274. Information 8/3/2018 5:37:10 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-10T12:37:10Z. Reason: RulesEngine.
  2275. Information 8/3/2018 5:36:53 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  2276. Information 8/3/2018 5:36:33 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2277. Information 8/3/2018 5:36:10 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  2278. "
  2279. Information 8/3/2018 5:36:10 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-10T12:36:10Z. Reason: RulesEngine.
  2280. Information 8/3/2018 5:35:42 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2281. Information 8/3/2018 5:35:42 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2282. Information 8/3/2018 5:35:40 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  2283. 10.0.17134.112"
  2284. Information 8/3/2018 5:35:40 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  2285. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  2286. Licensing Status=
  2287. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2288. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2289. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2290. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2291. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2292. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2293. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2294. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2295. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2296. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2297. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2298. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2299. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2300. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2301. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2302. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2303. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2304. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  2305. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2306. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2307. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2308. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2309. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2310. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2311. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2312. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2313. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2314. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2315. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2316. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2317. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2318. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2319. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2320. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2321. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2322. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2323. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2324. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2325. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2326. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2327. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2328. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2329. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2330. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2331. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2332. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2333.  
  2334. "
  2335. Information 8/3/2018 5:35:40 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  2336. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  2337. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  2338. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  2339. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  2340. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  2341. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  2342. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  2343. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  2344. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  2345. "
  2346. Information 8/3/2018 5:35:40 AM SecurityCenter 1 None The Windows Security Center Service has started.
  2347. Information 8/3/2018 5:35:40 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2348. Information 8/3/2018 5:35:40 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  2349. Parameters:<explicit>"
  2350. Information 8/3/2018 5:35:39 AM ESENT 916 General svchost (7908,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2351. Information 8/3/2018 5:33:55 AM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6.
  2352. Information 8/3/2018 5:33:55 AM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6.
  2353. Information 8/3/2018 5:33:54 AM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6.
  2354. Information 8/3/2018 5:33:43 AM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  2355. Information 8/3/2018 5:33:43 AM ESENT 916 General svchost (3824,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2356. Information 8/3/2018 5:33:35 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  2357.  
  2358. Information 8/3/2018 5:33:35 AM ESENT 326 General "SearchIndexer (6640,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  2359.  
  2360. Saved Cache: 0 0
  2361. Additional Data: lgposAttach = 0000000B:0070:0268
  2362.  
  2363. Internal Timing Sequence:
  2364. [1] 0.000001 +J(0)
  2365. [2] 0.000525 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  2366. [3] 0.008879 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K)
  2367. [4] 0.000446 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  2368. [5] -
  2369. [6] -
  2370. [7] 0.006056 -0.000253 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:58, WS:232K # 0K, PF:660K # 0K, P:660K)
  2371. [8] 0.000298 -0.000156 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 136K, P:256K)
  2372. [9] 0.000277 -0.000208 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  2373. [10] 0.000008 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2374. [11] 0.000027 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  2375. [12] 0.0 +J(0)
  2376. [13] 0.0 +J(0)
  2377. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  2378. Information 8/3/2018 5:33:35 AM ESENT 105 General "SearchIndexer (6640,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  2379.  
  2380. Additional Data:
  2381.  
  2382.  
  2383. Internal Timing Sequence:
  2384. [1] 0.002416 +J(0) +M(C:0K, Fs:232, WS:904K # 904K, PF:5084K # 5084K, P:5084K)
  2385. [2] 0.000174 +J(0) +M(C:0K, Fs:105, WS:420K # 420K, PF:396K # 396K, P:396K)
  2386. [3] 0.001361 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  2387. [4] 0.000078 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:228K # 228K, P:228K)
  2388. [5] 0.000461 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  2389. [6] 0.533103 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:20K # 20K, P:20K)
  2390. [7] 0.005365 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  2391. [8] -
  2392. [9] -
  2393. [10] -
  2394. [11] -
  2395. [12] -
  2396. [13] 0.011047 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1020K # 12K, P:-1020K)
  2397. [14] 0.000014 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2398. [15] 0.000033 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  2399. [16] 0.000289 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  2400. Information 8/3/2018 5:33:35 AM ESENT 916 General SearchIndexer (6640,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2401. Information 8/3/2018 5:33:34 AM ESENT 102 General SearchIndexer (6640,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  2402. Information 8/3/2018 5:33:34 AM ESENT 916 General taskhostw (4240,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2403. Information 8/3/2018 5:33:32 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  2404. Information 8/3/2018 5:33:33 AM ESENT 916 General svchost (3868,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2405. Information 8/3/2018 5:33:32 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2406. Information 8/3/2018 5:33:32 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  2407. Information 8/3/2018 5:33:31 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  2408.  
  2409. "
  2410. Information 8/3/2018 5:33:32 AM ESENT 916 General svchost (3172,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2411. Information 8/3/2018 5:33:32 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  2412. Information 8/3/2018 5:33:31 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  2413. Information 8/2/2018 10:09:49 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  2414.  
  2415. "
  2416. Information 8/2/2018 10:09:49 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  2417.  
  2418. DETAIL -
  2419. 5 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  2420. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2421. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2422. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2423. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  2424. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  2425. "
  2426. Information 8/2/2018 10:09:49 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  2427.  
  2428. DETAIL -
  2429. 35 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  2430. Process 736 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  2431. Process 76 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  2432. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\CommsAPHost\Test
  2433. Process 76 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  2434. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  2435. Process 1304 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  2436. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  2437. Process 1520 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2438. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2439. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2440. Process 3772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2441. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  2442. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Unified Store\HighWaterMarks\C:_Users_Desky_AppData_Local_Comms_UnistoreDB_store.vol
  2443. Process 1520 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2444. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2445. Process 3772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2446. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2447. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  2448. Process 1520 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2449. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2450. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2451. Process 3772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2452. Process 3772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2453. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2454. Process 1520 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2455. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2456. Process 632 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  2457. Process 76 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  2458. Process 3772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2459. Process 7768 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2460. Process 1520 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2461. Process 3808 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2462. Process 3064 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  2463. Process 3064 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  2464. Process 3064 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  2465. "
  2466. Information 8/2/2018 10:09:48 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  2467. Information 8/2/2018 10:09:49 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2468. Information 8/2/2018 10:09:49 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  2469. Information 8/2/2018 10:09:46 PM ESENT 916 General svchost (6468,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2470. Information 8/2/2018 10:09:46 PM ESENT 916 General DllHost (8320,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2471. Information 8/2/2018 9:18:46 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2472. Information 8/2/2018 8:33:33 PM ESENT 916 General svchost (7064,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2473. Information 8/2/2018 8:30:43 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-10T03:30:43Z. Reason: RulesEngine.
  2474. Information 8/2/2018 8:30:13 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2475. Information 8/2/2018 8:30:12 PM ESENT 916 General svchost (1520,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2476. Information 8/2/2018 8:29:54 PM ESENT 916 General DllHost (8320,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2477. Information 8/2/2018 8:21:01 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2478. Information 8/2/2018 8:18:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2479. Information 8/2/2018 8:17:51 PM ESENT 916 General svchost (1520,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2480. Information 8/2/2018 8:11:12 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2481. Information 8/2/2018 7:32:56 PM ESENT 916 General DllHost (8320,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2482. Information 8/2/2018 7:17:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2483. Information 8/2/2018 6:16:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2484. Information 8/2/2018 5:50:53 PM ESENT 916 General svchost (4840,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2485. Information 8/2/2018 5:39:55 PM ESENT 916 General svchost (1520,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2486. Information 8/2/2018 5:25:25 PM ESENT 916 General svchost (4544,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2487. Information 8/2/2018 5:15:00 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2488. Information 8/2/2018 4:27:56 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2489. Information 8/2/2018 4:18:24 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-09T23:18:24Z. Reason: RulesEngine.
  2490. Information 8/2/2018 4:18:08 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2491. Information 8/2/2018 4:18:08 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2492. Information 8/2/2018 4:17:54 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2493. Information 8/2/2018 4:17:28 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  2494. "
  2495. Information 8/2/2018 4:17:28 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-09T23:17:28Z. Reason: RulesEngine.
  2496. Information 8/2/2018 4:17:00 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2497. Information 8/2/2018 4:17:00 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2498. Information 8/2/2018 4:16:58 PM SecurityCenter 1 None The Windows Security Center Service has started.
  2499. Information 8/2/2018 4:16:58 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  2500. 10.0.17134.112"
  2501. Information 8/2/2018 4:16:58 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  2502. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  2503. Licensing Status=
  2504. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2505. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2506. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2507. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2508. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2509. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2510. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2511. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2512. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2513. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2514. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2515. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2516. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2517. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2518. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2519. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2520. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2521. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  2522. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2523. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2524. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2525. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2526. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2527. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2528. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2529. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2530. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2531. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2532. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2533. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2534. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2535. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2536. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2537. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2538. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2539. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2540. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2541. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2542. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2543. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2544. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2545. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2546. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2547. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2548. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2549. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2550.  
  2551. "
  2552. Information 8/2/2018 4:16:58 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  2553. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  2554. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  2555. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  2556. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  2557. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  2558. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  2559. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  2560. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  2561. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  2562. "
  2563. Information 8/2/2018 4:16:58 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2564. Information 8/2/2018 4:16:58 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  2565. Parameters:<explicit>"
  2566. Information 8/2/2018 4:16:57 PM ESENT 916 General svchost (2184,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2567. Information 8/2/2018 4:16:42 PM ESENT 916 General svchost (3784,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2568. Information 8/2/2018 4:16:31 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  2569. Information 8/2/2018 4:16:07 PM ESENT 916 General svchost (7768,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2570. Information 8/2/2018 4:14:55 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  2571.  
  2572. Information 8/2/2018 4:14:55 PM ESENT 326 General "SearchIndexer (6456,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  2573.  
  2574. Saved Cache: 0 0
  2575. Additional Data: lgposAttach = 0000000B:0034:0268
  2576.  
  2577. Internal Timing Sequence:
  2578. [1] 0.000001 +J(0)
  2579. [2] 0.000597 +J(0) +M(C:0K, Fs:27, WS:40K # 0K, PF:32K # 0K, P:32K)
  2580. [3] 0.009017 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:140K # 0K, P:140K)
  2581. [4] 0.000264 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  2582. [5] -
  2583. [6] -
  2584. [7] 0.015889 -0.000242 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:63, WS:248K # 0K, PF:668K # 0K, P:668K)
  2585. [8] 0.000370 -0.000216 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 132K, P:256K)
  2586. [9] 0.000281 -0.000206 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  2587. [10] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2588. [11] 0.000028 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  2589. [12] 0.0 +J(0)
  2590. [13] 0.0 +J(0)
  2591. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  2592. Information 8/2/2018 4:14:55 PM ESENT 105 General "SearchIndexer (6456,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  2593.  
  2594. Additional Data:
  2595.  
  2596.  
  2597. Internal Timing Sequence:
  2598. [1] 0.000497 +J(0) +M(C:0K, Fs:176, WS:688K # 688K, PF:5080K # 5080K, P:5080K)
  2599. [2] 0.000187 +J(0) +M(C:0K, Fs:160, WS:648K # 648K, PF:400K # 400K, P:400K)
  2600. [3] 0.000016 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  2601. [4] 0.000063 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:228K # 228K, P:228K)
  2602. [5] 0.000452 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  2603. [6] 0.473017 +J(0) +M(C:0K, Fs:204, WS:800K # 800K, PF:236K # 244K, P:236K)
  2604. [7] 0.003422 +J(0) +M(C:0K, Fs:271, WS:1080K # 1080K, PF:1028K # 1020K, P:1028K)
  2605. [8] -
  2606. [9] -
  2607. [10] -
  2608. [11] -
  2609. [12] -
  2610. [13] 0.010639 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1024K # 12K, P:-1024K)
  2611. [14] 0.000013 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2612. [15] 0.000033 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  2613. [16] 0.000205 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  2614. Information 8/2/2018 4:14:55 PM ESENT 916 General SearchIndexer (6456,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2615. Information 8/2/2018 4:14:55 PM ESENT 102 General SearchIndexer (6456,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  2616. Information 8/2/2018 4:14:54 PM ESENT 916 General taskhostw (3668,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2617. Information 8/2/2018 4:14:53 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  2618. Information 8/2/2018 4:14:53 PM ESENT 916 General svchost (3792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2619. Information 8/2/2018 4:14:53 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  2620. Information 8/2/2018 4:14:52 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  2621.  
  2622. "
  2623. Information 8/2/2018 4:14:53 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2624. Information 8/2/2018 4:14:53 PM ESENT 916 General svchost (1520,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2625. Information 8/2/2018 4:14:52 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  2626. Information 8/2/2018 4:14:52 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  2627. Information 8/2/2018 12:14:26 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  2628.  
  2629. "
  2630. Information 8/2/2018 12:14:26 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  2631.  
  2632. DETAIL -
  2633. 5 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  2634. Process 7032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2635. Process 7032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2636. Process 7032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2637. Process 7032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  2638. Process 7032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  2639. "
  2640. Information 8/2/2018 12:14:26 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  2641.  
  2642. DETAIL -
  2643. 16 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  2644. Process 728 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  2645. Process 1016 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  2646. Process 1016 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  2647. Process 3644 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  2648. Process 3972 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  2649. Process 7032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  2650. Process 2832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2651. Process 3644 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  2652. Process 2832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2653. Process 3644 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  2654. Process 7032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  2655. Process 2832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2656. Process 2832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2657. Process 624 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  2658. Process 1016 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  2659. Process 2832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2660. "
  2661. Information 8/2/2018 12:14:26 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2662. Information 8/2/2018 12:14:26 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  2663. Information 8/2/2018 12:14:24 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  2664. Information 8/2/2018 12:13:23 PM ESENT 916 General DllHost (8680,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2665. Information 8/2/2018 12:13:23 PM ESENT 916 General svchost (8440,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2666. Information 8/2/2018 12:11:31 PM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎08‎-‎02T19:11:26.108756400Z.
  2667. Information 8/2/2018 12:11:31 PM MsiInstaller 1042 None Ending a Windows Installer transaction: D:\Steam\steamapps\common\Stardew Valley\_CommonRedist\XNA\4.0\xnafx40_redist.msi. Client Process Id: 7504.
  2668. Information 8/2/2018 12:11:31 PM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft XNA Framework Redistributable 4.0 Refresh. Product Version: 4.0.30901.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  2669. Information 8/2/2018 12:11:31 PM MsiInstaller 11707 None Product: Microsoft XNA Framework Redistributable 4.0 Refresh -- Installation completed successfully.
  2670. Information 8/2/2018 12:11:26 PM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎08‎-‎02T19:11:26.108756400Z.
  2671. Information 8/2/2018 12:11:26 PM System Restore 8216 None "Skipping creation of restore point (Process = C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe"" /silent; Description = Installed DirectX) as there is a restore point avaliable which is recent enough for System Restore."
  2672. Information 8/2/2018 12:11:25 PM MsiInstaller 1040 None Beginning a Windows Installer transaction: D:\Steam\steamapps\common\Stardew Valley\_CommonRedist\XNA\4.0\xnafx40_redist.msi. Client Process Id: 7504.
  2673. Information 8/2/2018 12:10:21 PM ESENT 916 General taskhostw (4544,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2674. Information 8/2/2018 12:10:19 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2675. Information 8/2/2018 12:10:19 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  2676. Information 8/2/2018 12:08:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2677. Information 8/2/2018 12:08:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2678. Information 8/2/2018 12:08:07 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-09T19:08:07Z. Reason: RulesEngine.
  2679. Information 8/2/2018 12:07:30 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2680. Information 8/2/2018 12:01:02 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  2681. "
  2682. Information 8/2/2018 12:01:02 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-09T19:01:02Z. Reason: RulesEngine.
  2683. Information 8/2/2018 12:00:34 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2684. Information 8/2/2018 12:00:34 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2685. Information 8/2/2018 12:00:33 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  2686.  
  2687. Information 8/2/2018 12:00:33 PM ESENT 326 General "SearchIndexer (644,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  2688.  
  2689. Saved Cache: 0 0
  2690. Additional Data: lgposAttach = 0000000A:00F0:0268
  2691.  
  2692. Internal Timing Sequence:
  2693. [1] 0.000001 +J(0)
  2694. [2] 0.053417 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  2695. [3] 0.188040 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K)
  2696. [4] 0.000288 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  2697. [5] -
  2698. [6] -
  2699. [7] 0.018417 -0.000559 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:60, WS:236K # 0K, PF:664K # 0K, P:664K)
  2700. [8] 0.062158 -0.061939 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 136K, P:256K)
  2701. [9] 0.000399 -0.000322 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  2702. [10] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2703. [11] 0.000025 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  2704. [12] 0.0 +J(0)
  2705. [13] 0.0 +J(0)
  2706. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  2707. Information 8/2/2018 12:00:32 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  2708. 10.0.17134.112"
  2709. Information 8/2/2018 12:00:32 PM ESENT 105 General "SearchIndexer (644,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  2710.  
  2711. Additional Data:
  2712.  
  2713.  
  2714. Internal Timing Sequence:
  2715. [1] 0.002826 +J(0) +M(C:0K, Fs:229, WS:900K # 900K, PF:5084K # 5084K, P:5084K)
  2716. [2] 0.000285 +J(0) +M(C:0K, Fs:107, WS:424K # 424K, PF:400K # 400K, P:400K)
  2717. [3] 0.001549 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  2718. [4] 0.000106 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:228K # 228K, P:228K)
  2719. [5] 0.000759 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  2720. [6] 0.004076 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:20K # 20K, P:20K)
  2721. [7] 0.025858 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  2722. [8] -
  2723. [9] -
  2724. [10] -
  2725. [11] -
  2726. [12] -
  2727. [13] 0.038269 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1020K # 12K, P:-1020K)
  2728. [14] 0.000022 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  2729. [15] 0.000029 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  2730. [16] 0.000267 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  2731. Information 8/2/2018 12:00:32 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  2732. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  2733. Licensing Status=
  2734. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2735. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2736. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2737. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2738. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2739. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2740. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2741. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2742. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2743. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2744. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2745. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2746. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2747. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2748. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2749. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2750. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2751. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  2752. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2753. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2754. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2755. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2756. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2757. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2758. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2759. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2760. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2761. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2762. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2763. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2764. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2765. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2766. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2767. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2768. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2769. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2770. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2771. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2772. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2773. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2774. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2775. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2776. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2777. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2778. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2779. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2780.  
  2781. "
  2782. Information 8/2/2018 12:00:32 PM SecurityCenter 1 None The Windows Security Center Service has started.
  2783. Information 8/2/2018 12:00:32 PM ESENT 916 General SearchIndexer (644,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2784. Information 8/2/2018 12:00:32 PM ESENT 102 General SearchIndexer (644,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  2785. Information 8/2/2018 12:00:32 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  2786. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  2787. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  2788. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  2789. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  2790. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  2791. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  2792. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  2793. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  2794. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  2795. "
  2796. Information 8/2/2018 12:00:32 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2797. Information 8/2/2018 12:00:32 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  2798. Parameters:<explicit>"
  2799. Information 8/2/2018 12:00:31 PM ESENT 916 General svchost (3056,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2800. Information 8/2/2018 12:00:17 PM ESENT 916 General svchost (3636,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2801. Information 8/2/2018 11:58:29 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  2802. Information 8/2/2018 11:58:29 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  2803. Information 8/2/2018 11:58:29 AM ESENT 916 General svchost (3672,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2804. Information 8/2/2018 11:58:29 AM ESENT 916 General svchost (3124,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2805. Information 8/2/2018 11:58:28 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  2806.  
  2807. "
  2808. Information 8/2/2018 11:58:28 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  2809. Information 8/2/2018 7:09:09 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  2810.  
  2811. "
  2812. Information 8/1/2018 11:26:36 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2813. Information 8/1/2018 11:26:36 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  2814.  
  2815. DETAIL -
  2816. 10 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  2817. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2818. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2819. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2820. Process 5396 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2821. Process 5396 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2822. Process 5396 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  2823. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  2824. Process 5396 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  2825. Process 5396 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  2826. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  2827. "
  2828. Information 8/1/2018 11:26:36 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  2829.  
  2830. DETAIL -
  2831. 29 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  2832. Process 736 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  2833. Process 320 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  2834. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\CommsAPHost\Test
  2835. Process 320 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  2836. Process 3728 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  2837. Process 5792 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  2838. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  2839. Process 5396 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  2840. Process 5564 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2841. Process 3144 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2842. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  2843. Process 3728 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  2844. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Unified Store\HighWaterMarks\C:_Users_Desky_AppData_Local_Comms_UnistoreDB_store.vol
  2845. Process 3144 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2846. Process 5564 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2847. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  2848. Process 3728 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  2849. Process 5396 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  2850. Process 5564 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2851. Process 3144 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2852. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  2853. Process 5564 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2854. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2855. Process 3144 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  2856. Process 632 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  2857. Process 320 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  2858. Process 5564 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2859. Process 7772 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2860. Process 3144 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  2861. "
  2862. Information 8/1/2018 11:26:35 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  2863. Information 8/1/2018 11:26:36 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  2864. Information 8/1/2018 11:26:36 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  2865. Information 8/1/2018 11:26:33 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  2866. Information 8/1/2018 11:26:33 PM Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port.
  2867. Information 8/1/2018 11:26:21 PM ESENT 916 General DllHost (3304,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2868. Information 8/1/2018 11:03:00 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2869. Information 8/1/2018 10:36:00 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2870. Information 8/1/2018 10:34:54 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  2871. Information 8/1/2018 10:31:55 PM ESENT 326 General "svchost (4560,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  2872.  
  2873. Saved Cache: 1 0
  2874. Additional Data: lgposAttach = 00000002:000E:0268
  2875.  
  2876. Internal Timing Sequence:
  2877. [1] 0.000002 +J(0)
  2878. [2] 0.000641 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  2879. [3] 0.006566 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:255/1) +M(C:0K, Fs:30, WS:104K # 44K, PF:36K # 0K, P:36K)
  2880. [4] 0.000542 +J(0)
  2881. [5] -
  2882. [6] -
  2883. [7] 0.000230 -0.000153 (1) CM +J(CM:1, PgRf:2, Rd:4/0, Dy:0/0, Lg:0/0) +M(C:16K, Fs:4, WS:16K # 12K, PF:16K # 0K, P:16K)
  2884. [8] 0.000479 -0.000295 (3) CM +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:-8K, Fs:32, WS:120K # 120K, PF:192K # 188K, P:192K)
  2885. [9] 0.000542 -0.000410 (3) CM +J(CM:3, PgRf:40, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 16K, PF:64K # 56K, P:64K)
  2886. [10] 0.000189 -0.000174 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  2887. [11] 0.001816 -0.001726 (1) CM +J(CM:1, PgRf:42, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  2888. [12] 0.000001 +J(0)
  2889. [13] 0.0 +J(0)
  2890. [14] 0.001179 -0.001150 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0)."
  2891. Information 8/1/2018 10:31:55 PM ESENT 105 General "svchost (4560,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  2892.  
  2893. Additional Data:
  2894. lgposV2[] = 00000002:0009:0000 - 00000002:000C:0000 - 00000000:0000:0000 - 00000002:000C:0000 (00000000:0000:0000)
  2895. cReInits = 2
  2896.  
  2897.  
  2898. Internal Timing Sequence:
  2899. [1] 0.000521 +J(0) +M(C:0K, Fs:137, WS:540K # 540K, PF:2460K # 2460K, P:2460K)
  2900. [2] 0.000183 +J(0) +M(C:8K, Fs:151, WS:596K # 596K, PF:1160K # 1160K, P:1160K)
  2901. [3] 0.000008 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K)
  2902. [4] 0.000069 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:176K # 176K, P:176K)
  2903. [5] 0.000640 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:16K # 16K, P:16K)
  2904. [6] 0.003685 +J(0) +M(C:0K, Fs:34, WS:136K # 136K, PF:24K # 24K, P:24K)
  2905. [7] 0.003495 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:64K # 64K, P:64K)
  2906. [8] 0.017058 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:44588/138) +M(C:0K, Fs:150, WS:372K # 372K, PF:248K # 252K, P:248K)
  2907. [9] -
  2908. [10] 0.000556 +J(0) +M(C:0K, Fs:18, WS:12K # 68K, PF:4K # 60K, P:4K)
  2909. [11] 0.000012 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  2910. [12] 0.001632 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K)
  2911. [13] 0.019010 -0.000291 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:55, WS:100K # 128K, PF:160K # 168K, P:160K)
  2912. [14] 0.000015 +J(0)
  2913. [15] 0.000007 +J(0)
  2914. [16] 0.000778 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  2915. Information 8/1/2018 10:31:55 PM ESENT 302 Logging/Recovery svchost (4560,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  2916. Information 8/1/2018 10:31:55 PM ESENT 301 Logging/Recovery "svchost (4560,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  2917.  
  2918. Previous Log Processing Stats: "
  2919. Information 8/1/2018 10:31:55 PM ESENT 300 Logging/Recovery svchost (4560,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  2920. Information 8/1/2018 10:31:55 PM ESENT 916 General svchost (4560,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2921. Information 8/1/2018 10:31:55 PM ESENT 102 General svchost (4560,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  2922. Information 8/1/2018 10:31:54 PM ESENT 916 General svchost (3144,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2923. Information 8/1/2018 10:31:53 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2924. Information 8/1/2018 9:35:00 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2925. Information 8/1/2018 8:34:06 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  2926. Information 8/1/2018 8:34:00 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2927. Information 8/1/2018 8:31:55 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2928. Information 8/1/2018 8:31:55 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2929. Information 8/1/2018 8:31:08 PM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5.
  2930. Information 8/1/2018 8:31:08 PM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5.
  2931. Information 8/1/2018 8:31:07 PM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5.
  2932. Information 8/1/2018 8:30:56 PM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  2933. Information 8/1/2018 8:30:56 PM ESENT 916 General svchost (3696,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2934. Information 8/1/2018 8:30:43 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2935. Information 8/1/2018 8:30:43 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2936. Information 8/1/2018 7:41:01 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2937. Information 8/1/2018 7:31:28 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2938. Information 8/1/2018 7:02:58 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2939. Information 8/1/2018 6:54:11 PM ESENT 916 General MicrosoftEdge (1720,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2940. Information 8/1/2018 6:54:02 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  2941. Information 8/1/2018 6:53:41 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2942. Information 8/1/2018 6:53:38 PM ESENT 916 General svchost (3144,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2943. Information 8/1/2018 6:52:16 PM ESENT 916 General DllHost (3304,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2944. Information 8/1/2018 6:32:00 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2945. Information 8/1/2018 5:53:15 PM ESENT 916 General svchost (3144,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2946. Information 8/1/2018 5:34:57 PM ESENT 916 General svchost (3144,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2947. Information 8/1/2018 5:31:00 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  2948. Information 8/1/2018 4:34:20 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-08T23:34:20Z. Reason: RulesEngine.
  2949. Information 8/1/2018 4:33:58 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2950. Information 8/1/2018 4:33:58 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2951. Information 8/1/2018 4:33:41 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  2952. Information 8/1/2018 4:33:13 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  2953. "
  2954. Information 8/1/2018 4:33:13 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-08T23:33:13Z. Reason: RulesEngine.
  2955. Information 8/1/2018 4:32:45 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2956. Information 8/1/2018 4:32:45 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  2957. Information 8/1/2018 4:32:43 PM SecurityCenter 1 None The Windows Security Center Service has started.
  2958. Information 8/1/2018 4:32:43 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  2959. 10.0.17134.112"
  2960. Information 8/1/2018 4:32:43 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  2961. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  2962. Licensing Status=
  2963. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2964. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2965. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2966. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2967. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2968. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2969. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2970. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2971. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2972. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2973. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2974. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2975. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2976. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2977. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2978. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2979. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2980. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  2981. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2982. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2983. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2984. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2985. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2986. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2987. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2988. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2989. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2990. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2991. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2992. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2993. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2994. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2995. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2996. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2997. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2998. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  2999. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3000. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3001. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3002. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3003. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3004. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3005. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3006. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3007. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3008. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3009.  
  3010. "
  3011. Information 8/1/2018 4:32:43 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  3012. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  3013. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  3014. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  3015. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  3016. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  3017. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  3018. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  3019. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  3020. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  3021. "
  3022. Information 8/1/2018 4:32:43 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  3023. Information 8/1/2018 4:32:43 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  3024. Parameters:<explicit>"
  3025. Information 8/1/2018 4:31:34 PM ESENT 916 General DllHost (3304,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3026. Information 8/1/2018 4:31:20 PM ESENT 916 General svchost (3696,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3027. Information 8/1/2018 4:30:57 PM ESENT 916 General svchost (7772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3028. Information 8/1/2018 4:30:56 PM ESENT 916 General svchost (7792,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3029. Information 8/1/2018 4:30:55 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  3030.  
  3031. Information 8/1/2018 4:30:55 PM ESENT 326 General "SearchIndexer (6764,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  3032.  
  3033. Saved Cache: 0 0
  3034. Additional Data: lgposAttach = 00000009:00E5:0268
  3035.  
  3036. Internal Timing Sequence:
  3037. [1] 0.000001 +J(0)
  3038. [2] 0.010100 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  3039. [3] 0.011068 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:116K # 0K, PF:144K # 0K, P:144K)
  3040. [4] 0.001434 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  3041. [5] -
  3042. [6] -
  3043. [7] 0.018323 -0.000247 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:660K # 0K, P:660K)
  3044. [8] 0.000378 -0.000238 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 136K, P:256K)
  3045. [9] 0.000289 -0.000208 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  3046. [10] 0.000008 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3047. [11] 0.000028 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  3048. [12] 0.0 +J(0)
  3049. [13] 0.0 +J(0)
  3050. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  3051. Information 8/1/2018 4:30:54 PM ESENT 105 General "SearchIndexer (6764,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  3052.  
  3053. Additional Data:
  3054.  
  3055.  
  3056. Internal Timing Sequence:
  3057. [1] 0.000482 +J(0) +M(C:0K, Fs:171, WS:664K # 664K, PF:5080K # 5080K, P:5080K)
  3058. [2] 0.000187 +J(0) +M(C:0K, Fs:162, WS:652K # 652K, PF:400K # 400K, P:400K)
  3059. [3] 0.000015 +J(0) +M(C:0K, Fs:10, WS:36K # 36K, PF:72K # 72K, P:72K)
  3060. [4] 0.000059 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:228K # 228K, P:228K)
  3061. [5] 0.000463 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:96K # 96K, P:96K)
  3062. [6] 0.041572 +J(0) +M(C:0K, Fs:92, WS:364K # 364K, PF:36K # 36K, P:36K)
  3063. [7] 0.014690 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  3064. [8] -
  3065. [9] -
  3066. [10] -
  3067. [11] -
  3068. [12] -
  3069. [13] 0.037469 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1020K # 12K, P:-1020K)
  3070. [14] 0.000015 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3071. [15] 0.000033 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  3072. [16] 0.010753 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  3073. Information 8/1/2018 4:30:54 PM ESENT 916 General SearchIndexer (6764,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3074. Information 8/1/2018 4:30:54 PM ESENT 102 General SearchIndexer (6764,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  3075. Information 8/1/2018 4:30:54 PM ESENT 916 General taskhostw (2828,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3076. Information 8/1/2018 4:30:52 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  3077. Information 8/1/2018 4:30:52 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  3078. Information 8/1/2018 4:30:42 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  3079. Event Name: LiveKernelEvent
  3080. Response: Not available
  3081. Cab Id: 0
  3082.  
  3083. Problem signature:
  3084. P1: ab
  3085. P2: 1
  3086. P3: 40
  3087. P4: 0
  3088. P5: 2
  3089. P6: 10_0_17134
  3090. P7: 0_0
  3091. P8: 256_1
  3092. P9:
  3093. P10:
  3094.  
  3095. Attached files:
  3096. \\?\C:\Windows\LiveKernelReports\win32k.sys\win32k.sys-20180801-0716.dmp
  3097. \\?\C:\Windows\TEMP\WER-52820515-0.sysdata.xml
  3098. \\?\C:\Windows\LiveKernelReports\win32k.sys-20180801-0716.dmp
  3099. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER464.tmp.WERInternalMetadata.xml
  3100. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER475.tmp.xml
  3101. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER474.tmp.csv
  3102. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER475.tmp.txt
  3103.  
  3104. These files may be available here:
  3105. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_ab_101499abb5718d62fe4d2a80b240116f74964_00000000_cab_0ab433b2
  3106.  
  3107. Analysis symbol:
  3108. Rechecking for solution: 0
  3109. Report Id: a4fa4f50-63e1-419b-8892-e15e342ff0f3
  3110. Report Status: 2049
  3111. Hashed bucket:
  3112. Cab Guid: 0"
  3113. Information 8/1/2018 4:30:41 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  3114. Information 8/1/2018 4:30:42 PM ESENT 916 General svchost (3744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3115. Information 8/1/2018 4:30:41 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  3116. Information 8/1/2018 4:30:40 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  3117.  
  3118. "
  3119. Information 8/1/2018 4:30:41 PM ESENT 916 General svchost (3144,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3120. Information 8/1/2018 4:30:40 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  3121. Information 8/1/2018 7:16:45 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  3122.  
  3123. "
  3124. Information 8/1/2018 7:16:45 AM Windows Error Reporting 1001 None "Fault bucket , type 0
  3125. Event Name: LiveKernelEvent
  3126. Response: Not available
  3127. Cab Id: 0
  3128.  
  3129. Problem signature:
  3130. P1: ab
  3131. P2: 1
  3132. P3: 40
  3133. P4: 0
  3134. P5: 2
  3135. P6: 10_0_17134
  3136. P7: 0_0
  3137. P8: 256_1
  3138. P9:
  3139. P10:
  3140.  
  3141. Attached files:
  3142. \\?\C:\Windows\LiveKernelReports\win32k.sys\win32k.sys-20180801-0716.dmp
  3143. \\?\C:\Windows\TEMP\WER-52820515-0.sysdata.xml
  3144. \\?\C:\Windows\LiveKernelReports\win32k.sys-20180801-0716.dmp
  3145. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER464.tmp.WERInternalMetadata.xml
  3146. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER475.tmp.xml
  3147. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER474.tmp.csv
  3148. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER475.tmp.txt
  3149.  
  3150. These files may be available here:
  3151. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_ab_101499abb5718d62fe4d2a80b240116f74964_00000000_0a360483
  3152.  
  3153. Analysis symbol:
  3154. Rechecking for solution: 0
  3155. Report Id: a4fa4f50-63e1-419b-8892-e15e342ff0f3
  3156. Report Status: 4
  3157. Hashed bucket:
  3158. Cab Guid: 0"
  3159. Information 7/31/2018 10:40:30 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3160. Information 7/31/2018 10:40:30 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  3161.  
  3162. DETAIL -
  3163. 5 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  3164. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  3165. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  3166. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  3167. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  3168. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  3169. "
  3170. Information 7/31/2018 10:40:30 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  3171.  
  3172. DETAIL -
  3173. 34 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  3174. Process 732 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  3175. Process 336 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  3176. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\CommsAPHost\Test
  3177. Process 336 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  3178. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  3179. Process 4444 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  3180. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  3181. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3182. Process 3480 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3183. Process 5468 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3184. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  3185. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Unified Store\HighWaterMarks\C:_Users_Desky_AppData_Local_Comms_UnistoreDB_store.vol
  3186. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  3187. Process 5468 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  3188. Process 3480 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  3189. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  3190. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  3191. Process 3480 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  3192. Process 5468 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  3193. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3194. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3195. Process 3480 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3196. Process 5468 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3197. Process 628 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  3198. Process 336 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  3199. Process 3080 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3200. Process 5744 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3201. Process 3480 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3202. Process 5468 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3203. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3204. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3205. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3206. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3207. Process 3268 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3208. "
  3209. Information 7/31/2018 10:40:29 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  3210. Information 7/31/2018 10:40:30 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  3211. Information 7/31/2018 10:40:30 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  3212. Information 7/31/2018 10:40:27 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  3213. Information 7/31/2018 10:40:27 PM Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port.
  3214. Information 7/31/2018 10:40:24 PM ESENT 916 General DllHost (7772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3215. Information 7/31/2018 10:15:08 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  3216. Information 7/31/2018 10:12:10 PM ESENT 326 General "svchost (8732,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  3217.  
  3218. Saved Cache: 1 0
  3219. Additional Data: lgposAttach = 00000002:000A:0268
  3220.  
  3221. Internal Timing Sequence:
  3222. [1] 0.000001 +J(0)
  3223. [2] 0.000545 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  3224. [3] 0.003953 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:40K # 0K, P:40K)
  3225. [4] 0.000632 +J(0)
  3226. [5] -
  3227. [6] -
  3228. [7] 0.000288 -0.000195 (1) CM +J(CM:1, PgRf:2, Rd:4/0, Dy:0/0, Lg:0/0) +M(C:8K, Fs:4, WS:16K # 0K, PF:8K # 0K, P:8K)
  3229. [8] 0.000845 -0.000645 (6) CM +J(CM:6, PgRf:23, Rd:0/6, Dy:0/0, Lg:0/0) +M(C:0K, Fs:31, WS:124K # 116K, PF:196K # 180K, P:196K)
  3230. [9] 0.000530 -0.000431 (4) CM +J(CM:4, PgRf:40, Rd:0/4, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:64K # 64K, P:64K)
  3231. [10] 0.000127 -0.000111 (1) CM +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  3232. [11] 0.000045 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  3233. [12] 0.0 +J(0)
  3234. [13] 0.0 +J(0)
  3235. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  3236. Information 7/31/2018 10:12:10 PM ESENT 105 General "svchost (8732,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  3237.  
  3238. Additional Data:
  3239. lgposV2[] = 00000002:0005:0000 - 00000002:0008:0000 - 00000000:0000:0000 - 00000002:0008:0000 (00000000:0000:0000)
  3240. cReInits = 1
  3241.  
  3242.  
  3243. Internal Timing Sequence:
  3244. [1] 0.000561 +J(0) +M(C:0K, Fs:139, WS:548K # 548K, PF:3304K # 3304K, P:3304K)
  3245. [2] 0.000174 +J(0) +M(C:8K, Fs:148, WS:588K # 588K, PF:320K # 320K, P:320K)
  3246. [3] 0.000009 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:68K # 68K, P:68K)
  3247. [4] 0.000341 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:168K # 168K, P:168K)
  3248. [5] 0.000666 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:16K # 16K, P:16K)
  3249. [6] 0.003593 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:16K # 16K, P:16K)
  3250. [7] 0.003784 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:64K # 64K, P:64K)
  3251. [8] 0.015071 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:12168/7) +M(C:0K, Fs:105, WS:332K # 332K, PF:256K # 260K, P:256K)
  3252. [9] -
  3253. [10] 0.000570 +J(0) +M(C:0K, Fs:20, WS:16K # 16K, PF:8K # 4K, P:8K)
  3254. [11] 0.000013 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:4, WS:16K # 16K, PF:0K # 0K, P:0K)
  3255. [12] 0.001114 +J(0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)
  3256. [13] 0.018588 -0.000316 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:58, WS:112K # 176K, PF:160K # 228K, P:160K)
  3257. [14] 0.000013 +J(0)
  3258. [15] 0.000007 +J(0)
  3259. [16] 0.000700 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  3260. Information 7/31/2018 10:12:10 PM ESENT 302 Logging/Recovery svchost (8732,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  3261. Information 7/31/2018 10:12:10 PM ESENT 301 Logging/Recovery "svchost (8732,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  3262.  
  3263. Previous Log Processing Stats: "
  3264. Information 7/31/2018 10:12:10 PM ESENT 300 Logging/Recovery svchost (8732,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  3265. Information 7/31/2018 10:12:10 PM ESENT 916 General svchost (8732,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3266. Information 7/31/2018 10:12:10 PM ESENT 102 General svchost (8732,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  3267. Information 7/31/2018 10:12:08 PM ESENT 916 General svchost (3480,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3268. Information 7/31/2018 10:12:07 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3269. Information 7/31/2018 9:41:00 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3270. Information 7/31/2018 8:40:00 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3271. Information 7/31/2018 7:39:00 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3272. Information 7/31/2018 7:16:40 PM Windows Error Reporting 1001 None "Fault bucket 1778333558122211494, type 5
  3273. Event Name: RADAR_PRE_LEAK_WOW64
  3274. Response: Not available
  3275. Cab Id: 0
  3276.  
  3277. Problem signature:
  3278. P1: Borderlands2.exe
  3279. P2: 1.0.38.7335
  3280. P3: 10.0.17134.2.0.0
  3281. P4:
  3282. P5:
  3283. P6:
  3284. P7:
  3285. P8:
  3286. P9:
  3287. P10:
  3288.  
  3289. Attached files:
  3290. \\?\C:\Users\Desky\AppData\Local\Temp\RDRBE3C.tmp\empty.txt
  3291. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE3D.tmp.WERInternalMetadata.xml
  3292. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE4D.tmp.xml
  3293. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE58.tmp.csv
  3294. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE78.tmp.txt
  3295.  
  3296. These files may be available here:
  3297.  
  3298.  
  3299. Analysis symbol:
  3300. Rechecking for solution: 0
  3301. Report Id: 52c70c1d-2970-4aaf-9ffd-ebb31d7a0c8b
  3302. Report Status: 268435456
  3303. Hashed bucket: a763618d0b9433b698ade8f2f807e8a6
  3304. Cab Guid: 0"
  3305. Information 7/31/2018 7:10:55 PM ESENT 916 General DllHost (7772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3306. Information 7/31/2018 6:51:05 PM ESENT 916 General DllHost (7772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3307. Information 7/31/2018 6:39:56 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  3308. Information 7/31/2018 6:38:00 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3309. Information 7/31/2018 6:37:49 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3310. Information 7/31/2018 6:37:49 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3311. Information 7/31/2018 6:36:58 PM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4.
  3312. Information 7/31/2018 6:36:58 PM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4.
  3313. Information 7/31/2018 6:36:56 PM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4.
  3314. Information 7/31/2018 6:36:45 PM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  3315. Information 7/31/2018 6:36:45 PM ESENT 916 General svchost (3396,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3316. Information 7/31/2018 6:36:37 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3317. Information 7/31/2018 6:36:37 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3318. Information 7/31/2018 6:11:30 PM ESENT 916 General svchost (3480,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3319. Information 7/31/2018 6:06:39 PM Windows Error Reporting 1001 None "Fault bucket 2068744803802291833, type 5
  3320. Event Name: RADAR_PRE_LEAK_WOW64
  3321. Response: Not available
  3322. Cab Id: 0
  3323.  
  3324. Problem signature:
  3325. P1: Sims2EP9.exe
  3326. P2: 1.17.0.66
  3327. P3: 10.0.17134.2.0.0
  3328. P4:
  3329. P5:
  3330. P6:
  3331. P7:
  3332. P8:
  3333. P9:
  3334. P10:
  3335.  
  3336. Attached files:
  3337. \\?\C:\Users\Desky\AppData\Local\Temp\RDRA51A.tmp\empty.txt
  3338. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA51B.tmp.WERInternalMetadata.xml
  3339. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA52C.tmp.xml
  3340. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA53A.tmp.csv
  3341. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERA54A.tmp.txt
  3342.  
  3343. These files may be available here:
  3344.  
  3345.  
  3346. Analysis symbol:
  3347. Rechecking for solution: 0
  3348. Report Id: 609b62ff-67d2-4fef-921a-fb95a7a4b274
  3349. Report Status: 268435456
  3350. Hashed bucket: 450bc696408f15536cb5a87039921e79
  3351. Cab Guid: 0"
  3352. Information 7/31/2018 6:01:57 PM ESENT 916 General svchost (8916,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3353. Information 7/31/2018 6:01:57 PM ESENT 916 General DllHost (7772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3354. Information 7/31/2018 6:00:20 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3355. Information 7/31/2018 5:37:00 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3356. Information 7/31/2018 5:26:29 PM ESENT 916 General DllHost (7772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3357. Information 7/31/2018 5:03:08 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3358. Information 7/31/2018 4:59:36 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  3359. Information 7/31/2018 4:57:56 PM ESENT 916 General MicrosoftEdge (4104,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3360. Information 7/31/2018 4:57:47 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  3361. Information 7/31/2018 4:57:44 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3362. Information 7/31/2018 4:52:39 PM ESENT 916 General svchost (5744,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3363. Information 7/31/2018 4:46:50 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3364. Information 7/31/2018 4:46:50 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3365. Information 7/31/2018 4:44:20 PM ESENT 916 General svchost (2624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3366. Information 7/31/2018 4:43:58 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-07T23:43:58Z. Reason: RulesEngine.
  3367. Information 7/31/2018 4:43:27 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  3368. Information 7/31/2018 4:43:05 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  3369. Information 7/31/2018 4:42:59 PM ESENT 916 General DllHost (7772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3370. Information 7/31/2018 4:39:12 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  3371. "
  3372. Information 7/31/2018 4:39:12 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-07T23:39:12Z. Reason: RulesEngine.
  3373. Information 7/31/2018 4:38:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3374. Information 7/31/2018 4:38:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3375. Information 7/31/2018 4:38:42 PM SecurityCenter 1 None The Windows Security Center Service has started.
  3376. Information 7/31/2018 4:38:42 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  3377. 10.0.17134.112"
  3378. Information 7/31/2018 4:38:42 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  3379. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  3380. Licensing Status=
  3381. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3382. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3383. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3384. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3385. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3386. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3387. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3388. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3389. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3390. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3391. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3392. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3393. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3394. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3395. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3396. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3397. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3398. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  3399. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3400. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3401. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3402. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3403. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3404. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3405. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3406. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3407. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3408. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3409. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3410. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3411. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3412. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3413. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3414. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3415. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3416. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3417. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3418. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3419. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3420. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3421. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3422. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3423. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3424. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3425. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3426. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3427.  
  3428. "
  3429. Information 7/31/2018 4:38:41 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  3430. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  3431. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  3432. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  3433. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  3434. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  3435. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  3436. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  3437. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  3438. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  3439. "
  3440. Information 7/31/2018 4:38:41 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  3441. Information 7/31/2018 4:38:41 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  3442. Parameters:<explicit>"
  3443. Information 7/31/2018 4:38:41 PM ESENT 916 General svchost (7616,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3444. Information 7/31/2018 4:36:41 PM ESENT 916 General svchost (3396,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3445. Information 7/31/2018 4:36:39 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  3446.  
  3447. Information 7/31/2018 4:36:39 PM ESENT 326 General "SearchIndexer (6628,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  3448.  
  3449. Saved Cache: 0 0
  3450. Additional Data: lgposAttach = 00000009:00B4:0268
  3451.  
  3452. Internal Timing Sequence:
  3453. [1] 0.000001 +J(0)
  3454. [2] 0.004698 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  3455. [3] 0.009245 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:144K # 0K, P:144K)
  3456. [4] 0.000383 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  3457. [5] -
  3458. [6] -
  3459. [7] 0.015405 -0.000263 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:660K # 0K, P:660K)
  3460. [8] 0.000567 -0.000368 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 136K, P:256K)
  3461. [9] 0.000409 -0.000317 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  3462. [10] 0.000008 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3463. [11] 0.000028 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  3464. [12] 0.0 +J(0)
  3465. [13] 0.0 +J(0)
  3466. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  3467. Information 7/31/2018 4:36:39 PM ESENT 105 General "SearchIndexer (6628,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  3468.  
  3469. Additional Data:
  3470.  
  3471.  
  3472. Internal Timing Sequence:
  3473. [1] 0.000491 +J(0) +M(C:0K, Fs:176, WS:680K # 680K, PF:5084K # 5084K, P:5084K)
  3474. [2] 0.000187 +J(0) +M(C:0K, Fs:161, WS:644K # 644K, PF:400K # 400K, P:400K)
  3475. [3] 0.000013 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  3476. [4] 0.000057 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:228K # 228K, P:228K)
  3477. [5] 0.000444 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  3478. [6] 0.522933 +J(0) +M(C:0K, Fs:32, WS:120K # 120K, PF:20K # 20K, P:20K)
  3479. [7] 0.003290 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  3480. [8] -
  3481. [9] -
  3482. [10] -
  3483. [11] -
  3484. [12] -
  3485. [13] 0.012875 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1020K # 12K, P:-1020K)
  3486. [14] 0.000015 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3487. [15] 0.000044 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  3488. [16] 0.000508 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:4K # 0K, P:4K)."
  3489. Information 7/31/2018 4:36:39 PM ESENT 916 General SearchIndexer (6628,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3490. Information 7/31/2018 4:36:38 PM ESENT 102 General SearchIndexer (6628,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  3491. Information 7/31/2018 4:36:38 PM ESENT 916 General taskhostw (3188,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3492. Information 7/31/2018 4:36:35 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  3493. Information 7/31/2018 4:36:35 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  3494. Information 7/31/2018 4:36:36 PM ESENT 916 General svchost (3196,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3495. Information 7/31/2018 4:36:35 PM ESENT 916 General svchost (3480,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3496. Information 7/31/2018 4:36:34 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  3497.  
  3498. "
  3499. Information 7/31/2018 4:36:35 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  3500. Information 7/31/2018 4:36:35 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  3501. Information 7/31/2018 4:36:34 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  3502. Information 7/31/2018 6:26:01 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  3503.  
  3504. "
  3505. Information 7/31/2018 6:26:01 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  3506.  
  3507. DETAIL -
  3508. 5 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  3509. Process 2524 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  3510. Process 2524 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  3511. Process 2524 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  3512. Process 2524 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  3513. Process 2524 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  3514. "
  3515. Information 7/31/2018 6:26:01 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  3516.  
  3517. DETAIL -
  3518. 33 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  3519. Process 748 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  3520. Process 324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  3521. Process 324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  3522. Process 4032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  3523. Process 2820 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  3524. Process 2524 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  3525. Process 3248 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3526. Process 4960 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3527. Process 4032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  3528. Process 3248 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  3529. Process 4960 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  3530. Process 4032 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  3531. Process 2524 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  3532. Process 3248 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  3533. Process 4960 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  3534. Process 4960 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3535. Process 3248 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3536. Process 644 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  3537. Process 324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  3538. Process 4960 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3539. Process 3248 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3540. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3541. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3542. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3543. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3544. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3545. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3546. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3547. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3548. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3549. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3550. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3551. Process 2952 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3552. "
  3553. Information 7/31/2018 6:26:01 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  3554. Information 7/31/2018 6:26:01 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  3555. Information 7/31/2018 6:25:59 AM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  3556. Information 7/31/2018 6:25:57 AM ESENT 916 General DllHost (1672,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3557. Information 7/31/2018 6:07:07 AM ESENT 916 General svchost (3248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3558. Information 7/31/2018 5:45:00 AM ESENT 916 General svchost (3992,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3559. Information 7/31/2018 5:04:56 AM ESENT 916 General DllHost (1672,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3560. Information 7/31/2018 5:04:56 AM ESENT 916 General svchost (8992,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3561. Information 7/31/2018 4:49:23 AM ESENT 916 General MicrosoftEdge (3976,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3562. Information 7/31/2018 4:49:13 AM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  3563. Information 7/31/2018 4:47:45 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-07T11:47:45Z. Reason: RulesEngine.
  3564. Information 7/31/2018 4:47:23 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3565. Information 7/31/2018 4:47:23 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3566. Information 7/31/2018 4:47:09 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  3567. Information 7/31/2018 4:47:08 AM ESENT 916 General svchost (912,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3568. Information 7/31/2018 4:46:44 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  3569. "
  3570. Information 7/31/2018 4:46:44 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-07T11:46:44Z. Reason: RulesEngine.
  3571. Information 7/31/2018 4:46:16 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3572. Information 7/31/2018 4:46:16 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3573. Information 7/31/2018 4:46:14 AM SecurityCenter 1 None The Windows Security Center Service has started.
  3574. Information 7/31/2018 4:46:14 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  3575. 10.0.17134.112"
  3576. Information 7/31/2018 4:46:14 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  3577. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  3578. Licensing Status=
  3579. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3580. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3581. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3582. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3583. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3584. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3585. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3586. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3587. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3588. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3589. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3590. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3591. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3592. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3593. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3594. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3595. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3596. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  3597. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3598. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3599. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3600. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3601. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3602. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3603. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3604. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3605. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3606. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3607. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3608. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3609. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3610. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3611. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3612. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3613. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3614. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3615. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3616. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3617. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3618. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3619. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3620. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3621. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3622. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3623. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3624. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3625.  
  3626. "
  3627. Information 7/31/2018 4:46:14 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  3628. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  3629. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  3630. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  3631. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  3632. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  3633. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  3634. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  3635. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  3636. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  3637. "
  3638. Information 7/31/2018 4:46:14 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  3639. Information 7/31/2018 4:46:14 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  3640. Parameters:<explicit>"
  3641. Information 7/31/2018 4:45:57 AM ESENT 916 General svchost (3968,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3642. Information 7/31/2018 4:44:14 AM ESENT 916 General svchost (2436,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3643. Information 7/31/2018 4:44:11 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  3644.  
  3645. Information 7/31/2018 4:44:10 AM ESENT 326 General "SearchIndexer (6268,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  3646.  
  3647. Saved Cache: 0 0
  3648. Additional Data: lgposAttach = 00000009:0059:0268
  3649.  
  3650. Internal Timing Sequence:
  3651. [1] 0.000002 +J(0)
  3652. [2] 0.001652 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  3653. [3] 0.012493 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:124K # 0K, PF:144K # 0K, P:144K)
  3654. [4] 0.000714 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  3655. [5] -
  3656. [6] -
  3657. [7] 0.016113 -0.000239 (3) CM +J(CM:3, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:57, WS:224K # 0K, PF:644K # 0K, P:644K)
  3658. [8] 0.000403 -0.000169 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 108K, P:256K)
  3659. [9] 0.000278 -0.000208 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  3660. [10] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3661. [11] 0.000028 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  3662. [12] 0.0 +J(0)
  3663. [13] 0.0 +J(0)
  3664. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  3665. Information 7/31/2018 4:44:10 AM ESENT 105 General "SearchIndexer (6268,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  3666.  
  3667. Additional Data:
  3668.  
  3669.  
  3670. Internal Timing Sequence:
  3671. [1] 0.002828 +J(0) +M(C:0K, Fs:260, WS:1020K # 1020K, PF:5096K # 5096K, P:5096K)
  3672. [2] 0.000233 +J(0) +M(C:0K, Fs:104, WS:416K # 416K, PF:388K # 388K, P:388K)
  3673. [3] 0.001167 +J(0) +M(C:0K, Fs:7, WS:28K # 28K, PF:64K # 64K, P:64K)
  3674. [4] 0.000083 +J(0) +M(C:0K, Fs:29, WS:112K # 112K, PF:232K # 232K, P:232K)
  3675. [5] 0.000604 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  3676. [6] 0.606454 +J(0) +M(C:0K, Fs:143, WS:560K # 560K, PF:224K # 232K, P:224K)
  3677. [7] 0.007471 +J(0) +M(C:0K, Fs:274, WS:1092K # 1092K, PF:1040K # 1032K, P:1040K)
  3678. [8] -
  3679. [9] -
  3680. [10] -
  3681. [11] -
  3682. [12] -
  3683. [13] 0.016059 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1024K # 12K, P:-1024K)
  3684. [14] 0.000014 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3685. [15] 0.000041 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  3686. [16] 0.001190 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  3687. Information 7/31/2018 4:44:10 AM ESENT 916 General SearchIndexer (6268,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3688. Information 7/31/2018 4:44:10 AM ESENT 102 General SearchIndexer (6268,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  3689. Information 7/31/2018 4:44:09 AM ESENT 916 General taskhostw (3784,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3690. Information 7/31/2018 4:44:08 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  3691. Information 7/31/2018 4:44:09 AM ESENT 916 General svchost (3992,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3692. Information 7/31/2018 4:44:08 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  3693. Information 7/31/2018 4:44:07 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  3694.  
  3695. "
  3696. Information 7/31/2018 4:44:08 AM ESENT 916 General svchost (3248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3697. Information 7/31/2018 4:44:08 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  3698. Information 7/31/2018 4:44:08 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  3699. Information 7/31/2018 4:44:07 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  3700. Information 7/30/2018 10:23:40 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  3701.  
  3702. "
  3703. Information 7/30/2018 10:23:40 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  3704.  
  3705. DETAIL -
  3706. 42 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  3707. Process 744 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  3708. Process 424 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  3709. Process 424 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  3710. Process 3600 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  3711. Process 8504 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  3712. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  3713. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment1$windows.data.notifications.quietmoment\Current
  3714. Process 5104 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3715. Process 2324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3716. Process 3600 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  3717. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.notifications.quiethourssettings\Current
  3718. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
  3719. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
  3720. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
  3721. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
  3722. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
  3723. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment0$windows.data.notifications.quietmoment\Current
  3724. Process 2324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  3725. Process 5104 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  3726. Process 3600 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  3727. Process 5104 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  3728. Process 2324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  3729. Process 5104 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3730. Process 2324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  3731. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment2$windows.data.notifications.quietmoment\Current
  3732. Process 3632 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment3$windows.data.notifications.quietmoment\Current
  3733. Process 640 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  3734. Process 424 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  3735. Process 5104 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3736. Process 2324 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  3737. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3738. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3739. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3740. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3741. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3742. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3743. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3744. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3745. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3746. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3747. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3748. Process 2272 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  3749. "
  3750. Information 7/30/2018 10:23:40 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  3751. Information 7/30/2018 10:23:40 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  3752. Information 7/30/2018 10:23:38 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  3753. Information 7/30/2018 10:23:36 PM ESENT 916 General svchost (4428,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3754. Information 7/30/2018 10:23:36 PM ESENT 916 General DllHost (6904,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3755. Information 7/30/2018 10:03:00 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3756. Information 7/30/2018 9:49:11 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3757. Information 7/30/2018 9:02:08 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3758. Information 7/30/2018 7:32:00 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3759. Information 7/30/2018 7:17:36 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3760. Information 7/30/2018 6:45:42 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  3761. Information 7/30/2018 6:42:37 PM ESENT 326 General "svchost (8772,D,50) DS_Token_DB: The database engine attached a database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  3762.  
  3763. Saved Cache: 1 0
  3764. Additional Data: lgposAttach = 00000002:0006:0268
  3765.  
  3766. Internal Timing Sequence:
  3767. [1] 0.000002 +J(0)
  3768. [2] 0.000555 +J(0) +M(C:0K, Fs:17, WS:4K # 0K, PF:4K # 0K, P:4K)
  3769. [3] 0.003442 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:10, WS:36K # 0K, PF:36K # 0K, P:36K)
  3770. [4] 0.000754 +J(0)
  3771. [5] -
  3772. [6] -
  3773. [7] 0.000061 +J(CM:0, PgRf:2, Rd:7/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:7, WS:28K # 0K, PF:0K # 0K, P:0K)
  3774. [8] 0.000303 -0.000186 (1) CM +J(CM:1, PgRf:23, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:23, WS:92K # 92K, PF:192K # 136K, P:192K)
  3775. [9] 0.000034 +J(CM:0, PgRf:40, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)
  3776. [10] 0.000004 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  3777. [11] 0.000027 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 20K, PF:0K # 0K, P:0K)
  3778. [12] 0.0 +J(0)
  3779. [13] 0.0 +J(0)
  3780. [14] 0.000002 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  3781. Information 7/30/2018 6:42:37 PM ESENT 105 General "svchost (8772,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  3782.  
  3783. Additional Data:
  3784. lgposV2[] = 00000001:0001:0000 - 00000002:0001:0000 - 00000002:0004:0000 - 00000002:0004:0000 (00000000:0000:0000)
  3785. cReInits = 1
  3786.  
  3787.  
  3788. Internal Timing Sequence:
  3789. [1] 0.001067 +J(0) +M(C:0K, Fs:197, WS:780K # 780K, PF:3312K # 3312K, P:3312K)
  3790. [2] 0.000316 +J(0) +M(C:8K, Fs:93, WS:364K # 364K, PF:312K # 312K, P:312K)
  3791. [3] 0.000017 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:64K # 64K, P:64K)
  3792. [4] 0.000101 +J(0) +M(C:0K, Fs:28, WS:108K # 108K, PF:168K # 168K, P:168K)
  3793. [5] 0.000629 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:16K # 16K, P:16K)
  3794. [6] 0.004713 +J(0) +M(C:0K, Fs:34, WS:136K # 136K, PF:24K # 24K, P:24K)
  3795. [7] 0.004524 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:64K # 64K, P:64K)
  3796. [8] 0.058600 -0.035667 (276) CM +J(CM:276, PgRf:329, Rd:7/276, Dy:2/4, Lg:56500/742) +M(C:24K, Fs:203, WS:728K # 728K, PF:740K # 744K, P:740K) + 1 lgens
  3797. [9] 0.002169 -0.000688 (5) CM +J(CM:5, PgRf:52, Rd:19/5, Dy:1/1, Lg:12140/118) +M(C:260K, Fs:27, WS:100K # 100K, PF:336K # 336K, P:336K)
  3798. [10] 0.000514 +J(0) +M(C:0K, Fs:1, WS:-56K # 0K, PF:-60K # 0K, P:-60K)
  3799. [11] 0.000026 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:7, WS:28K # 0K, PF:0K # 0K, P:0K)
  3800. [12] 0.004042 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K)
  3801. [13] 0.022241 -0.000454 (2) CM +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:37, WS:20K # 68K, PF:-32K # 0K, P:-32K)
  3802. [14] 0.000027 +J(0)
  3803. [15] 0.000007 +J(0)
  3804. [16] 0.000721 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  3805. Information 7/30/2018 6:42:37 PM ESENT 302 Logging/Recovery svchost (8772,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.
  3806. Information 7/30/2018 6:42:37 PM ESENT 301 Logging/Recovery "svchost (8772,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log.
  3807.  
  3808. Previous Log Processing Stats:
  3809. [1] 0.048863 -0.035667 (276) CM +J(CM:276, PgRf:329, Rd:7/276, Dy:2/4, Lg:56500/742) +M(C:24K, Fs:173, WS:620K # 620K, PF:656K # 660K, P:656K)."
  3810. Information 7/30/2018 6:42:36 PM ESENT 301 Logging/Recovery "svchost (8772,R,98) DS_Token_DB: The database engine has begun replaying logfile C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS00001.log.
  3811.  
  3812. Previous Log Processing Stats: "
  3813. Information 7/30/2018 6:42:36 PM ESENT 300 Logging/Recovery svchost (8772,R,98) DS_Token_DB: The database engine is initiating recovery steps.
  3814. Information 7/30/2018 6:42:36 PM ESENT 916 General svchost (8772,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3815. Information 7/30/2018 6:42:36 PM ESENT 102 General svchost (8772,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  3816. Information 7/30/2018 6:42:36 PM ESENT 916 General svchost (2324,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3817. Information 7/30/2018 6:42:35 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3818. Information 7/30/2018 6:42:07 PM ESENT 916 General MicrosoftEdge (3764,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3819. Information 7/30/2018 6:41:58 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  3820. Information 7/30/2018 6:31:00 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3821. Information 7/30/2018 5:30:00 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3822. Information 7/30/2018 5:24:06 PM Windows Error Reporting 1001 None "Fault bucket 1966784143531735105, type 5
  3823. Event Name: RADAR_PRE_LEAK_WOW64
  3824. Response: Not available
  3825. Cab Id: 0
  3826.  
  3827. Problem signature:
  3828. P1: RobloxPlayerBeta.exe
  3829. P2: 0.347.0.28462
  3830. P3: 10.0.17134.2.0.0
  3831. P4:
  3832. P5:
  3833. P6:
  3834. P7:
  3835. P8:
  3836. P9:
  3837. P10:
  3838.  
  3839. Attached files:
  3840. \\?\C:\Users\Desky\AppData\Local\Temp\RDR9641.tmp\empty.txt
  3841. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9661.tmp.WERInternalMetadata.xml
  3842. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9672.tmp.xml
  3843. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER968F.tmp.csv
  3844. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER96A0.tmp.txt
  3845.  
  3846. These files may be available here:
  3847.  
  3848.  
  3849. Analysis symbol:
  3850. Rechecking for solution: 0
  3851. Report Id: 8bb892fe-6492-4dd5-a066-74c1842d0946
  3852. Report Status: 268435456
  3853. Hashed bucket: 27fb7a695c8d950dfb4b6bc211147841
  3854. Cab Guid: 0"
  3855. Information 7/30/2018 4:56:05 PM Microsoft-Windows-RestartManager 10001 None Ending session 1 started ‎2018‎-‎07‎-‎30T23:56:05.802994700Z.
  3856. Information 7/30/2018 4:56:05 PM Microsoft-Windows-RestartManager 10000 None Starting session 1 - ‎2018‎-‎07‎-‎30T23:56:05.802994700Z.
  3857. Information 7/30/2018 4:45:55 PM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T23:45:55.710949300Z.
  3858. Information 7/30/2018 4:45:55 PM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T23:45:55.710949300Z.
  3859. Information 7/30/2018 4:45:55 PM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\LocalLow\Oracle\Java\jre1.8.0_181_x64\au.msi. Client Process Id: 6920.
  3860. Information 7/30/2018 4:45:55 PM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Java Auto Updater. Product Version: 2.8.181.13. Product Language: 1033. Manufacturer: Oracle Corporation. Installation success or error status: 0.
  3861. Information 7/30/2018 4:45:55 PM MsiInstaller 11707 None Product: Java Auto Updater -- Installation completed successfully.
  3862. Information 7/30/2018 4:45:55 PM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\LocalLow\Oracle\Java\jre1.8.0_181_x64\au.msi. Client Process Id: 6920.
  3863. Information 7/30/2018 4:45:49 PM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\LocalLow\Oracle\Java\jre1.8.0_181_x64\jre1.8.0_18164.msi. Client Process Id: 6920.
  3864. Information 7/30/2018 4:45:49 PM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Java 8 Update 181 (64-bit). Product Version: 8.0.1810.13. Product Language: 1033. Manufacturer: Oracle Corporation. Installation success or error status: 0.
  3865. Information 7/30/2018 4:45:49 PM MsiInstaller 11707 None Product: Java 8 Update 181 (64-bit) -- Installation completed successfully.
  3866. Information 7/30/2018 4:45:32 PM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\LocalLow\Oracle\Java\jre1.8.0_181_x64\jre1.8.0_18164.msi. Client Process Id: 6920.
  3867. Information 7/30/2018 4:39:48 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3868. Information 7/30/2018 4:39:48 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3869. Information 7/30/2018 4:39:46 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3870. Information 7/30/2018 4:39:46 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3871. Information 7/30/2018 4:39:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3872. Information 7/30/2018 4:39:44 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3873. Information 7/30/2018 4:39:42 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3874. Information 7/30/2018 4:39:42 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3875. Information 7/30/2018 4:39:40 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3876. Information 7/30/2018 4:39:40 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3877. Information 7/30/2018 4:37:36 PM ESENT 916 General DllHost (6904,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3878. Information 7/30/2018 4:35:39 PM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  3879. Information 7/30/2018 4:35:18 PM ESENT 916 General svchost (5380,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3880. Information 7/30/2018 4:35:07 PM Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: <CN=Certum CA, O=Unizeto Sp. z o.o., C=PL> Sha1 thumbprint: <6252DC40F71143A22FDE9EF7348E064251B18118>.
  3881. Information 7/30/2018 4:31:39 PM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  3882. "
  3883. Information 7/30/2018 4:31:39 PM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-06T23:31:39Z. Reason: RulesEngine.
  3884. Information 7/30/2018 4:31:11 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3885. Information 7/30/2018 4:31:11 PM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  3886. Information 7/30/2018 4:31:09 PM SecurityCenter 1 None The Windows Security Center Service has started.
  3887. Information 7/30/2018 4:31:09 PM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  3888. 10.0.17134.112"
  3889. Information 7/30/2018 4:31:09 PM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  3890. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  3891. Licensing Status=
  3892. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3893. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3894. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3895. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3896. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3897. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3898. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3899. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3900. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3901. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3902. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3903. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3904. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3905. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3906. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3907. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3908. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3909. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  3910. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3911. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3912. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3913. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3914. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3915. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3916. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3917. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3918. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3919. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3920. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3921. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3922. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3923. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3924. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3925. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3926. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3927. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3928. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3929. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3930. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3931. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3932. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3933. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3934. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3935. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3936. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3937. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  3938.  
  3939. "
  3940. Information 7/30/2018 4:31:09 PM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  3941. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  3942. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  3943. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  3944. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  3945. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  3946. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  3947. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  3948. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  3949. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  3950. "
  3951. Information 7/30/2018 4:31:09 PM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  3952. Information 7/30/2018 4:31:08 PM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  3953. Parameters:<explicit>"
  3954. Information 7/30/2018 4:31:08 PM ESENT 916 General svchost (9348,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3955. Information 7/30/2018 4:29:29 PM ESENT 916 General svchost (3592,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  3956. Information 7/30/2018 4:29:05 PM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  3957.  
  3958. Information 7/30/2018 4:29:05 PM ESENT 326 General "SearchIndexer (6396,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  3959.  
  3960. Saved Cache: 0 0
  3961. Additional Data: lgposAttach = 00000008:0068:0268
  3962.  
  3963. Internal Timing Sequence:
  3964. [1] 0.000002 +J(0)
  3965. [2] 0.000410 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  3966. [3] 0.030705 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:140K # 0K, P:140K)
  3967. [4] 0.000072 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  3968. [5] -
  3969. [6] -
  3970. [7] 0.018619 -0.000269 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:57, WS:224K # 0K, PF:644K # 0K, P:644K)
  3971. [8] 0.000346 -0.000213 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 108K, P:256K)
  3972. [9] 0.000395 -0.000319 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  3973. [10] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3974. [11] 0.000029 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  3975. [12] 0.0 +J(0)
  3976. [13] 0.0 +J(0)
  3977. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  3978. Information 7/30/2018 4:29:04 PM ESENT 105 General "SearchIndexer (6396,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  3979.  
  3980. Additional Data:
  3981.  
  3982.  
  3983. Internal Timing Sequence:
  3984. [1] 0.002005 +J(0) +M(C:0K, Fs:257, WS:1008K # 1008K, PF:5100K # 5100K, P:5100K)
  3985. [2] 0.000175 +J(0) +M(C:0K, Fs:107, WS:424K # 424K, PF:396K # 396K, P:396K)
  3986. [3] 0.001094 +J(0) +M(C:0K, Fs:10, WS:36K # 36K, PF:72K # 80K, P:72K)
  3987. [4] 0.000066 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:220K # 212K, P:220K)
  3988. [5] 0.000466 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  3989. [6] 0.003896 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:16K # 16K, P:16K)
  3990. [7] 0.018138 +J(0) +M(C:0K, Fs:275, WS:1096K # 1096K, PF:1040K # 1040K, P:1040K)
  3991. [8] -
  3992. [9] -
  3993. [10] -
  3994. [11] -
  3995. [12] -
  3996. [13] 0.010743 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 20K, PF:-1020K # 12K, P:-1020K)
  3997. [14] 0.000017 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  3998. [15] 0.000035 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  3999. [16] 0.000093 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  4000. Information 7/30/2018 4:29:04 PM ESENT 916 General SearchIndexer (6396,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4001. Information 7/30/2018 4:29:04 PM ESENT 102 General SearchIndexer (6396,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  4002. Information 7/30/2018 4:29:04 PM ESENT 916 General taskhostw (4152,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4003. Information 7/30/2018 4:29:03 PM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  4004. Information 7/30/2018 4:29:03 PM ESENT 916 General svchost (3624,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4005. Information 7/30/2018 4:29:02 PM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  4006. Information 7/30/2018 4:29:02 PM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  4007.  
  4008. "
  4009. Information 7/30/2018 4:29:02 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  4010. Information 7/30/2018 4:29:02 PM ESENT 916 General svchost (2324,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4011. Information 7/30/2018 4:29:02 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  4012. Information 7/30/2018 4:29:02 PM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  4013. Information 7/30/2018 12:35:11 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  4014.  
  4015. "
  4016. Information 7/30/2018 12:35:10 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  4017.  
  4018. DETAIL -
  4019. 36 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  4020. Process 728 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  4021. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  4022. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  4023. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  4024. Process 10316 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  4025. Process 2184 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4026. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4027. Process 4972 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4028. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  4029. Process 2184 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4030. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4031. Process 4972 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4032. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  4033. Process 2184 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4034. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4035. Process 4972 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4036. Process 2184 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4037. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4038. Process 4972 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4039. Process 624 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  4040. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  4041. Process 2184 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4042. Process 3452 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4043. Process 4972 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4044. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4045. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4046. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4047. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4048. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4049. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4050. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4051. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4052. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4053. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4054. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4055. Process 3028 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4056. "
  4057. Information 7/30/2018 12:35:10 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  4058. Information 7/30/2018 12:35:10 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  4059. Information 7/30/2018 12:35:08 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  4060. Information 7/30/2018 12:33:41 PM ESENT 916 General DllHost (68,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4061. Information 7/30/2018 12:20:00 PM ESENT 916 General svchost (3460,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4062. Information 7/30/2018 11:50:48 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4063. Information 7/30/2018 11:50:48 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4064. Information 7/30/2018 11:47:23 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4065. Information 7/30/2018 11:47:23 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4066. Information 7/30/2018 11:47:21 AM ESENT 916 General svchost (2184,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4067. Information 7/30/2018 11:47:18 AM ESENT 916 General MicrosoftEdge (10588,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4068. Information 7/30/2018 11:47:08 AM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  4069. Information 7/30/2018 11:39:38 AM Windows Error Reporting 1001 None "Fault bucket 1401901494348867170, type 5
  4070. Event Name: RADAR_PRE_LEAK_64
  4071. Response: Not available
  4072. Cab Id: 0
  4073.  
  4074. Problem signature:
  4075. P1: ffxiv_dx11.exe
  4076. P2: 1.0.0.0
  4077. P3: 10.0.17134.2.0.0
  4078. P4:
  4079. P5:
  4080. P6:
  4081. P7:
  4082. P8:
  4083. P9:
  4084. P10:
  4085.  
  4086. Attached files:
  4087. \\?\C:\Users\Desky\AppData\Local\Temp\RDR8536.tmp\empty.txt
  4088. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8537.tmp.WERInternalMetadata.xml
  4089. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8547.tmp.xml
  4090. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8555.tmp.csv
  4091. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8575.tmp.txt
  4092.  
  4093. These files may be available here:
  4094.  
  4095.  
  4096. Analysis symbol:
  4097. Rechecking for solution: 0
  4098. Report Id: 1ba15735-fbb6-4d08-848b-1e9a6e37c7db
  4099. Report Status: 268435456
  4100. Hashed bucket: 531b8e7291cacc7e33748dfb44c0e662
  4101. Cab Guid: 0"
  4102. Information 7/30/2018 11:38:25 AM ESENT 916 General DllHost (68,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4103. Information 7/30/2018 11:31:20 AM ESENT 916 General DllHost (68,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4104. Information 7/30/2018 11:29:50 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4105. Information 7/30/2018 11:29:50 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4106. Information 7/30/2018 11:22:47 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  4107. Information 7/30/2018 11:22:12 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-06T18:22:12Z. Reason: RulesEngine.
  4108. Information 7/30/2018 11:21:44 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4109. Information 7/30/2018 11:21:44 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4110. Information 7/30/2018 11:21:42 AM SecurityCenter 1 None The Windows Security Center Service has started.
  4111. Information 7/30/2018 11:21:41 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  4112. Information 7/30/2018 11:21:41 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  4113. Parameters:<explicit>"
  4114. Information 7/30/2018 11:20:28 AM SpeechRuntime 1 None Audio Orchestrator Power Event: Battery Saver Is Not Enabled, Voice Activation Ready
  4115. Information 7/30/2018 11:20:13 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  4116. "
  4117. Information 7/30/2018 11:20:13 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-06T18:20:13Z. Reason: RulesEngine.
  4118. Information 7/30/2018 11:20:05 AM ESENT 916 General svchost (508,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4119. Information 7/30/2018 11:20:05 AM ESENT 916 General DllHost (68,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4120. Information 7/30/2018 11:19:50 AM ESENT 916 General services (844,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4121. Information 7/30/2018 11:19:50 AM ESENT 916 General svchost (3468,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4122. Information 7/30/2018 11:19:47 AM System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs -p; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore.
  4123. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  4124. 10.0.17134.112"
  4125. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  4126. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  4127. Licensing Status=
  4128. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4129. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4130. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4131. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4132. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4133. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4134. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4135. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4136. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4137. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4138. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4139. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4140. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4141. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4142. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4143. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4144. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4145. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  4146. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4147. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4148. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4149. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4150. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4151. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4152. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4153. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4154. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4155. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4156. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4157. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4158. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4159. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4160. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4161. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4162. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4163. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4164. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4165. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4166. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4167. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4168. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4169. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4170. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4171. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4172. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4173. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4174.  
  4175. "
  4176. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute.
  4177. Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
  4178. App Id=55c92734-d682-4d71-983e-d6ec3f16059f
  4179. Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
  4180. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500
  4181. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4182. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4183. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4184. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4185. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4186. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4187. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4188. Information 7/30/2018 11:19:43 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4189. Information 7/30/2018 11:19:42 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  4190. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  4191. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  4192. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  4193. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  4194. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  4195. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  4196. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  4197. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  4198. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  4199. "
  4200. Information 7/30/2018 11:19:42 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  4201. Information 7/30/2018 11:19:42 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  4202. Parameters:TriggerStarted:6"
  4203. Information 7/30/2018 11:19:41 AM ESENT 916 General svchost (3468,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4204. Information 7/30/2018 11:19:39 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  4205.  
  4206. Information 7/30/2018 11:19:38 AM ESENT 326 General "SearchIndexer (6448,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  4207.  
  4208. Saved Cache: 0 0
  4209. Additional Data: lgposAttach = 00000008:002D:0268
  4210.  
  4211. Internal Timing Sequence:
  4212. [1] 0.000002 +J(0)
  4213. [2] 0.000626 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  4214. [3] 0.009159 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:38, WS:116K # 0K, PF:144K # 0K, P:144K)
  4215. [4] 0.000224 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  4216. [5] -
  4217. [6] -
  4218. [7] 0.006800 -0.000223 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:660K # 0K, P:660K)
  4219. [8] 0.000404 -0.000267 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 136K, P:256K)
  4220. [9] 0.000356 -0.000268 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  4221. [10] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  4222. [11] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  4223. [12] 0.0 +J(0)
  4224. [13] 0.0 +J(0)
  4225. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  4226. Information 7/30/2018 11:19:38 AM ESENT 105 General "SearchIndexer (6448,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  4227.  
  4228. Additional Data:
  4229.  
  4230.  
  4231. Internal Timing Sequence:
  4232. [1] 0.001905 +J(0) +M(C:0K, Fs:230, WS:900K # 900K, PF:5080K # 5084K, P:5080K)
  4233. [2] 0.000207 +J(0) +M(C:0K, Fs:107, WS:424K # 424K, PF:400K # 396K, P:400K)
  4234. [3] 0.001448 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)
  4235. [4] 0.000109 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:228K # 228K, P:228K)
  4236. [5] 0.000462 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  4237. [6] 0.362060 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:20K # 20K, P:20K)
  4238. [7] 0.006628 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  4239. [8] -
  4240. [9] -
  4241. [10] -
  4242. [11] -
  4243. [12] -
  4244. [13] 0.011413 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:8, WS:-1000K # 16K, PF:-1020K # 12K, P:-1020K)
  4245. [14] 0.000014 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  4246. [15] 0.000035 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  4247. [16] 0.000306 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  4248. Information 7/30/2018 11:19:38 AM ESENT 916 General SearchIndexer (6448,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4249. Information 7/30/2018 11:19:38 AM ESENT 102 General SearchIndexer (6448,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  4250. Information 7/30/2018 11:19:38 AM ESENT 916 General taskhostw (4240,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4251. Information 7/30/2018 11:19:36 AM ESENT 916 General svchost (3460,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4252. Information 7/30/2018 11:19:35 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  4253. Information 7/30/2018 11:19:35 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  4254. Information 7/30/2018 11:19:35 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  4255.  
  4256. "
  4257. Information 7/30/2018 11:19:35 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  4258. Information 7/30/2018 11:19:35 AM ESENT 916 General svchost (2184,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4259. Information 7/30/2018 11:19:35 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  4260. Information 7/30/2018 11:19:35 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  4261. Information 7/30/2018 6:22:39 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  4262.  
  4263. "
  4264. Information 7/30/2018 6:22:38 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  4265.  
  4266. DETAIL -
  4267. 5 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001_Classes:
  4268. Process 8116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  4269. Process 8116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  4270. Process 8116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes
  4271. Process 8116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings
  4272. Process 8116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001_Classes\Local Settings\Software\Microsoft
  4273. "
  4274. Information 7/30/2018 6:22:38 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  4275.  
  4276. DETAIL -
  4277. 33 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  4278. Process 728 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  4279. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  4280. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  4281. Process 2976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  4282. Process 3076 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  4283. Process 8116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
  4284. Process 5832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4285. Process 4548 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4286. Process 2976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  4287. Process 4548 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4288. Process 5832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4289. Process 2976 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  4290. Process 8116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\GameDVR\Debug
  4291. Process 4548 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4292. Process 5832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4293. Process 5832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4294. Process 4548 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4295. Process 624 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  4296. Process 72 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  4297. Process 5832 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4298. Process 4548 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4299. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4300. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4301. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4302. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4303. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4304. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4305. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4306. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4307. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4308. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4309. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4310. Process 4496 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4311. "
  4312. Information 7/30/2018 6:22:38 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  4313. Information 7/30/2018 6:22:38 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  4314. Information 7/30/2018 6:22:36 AM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  4315. Information 7/30/2018 6:22:33 AM ESENT 916 General DllHost (6704,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4316. Information 7/30/2018 6:20:38 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T13:20:38.558657300Z.
  4317. Information 7/30/2018 6:20:38 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T13:20:38.558657300Z.
  4318. Information 7/30/2018 6:20:39 AM System Restore 8216 None "Skipping creation of restore point (Process = D:\Steam\steamapps\common\Borderlands 2\Binaries\Redist\DXRedistCutdown\DXSETUP.exe 2\Binaries\Redist\DXRedistCutdown\DXSETUP.exe"" /silent; Description = Installed DirectX) as there is a restore point avaliable which is recent enough for System Restore."
  4319. Information 7/30/2018 6:20:38 AM MsiInstaller 1042 None Ending a Windows Installer transaction: d:\05178bc6e1e9c2884ffe5177ba06\vc_red.msi. Client Process Id: 8688.
  4320. Information 7/30/2018 6:20:38 AM MsiInstaller 1035 None Windows Installer reconfigured the product. Product Name: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219. Product Version: 10.0.40219. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.
  4321. Information 7/30/2018 6:20:38 AM MsiInstaller 11728 None Product: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 -- Configuration completed successfully.
  4322. Information 7/30/2018 6:20:38 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: d:\05178bc6e1e9c2884ffe5177ba06\vc_red.msi. Client Process Id: 8688.
  4323. Information 7/30/2018 6:20:35 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T13:20:34.627439800Z.
  4324. Information 7/30/2018 6:20:34 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T13:20:34.627439800Z.
  4325. Information 7/30/2018 6:20:35 AM MsiInstaller 1042 None Ending a Windows Installer transaction: d:\04f583dec3ce066d386ccae65e\vc_red.msi. Client Process Id: 8620.
  4326. Information 7/30/2018 6:20:35 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022. Product Version: 9.0.21022. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4327. Information 7/30/2018 6:20:35 AM MsiInstaller 11707 None Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Installation completed successfully.
  4328. Information 7/30/2018 6:20:34 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: d:\04f583dec3ce066d386ccae65e\vc_red.msi. Client Process Id: 8620.
  4329. Information 7/30/2018 6:20:32 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T13:20:30.447818300Z.
  4330. Information 7/30/2018 6:20:32 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T13:20:29.554184000Z.
  4331. Information 7/30/2018 6:20:32 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2005 Redistributable. Product Version: 8.0.59193. Product Language: 0. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4332. Information 7/30/2018 6:20:32 AM MsiInstaller 11707 None Product: Microsoft Visual C++ 2005 Redistributable -- Installation completed successfully.
  4333. Information 7/30/2018 6:20:32 AM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\Local\Temp\IXP001.TMP\vcredist.msi. Client Process Id: 8100.
  4334. Information 7/30/2018 6:20:30 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T13:20:30.447818300Z.
  4335. Information 7/30/2018 6:20:30 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T13:20:29.714773500Z.
  4336. Information 7/30/2018 6:20:29 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T13:20:29.714773500Z.
  4337. Information 7/30/2018 6:20:29 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T13:20:29.554184000Z.
  4338. Information 7/30/2018 6:20:29 AM System Restore 8216 None Skipping creation of restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Microsoft Visual C++ 2005 Redistributable) as there is a restore point avaliable which is recent enough for System Restore.
  4339. Information 7/30/2018 6:20:29 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\Local\Temp\IXP001.TMP\vcredist.msi. Client Process Id: 8100.
  4340. Information 7/30/2018 6:20:28 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T13:20:26.821575800Z.
  4341. Information 7/30/2018 6:20:28 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2005 Redistributable. Product Version: 8.0.50727.42. Product Language: 0. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4342. Information 7/30/2018 6:20:28 AM MsiInstaller 11707 None Product: Microsoft Visual C++ 2005 Redistributable -- Installation completed successfully.
  4343. Information 7/30/2018 6:20:28 AM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\Local\Temp\IXP001.TMP\vcredist.msi. Client Process Id: 1808.
  4344. Information 7/30/2018 6:20:26 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T13:20:26.821575800Z.
  4345. Information 7/30/2018 6:20:26 AM System Restore 8216 None Skipping creation of restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Microsoft Visual C++ 2005 Redistributable) as there is a restore point avaliable which is recent enough for System Restore.
  4346. Information 7/30/2018 6:20:26 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\Local\Temp\IXP001.TMP\vcredist.msi. Client Process Id: 1808.
  4347. Information 7/30/2018 6:10:59 AM ESENT 916 General svchost (4548,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4348. Information 7/30/2018 5:53:31 AM Windows Error Reporting 1001 None "Fault bucket 2182968137601712653, type 5
  4349. Event Name: RADAR_PRE_LEAK_WOW64
  4350. Response: Not available
  4351. Cab Id: 0
  4352.  
  4353. Problem signature:
  4354. P1: Fallout3.exe
  4355. P2: 1.7.0.3
  4356. P3: 10.0.17134.2.0.0
  4357. P4:
  4358. P5:
  4359. P6:
  4360. P7:
  4361. P8:
  4362. P9:
  4363. P10:
  4364.  
  4365. Attached files:
  4366. \\?\C:\Users\Desky\AppData\Local\Temp\RDR9A73.tmp\empty.txt
  4367. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A74.tmp.WERInternalMetadata.xml
  4368. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A85.tmp.xml
  4369. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A92.tmp.csv
  4370. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AA3.tmp.txt
  4371.  
  4372. These files may be available here:
  4373.  
  4374.  
  4375. Analysis symbol:
  4376. Rechecking for solution: 0
  4377. Report Id: 6dcec674-fea9-42d4-92c5-2ce9c4c6e39f
  4378. Report Status: 268435456
  4379. Hashed bucket: 460783cea248bf376e4b75f48dbf020d
  4380. Cab Guid: 0"
  4381. Information 7/30/2018 5:43:32 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
  4382. Information 7/30/2018 5:42:53 AM ESENT 916 General DllHost (6704,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4383. Information 7/30/2018 5:42:44 AM ESENT 916 General svchost (9376,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4384. Information 7/30/2018 5:40:36 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T12:40:35.961465800Z.
  4385. Information 7/30/2018 5:40:36 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T12:40:31.249396600Z.
  4386. Information 7/30/2018 5:40:35 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T12:40:35.961465800Z.
  4387. Information 7/30/2018 5:40:36 AM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\Local\Microsoft\GFWLive\Downloads\xliveredist.msi. Client Process Id: 7152.
  4388. Information 7/30/2018 5:40:36 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Games for Windows - LIVE Redistributable. Product Version: 3.5.92.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4389. Information 7/30/2018 5:40:36 AM MsiInstaller 11707 None Product: Microsoft Games for Windows - LIVE Redistributable -- Installation completed successfully.
  4390. Information 7/30/2018 5:40:32 AM System Restore 8216 None "Skipping creation of restore point (Process = C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Redist\DirectX\DXSETUP.exe Files (x86)\Microsoft Games for Windows - LIVE\Redist\DirectX\DXSETUP.exe"" /silent; Description = Installed DirectX) as there is a restore point avaliable which is recent enough for System Restore."
  4391. Information 7/30/2018 5:40:31 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T12:40:31.249396600Z.
  4392. Information 7/30/2018 5:40:31 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T12:40:30.046468700Z.
  4393. Information 7/30/2018 5:40:31 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\Local\Microsoft\GFWLive\Downloads\xliveredist.msi. Client Process Id: 7152.
  4394. Information 7/30/2018 5:40:31 AM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\Local\Microsoft\GFWLive\Downloads\gfwlclient.msi. Client Process Id: 7152.
  4395. Information 7/30/2018 5:40:31 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Games for Windows Marketplace. Product Version: 3.5.67.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4396. Information 7/30/2018 5:40:31 AM MsiInstaller 11707 None Product: Microsoft Games for Windows Marketplace -- Installation completed successfully.
  4397. Information 7/30/2018 5:40:30 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T12:40:30.046468700Z.
  4398. Information 7/30/2018 5:40:30 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\Local\Microsoft\GFWLive\Downloads\gfwlclient.msi. Client Process Id: 7152.
  4399. Information 7/30/2018 5:40:29 AM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\Local\Microsoft\GFWLive\Downloads\wllogin_64.msi. Client Process Id: 7152.
  4400. Information 7/30/2018 5:40:29 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Windows Live ID Sign-in Assistant. Product Version: 6.500.3165.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4401. Information 7/30/2018 5:40:29 AM MsiInstaller 11707 None Product: Windows Live ID Sign-in Assistant -- Installation completed successfully.
  4402. Information 7/30/2018 5:40:29 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\Local\Microsoft\GFWLive\Downloads\wllogin_64.msi. Client Process Id: 7152.
  4403. Information 7/30/2018 5:40:06 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-06T12:40:06Z. Reason: RulesEngine.
  4404. Information 7/30/2018 5:39:43 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4405. Information 7/30/2018 5:39:43 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4406. Information 7/30/2018 5:39:30 AM Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute.
  4407. Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
  4408. App Id=55c92734-d682-4d71-983e-d6ec3f16059f
  4409. Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
  4410. Information 7/30/2018 5:39:30 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500
  4411. Information 7/30/2018 5:39:30 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4412. Information 7/30/2018 5:39:30 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4413. Information 7/30/2018 5:39:30 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4414. Information 7/30/2018 5:39:30 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4415. Information 7/30/2018 5:39:30 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4416. Information 7/30/2018 5:39:29 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4417. Information 7/30/2018 5:39:29 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4418. Information 7/30/2018 5:39:29 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4419. Information 7/30/2018 5:39:29 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  4420. Information 7/30/2018 5:39:28 AM ESENT 916 General svchost (7712,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4421. Information 7/30/2018 5:37:58 AM Microsoft-Windows-System-Restore 8302 None Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3.
  4422. Information 7/30/2018 5:37:58 AM Microsoft-Windows-System-Restore 8301 None Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3.
  4423. Information 7/30/2018 5:37:56 AM Microsoft-Windows-System-Restore 8300 None Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3.
  4424. Information 7/30/2018 5:37:45 AM System Restore 8194 None Successfully created restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer).
  4425. Information 7/30/2018 5:37:45 AM ESENT 916 General svchost (3004,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4426. Information 7/30/2018 5:37:20 AM ESENT 916 General svchost (3004,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4427. Information 7/30/2018 5:36:57 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T12:36:53.771090000Z.
  4428. Information 7/30/2018 5:36:57 AM MsiInstaller 1042 None Ending a Windows Installer transaction: D:\Steam\steamapps\common\Fallout 3 goty\GFWLive\xliveredist.msi. Client Process Id: 9996.
  4429. Information 7/30/2018 5:36:57 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Games for Windows - LIVE Redistributable. Product Version: 2.0.672.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4430. Information 7/30/2018 5:36:57 AM MsiInstaller 11707 None Product: Microsoft Games for Windows - LIVE Redistributable -- Installation completed successfully.
  4431. Information 7/30/2018 5:36:53 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T12:36:53.771090000Z.
  4432. Information 7/30/2018 5:36:53 AM Microsoft-Windows-RestartManager 10001 None Ending session 0 started ‎2018‎-‎07‎-‎30T12:36:51.449537600Z.
  4433. Information 7/30/2018 5:36:53 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: D:\Steam\steamapps\common\Fallout 3 goty\GFWLive\xliveredist.msi. Client Process Id: 9996.
  4434. Information 7/30/2018 5:36:53 AM MsiInstaller 1033 None Windows Installer installed the product. Product Name: Microsoft Visual C++ 2005 Redistributable. Product Version: 8.0.56336. Product Language: 0. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
  4435. Information 7/30/2018 5:36:53 AM MsiInstaller 11707 None Product: Microsoft Visual C++ 2005 Redistributable -- Installation completed successfully.
  4436. Information 7/30/2018 5:36:53 AM MsiInstaller 1042 None Ending a Windows Installer transaction: C:\Users\Desky\AppData\Local\Temp\IXP001.TMP\vcredist.msi. Client Process Id: 7284.
  4437. Information 7/30/2018 5:36:51 AM Microsoft-Windows-RestartManager 10000 None Starting session 0 - ‎2018‎-‎07‎-‎30T12:36:51.449537600Z.
  4438. Information 7/30/2018 5:36:51 AM MsiInstaller 1040 None Beginning a Windows Installer transaction: C:\Users\Desky\AppData\Local\Temp\IXP001.TMP\vcredist.msi. Client Process Id: 7284.
  4439. Information 7/30/2018 5:36:38 AM System Restore 8216 None Skipping creation of restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer) as there is a restore point avaliable which is recent enough for System Restore.
  4440. Information 7/30/2018 5:36:25 AM System Restore 8216 None "Skipping creation of restore point (Process = D:\Steam\steamapps\common\Fallout 3 goty\Directx9c\DXSETUP.exe 3 goty\Directx9c\DXSETUP.exe"" /silent; Description = Installed DirectX) as there is a restore point avaliable which is recent enough for System Restore."
  4441. Information 7/30/2018 5:36:01 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
  4442. "
  4443. Information 7/30/2018 5:36:01 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2118-07-06T12:36:01Z. Reason: RulesEngine.
  4444. Information 7/30/2018 5:35:32 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4445. Information 7/30/2018 5:35:32 AM SecurityCenter 15 None Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
  4446. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
  4447. 10.0.17134.112"
  4448. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
  4449. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
  4450. Licensing Status=
  4451. 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4452. 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4453. 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4454. 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4455. 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4456. 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4457. 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4458. 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4459. 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4460. 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4461. 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4462. 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4463. 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4464. 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4465. 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4466. 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4467. 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4468. 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
  4469. 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4470. 20: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4471. 21: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4472. 22: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4473. 23: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4474. 24: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4475. 25: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4476. 26: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4477. 27: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4478. 28: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4479. 29: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4480. 30: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4481. 31: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4482. 32: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4483. 33: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4484. 34: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4485. 35: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4486. 36: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4487. 37: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4488. 38: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4489. 39: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4490. 40: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4491. 41: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4492. 42: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4493. 43: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4494. 44: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4495. 45: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4496. 46: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
  4497.  
  4498. "
  4499. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute.
  4500. Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
  4501. App Id=55c92734-d682-4d71-983e-d6ec3f16059f
  4502. Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
  4503. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500
  4504. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4505. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4506. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4507. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4508. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4509. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4510. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4511. Information 7/30/2018 5:35:31 AM Microsoft-Windows-Security-SPP 1034 None Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100
  4512. Information 7/30/2018 5:35:30 AM SecurityCenter 1 None The Windows Security Center Service has started.
  4513. Information 7/30/2018 5:35:30 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
  4514. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
  4515. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
  4516. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
  4517. C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
  4518. C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
  4519. C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
  4520. C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
  4521. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
  4522. C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
  4523. "
  4524. Information 7/30/2018 5:35:30 AM Microsoft-Windows-Security-SPP 16394 None Offline downlevel migration succeeded.
  4525. Information 7/30/2018 5:35:30 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
  4526. Parameters:<explicit>"
  4527. Information 7/30/2018 5:35:29 AM ESENT 916 General svchost (7128,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4528. Information 7/30/2018 5:33:38 AM System Restore 8216 None Skipping creation of restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Description = Windows Modules Installer) as there is a restore point avaliable which is recent enough for System Restore.
  4529. Information 7/30/2018 5:33:33 AM ESENT 916 General svchost (3004,G,50) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4530. Information 7/30/2018 5:33:33 AM ESENT 916 General taskhostw (5080,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4531. Information 7/30/2018 5:33:33 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.
  4532.  
  4533. Information 7/30/2018 5:33:33 AM ESENT 326 General "SearchIndexer (5176,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds)
  4534.  
  4535. Saved Cache: 0 0
  4536. Additional Data: lgposAttach = 00000007:00DC:0268
  4537.  
  4538. Internal Timing Sequence:
  4539. [1] 0.000002 +J(0)
  4540. [2] 0.000561 +J(0) +M(C:0K, Fs:26, WS:40K # 0K, PF:32K # 0K, P:32K)
  4541. [3] 0.006196 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:140K # 0K, P:140K)
  4542. [4] 0.000426 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
  4543. [5] -
  4544. [6] -
  4545. [7] 0.005411 -0.000248 (2) CM +J(CM:2, PgRf:2, Rd:16/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:59, WS:236K # 0K, PF:660K # 0K, P:660K)
  4546. [8] 0.000295 -0.000174 (5) CM +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:280K # 0K, PF:260K # 128K, P:260K)
  4547. [9] 0.000269 -0.000202 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:14, WS:56K # 0K, PF:96K # 96K, P:96K)
  4548. [10] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  4549. [11] 0.000026 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:4, WS:16K # 0K, PF:0K # 0K, P:0K)
  4550. [12] 0.0 +J(0)
  4551. [13] 0.0 +J(0)
  4552. [14] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0)."
  4553. Information 7/30/2018 5:33:33 AM ESENT 105 General "SearchIndexer (5176,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds)
  4554.  
  4555. Additional Data:
  4556.  
  4557.  
  4558. Internal Timing Sequence:
  4559. [1] 0.001986 +J(0) +M(C:0K, Fs:234, WS:916K # 916K, PF:5084K # 5084K, P:5084K)
  4560. [2] 0.000210 +J(0) +M(C:0K, Fs:107, WS:428K # 428K, PF:400K # 400K, P:400K)
  4561. [3] 0.001211 +J(0) +M(C:0K, Fs:8, WS:32K # 32K, PF:64K # 64K, P:64K)
  4562. [4] 0.000083 +J(0) +M(C:0K, Fs:30, WS:116K # 116K, PF:232K # 232K, P:232K)
  4563. [5] 0.000442 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)
  4564. [6] 0.003303 +J(0) +M(C:0K, Fs:34, WS:132K # 132K, PF:32K # 32K, P:32K)
  4565. [7] 0.011868 +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1024K # 1024K, P:1024K)
  4566. [8] -
  4567. [9] -
  4568. [10] -
  4569. [11] -
  4570. [12] -
  4571. [13] 0.012257 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-1000K # 16K, PF:-1020K # 16K, P:-1020K)
  4572. [14] 0.000014 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
  4573. [15] 0.000041 +J(0) +M(C:0K, Fs:33, WS:132K # 0K, PF:64K # 0K, P:64K)
  4574. [16] 0.003013 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K)."
  4575. Information 7/30/2018 5:33:33 AM ESENT 916 General SearchIndexer (5176,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4576. Information 7/30/2018 5:33:33 AM ESENT 102 General SearchIndexer (5176,P,98) Windows: The database engine (10.00.17134.0000) is starting a new instance (0).
  4577. Information 7/30/2018 5:33:33 AM ESENT 916 General svchost (4548,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4578. Warning 7/30/2018 5:33:32 AM Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  4579. Warning 7/30/2018 5:33:32 AM Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  4580. Warning 7/30/2018 5:33:32 AM Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  4581. Warning 7/30/2018 5:33:32 AM Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  4582. Warning 7/30/2018 5:33:32 AM Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  4583. Warning 7/30/2018 5:33:32 AM Microsoft-Windows-WMI 63 None A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  4584. Information 7/30/2018 5:33:32 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  4585. Information 7/30/2018 5:33:32 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
  4586. Information 7/30/2018 5:33:32 AM .NET Runtime Optimization Service 1130 None .NET Runtime Optimization Service (4.0.30319.0) - Installed from repository: mscorlib
  4587. Information 7/30/2018 5:33:32 AM .NET Runtime Optimization Service 1130 None .NET Runtime Optimization Service (4.0.30319.0) - Installed from repository: mscorlib
  4588. Information 7/30/2018 5:33:28 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
  4589. Information 7/30/2018 5:33:28 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
  4590. Information 7/30/2018 5:33:29 AM ESENT 916 General svchost (2964,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4591. Information 7/30/2018 5:33:27 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.
  4592.  
  4593. "
  4594. Information 7/30/2018 5:33:27 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
  4595. Information 7/29/2018 10:31:11 PM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped.
  4596.  
  4597. "
  4598. Information 7/29/2018 10:30:56 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
  4599.  
  4600. DETAIL -
  4601. 37 user registry handles leaked from \Registry\User\S-1-5-21-825909483-98149471-603129591-1001:
  4602. Process 676 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001
  4603. Process 984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Parents
  4604. Process 984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore
  4605. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CloudContent
  4606. Process 6092 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
  4607. Process 5292 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4608. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4609. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  4610. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
  4611. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4612. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4613. Process 5292 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
  4614. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\DataCollection
  4615. Process 5292 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4616. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4617. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  4618. Process 5292 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4619. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4620. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Main
  4621. Process 572 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
  4622. Process 984 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\System\GameConfigStore\Children
  4623. Process 5292 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4624. Process 2596 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4625. Process 2116 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Internet Explorer\Security
  4626. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4627. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4628. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4629. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4630. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4631. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4632. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4633. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4634. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4635. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4636. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4637. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4638. Process 2456 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-825909483-98149471-603129591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  4639. "
  4640. Information 7/29/2018 10:30:56 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4641. Information 7/29/2018 10:30:56 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
  4642. Information 7/29/2018 10:30:56 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <WSearch> was unavailable to handle a notification event.
  4643. Information 7/29/2018 10:30:55 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Steam.exe.
  4644. Information 7/29/2018 10:30:52 PM Microsoft-Windows-Winsrv 10001 None The following application attempted to veto the shutdown: Origin.exe.
  4645. Information 7/29/2018 10:30:43 PM ESENT 916 General DllHost (8300,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4646. Information 7/29/2018 10:10:58 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4647. Information 7/29/2018 9:58:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4648. Information 7/29/2018 9:52:25 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4649. Information 7/29/2018 9:10:58 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4650. Information 7/29/2018 8:57:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4651. Information 7/29/2018 8:56:35 PM ESENT 916 General DllHost (8300,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4652. Information 7/29/2018 8:10:58 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4653. Information 7/29/2018 7:56:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4654. Information 7/29/2018 7:10:58 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4655. Information 7/29/2018 7:04:39 PM ESENT 916 General DllHost (8300,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4656. Information 7/29/2018 6:55:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4657. Information 7/29/2018 6:18:31 PM ESENT 916 General DllHost (8300,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4658. Information 7/29/2018 6:13:58 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  4659. Information 7/29/2018 6:10:59 PM Windows Error Reporting 1001 None "Fault bucket 1682760115931856892, type 5
  4660. Event Name: WindowsUpdateFailure3
  4661. Response: Not available
  4662. Cab Id: 0
  4663.  
  4664. Problem signature:
  4665. P1: 10.0.17134.112
  4666. P2: 80246013
  4667. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4668. P4: Install
  4669. P5: 200
  4670. P6: 0
  4671. P7: 80246013
  4672. P8: UpdateOrchestrator
  4673. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4674. P10: 0
  4675.  
  4676. Attached files:
  4677. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC64C.tmp.WERInternalMetadata.xml
  4678.  
  4679. These files may be available here:
  4680. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.17134.112_e64b3f1d8ada10c1be435c795dec243f1f97753_00000000_1f1dc95a
  4681.  
  4682. Analysis symbol:
  4683. Rechecking for solution: 0
  4684. Report Id: 41e4c391-6c53-4299-a723-7fc0af87600e
  4685. Report Status: 268435456
  4686. Hashed bucket: acb15cc7e65f5986d75a5d68e8503ffc
  4687. Cab Guid: 0"
  4688. Information 7/29/2018 6:10:58 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  4689. Event Name: WindowsUpdateFailure3
  4690. Response: Not available
  4691. Cab Id: 0
  4692.  
  4693. Problem signature:
  4694. P1: 10.0.17134.112
  4695. P2: 80246013
  4696. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4697. P4: Install
  4698. P5: 200
  4699. P6: 0
  4700. P7: 80246013
  4701. P8: UpdateOrchestrator
  4702. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4703. P10: 0
  4704.  
  4705. Attached files:
  4706.  
  4707. These files may be available here:
  4708. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.17134.112_e64b3f1d8ada10c1be435c795dec243f1f97753_00000000_2c51c5ef
  4709.  
  4710. Analysis symbol:
  4711. Rechecking for solution: 0
  4712. Report Id: 41e4c391-6c53-4299-a723-7fc0af87600e
  4713. Report Status: 4
  4714. Hashed bucket:
  4715. Cab Guid: 0"
  4716. Information 7/29/2018 6:10:58 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  4717. Event Name: WindowsUpdateFailure3
  4718. Response: Not available
  4719. Cab Id: 0
  4720.  
  4721. Problem signature:
  4722. P1: 10.0.17134.112
  4723. P2: 80246013
  4724. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4725. P4: Install
  4726. P5: 200
  4727. P6: 0
  4728. P7: 80246013
  4729. P8: UpdateOrchestrator
  4730. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4731. P10: 0
  4732.  
  4733. Attached files:
  4734.  
  4735. These files may be available here:
  4736.  
  4737.  
  4738. Analysis symbol:
  4739. Rechecking for solution: 0
  4740. Report Id: 41e4c391-6c53-4299-a723-7fc0af87600e
  4741. Report Status: 1074003968
  4742. Hashed bucket:
  4743. Cab Guid: 0"
  4744. Information 7/29/2018 6:10:58 PM System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs -p; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore.
  4745. Information 7/29/2018 6:10:58 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4746. Information 7/29/2018 5:54:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4747. Information 7/29/2018 5:13:58 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  4748. Information 7/29/2018 5:11:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4749. Information 7/29/2018 5:10:59 PM Windows Error Reporting 1001 None "Fault bucket 1682760115931856892, type 5
  4750. Event Name: WindowsUpdateFailure3
  4751. Response: Not available
  4752. Cab Id: 0
  4753.  
  4754. Problem signature:
  4755. P1: 10.0.17134.112
  4756. P2: 80246013
  4757. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4758. P4: Install
  4759. P5: 200
  4760. P6: 0
  4761. P7: 80246013
  4762. P8: UpdateOrchestrator
  4763. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4764. P10: 0
  4765.  
  4766. Attached files:
  4767. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERD701.tmp.WERInternalMetadata.xml
  4768.  
  4769. These files may be available here:
  4770. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.17134.112_e64b3f1d8ada10c1be435c795dec243f1f97753_00000000_114ad8c6
  4771.  
  4772. Analysis symbol:
  4773. Rechecking for solution: 0
  4774. Report Id: ca339f0b-f40a-42a6-9a35-f3c3e744fe91
  4775. Report Status: 268435456
  4776. Hashed bucket: acb15cc7e65f5986d75a5d68e8503ffc
  4777. Cab Guid: 0"
  4778. Information 7/29/2018 5:10:58 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  4779. Event Name: WindowsUpdateFailure3
  4780. Response: Not available
  4781. Cab Id: 0
  4782.  
  4783. Problem signature:
  4784. P1: 10.0.17134.112
  4785. P2: 80246013
  4786. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4787. P4: Install
  4788. P5: 200
  4789. P6: 0
  4790. P7: 80246013
  4791. P8: UpdateOrchestrator
  4792. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4793. P10: 0
  4794.  
  4795. Attached files:
  4796.  
  4797. These files may be available here:
  4798. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.17134.112_e64b3f1d8ada10c1be435c795dec243f1f97753_00000000_036ad6e2
  4799.  
  4800. Analysis symbol:
  4801. Rechecking for solution: 0
  4802. Report Id: ca339f0b-f40a-42a6-9a35-f3c3e744fe91
  4803. Report Status: 4
  4804. Hashed bucket:
  4805. Cab Guid: 0"
  4806. Information 7/29/2018 5:10:58 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  4807. Event Name: WindowsUpdateFailure3
  4808. Response: Not available
  4809. Cab Id: 0
  4810.  
  4811. Problem signature:
  4812. P1: 10.0.17134.112
  4813. P2: 80246013
  4814. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4815. P4: Install
  4816. P5: 200
  4817. P6: 0
  4818. P7: 80246013
  4819. P8: UpdateOrchestrator
  4820. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4821. P10: 0
  4822.  
  4823. Attached files:
  4824.  
  4825. These files may be available here:
  4826.  
  4827.  
  4828. Analysis symbol:
  4829. Rechecking for solution: 0
  4830. Report Id: ca339f0b-f40a-42a6-9a35-f3c3e744fe91
  4831. Report Status: 1074003968
  4832. Hashed bucket:
  4833. Cab Guid: 0"
  4834. Information 7/29/2018 5:10:58 PM System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs -p; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore.
  4835. Information 7/29/2018 5:10:58 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4836. Information 7/29/2018 5:00:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4837. Information 7/29/2018 4:53:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4838. Information 7/29/2018 4:26:48 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  4839. Information 7/29/2018 4:23:49 PM ESENT 325 General "svchost (4136,D,35) DS_Token_DB: The database engine created a new database (1, C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds)
  4840.  
  4841. Additional Data: lgposCreate = 00000001:0001:0268
  4842.  
  4843. Internal Timing Sequence:
  4844. [1] 0.000054 +J(0) +M(C:0K, Fs:1, WS:4K # 4K, PF:4K # 4K, P:4K)
  4845. [2] 0.000575 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)
  4846. [3] 0.003466 +J(0) +M(C:0K, Fs:26, WS:96K # 100K, PF:64K # 68K, P:64K)
  4847. [4] 0.002138 +J(0) +M(C:0K, Fs:53, WS:212K # 208K, PF:88K # 84K, P:88K)
  4848. [5] 0.000285 +J(CM:0, PgRf:3, Rd:0/0, Dy:3/6, Lg:122/4) +M(C:8K, Fs:41, WS:164K # 164K, PF:160K # 164K, P:160K)
  4849. [6] 0.002644 +J(CM:0, PgRf:249, Rd:0/0, Dy:16/428, Lg:28550/465) +M(C:48K, Fs:113, WS:440K # 440K, PF:740K # 736K, P:740K)
  4850. [7] 0.000510 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:1, WS:4K # 4K, PF:0K # 0K, P:0K)
  4851. [8] 0.000001 +J(0)
  4852. [9] 0.004122 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:0K # 4K, P:0K)
  4853. [10] 0.005008 -0.001515 (12) CM +J(CM:12, PgRf:381, Rd:0/12, Dy:11/89, Lg:12509/128) +M(C:-12K, Fs:26, WS:84K # 88K, PF:8K # 8K, P:8K)
  4854. [11] 0.000001 +J(0)."
  4855. Information 7/29/2018 4:23:49 PM ESENT 637 General "svchost (4136,D,35) DS_Token_DB: New flush map file ""C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm"" will be created to enable persisted lost flush detection."
  4856. Information 7/29/2018 4:23:49 PM ESENT 105 General "svchost (4136,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds)
  4857.  
  4858. Additional Data:
  4859.  
  4860.  
  4861. Internal Timing Sequence:
  4862. [1] 0.000437 +J(0) +M(C:0K, Fs:133, WS:520K # 520K, PF:2464K # 2464K, P:2464K)
  4863. [2] 0.000192 +J(0) +M(C:8K, Fs:100, WS:392K # 392K, PF:1164K # 1164K, P:1164K)
  4864. [3] 0.000020 +J(0) +M(C:0K, Fs:2, WS:4K # 4K, PF:64K # 64K, P:64K)
  4865. [4] 0.000324 +J(0) +M(C:0K, Fs:86, WS:344K # 344K, PF:164K # 164K, P:164K)
  4866. [5] 0.000615 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:16K # 16K, P:16K)
  4867. [6] 0.000565 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:20K # 20K, P:20K)
  4868. [7] -
  4869. [8] -
  4870. [9] -
  4871. [10] -
  4872. [11] -
  4873. [12] -
  4874. [13] 0.008215 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:79, WS:256K # 300K, PF:72K # 80K, P:72K)
  4875. [14] 0.000012 +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K)
  4876. [15] 0.000038 +J(0) +M(C:0K, Fs:17, WS:68K # 36K, PF:64K # 56K, P:64K)
  4877. [16] 0.001638 +J(0) +M(C:0K, Fs:4, WS:8K # 12K, PF:0K # 4K, P:0K)."
  4878. Information 7/29/2018 4:23:49 PM ESENT 916 General svchost (4136,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4879. Information 7/29/2018 4:23:49 PM ESENT 102 General svchost (4136,P,98) DS_Token_DB: The database engine (10.00.17134.0000) is starting a new instance (0).
  4880. Information 7/29/2018 4:23:47 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4881. Information 7/29/2018 4:23:46 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4882. Information 7/29/2018 4:13:58 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  4883. Information 7/29/2018 4:10:59 PM Windows Error Reporting 1001 None "Fault bucket 1682760115931856892, type 5
  4884. Event Name: WindowsUpdateFailure3
  4885. Response: Not available
  4886. Cab Id: 0
  4887.  
  4888. Problem signature:
  4889. P1: 10.0.17134.112
  4890. P2: 80246013
  4891. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4892. P4: Install
  4893. P5: 200
  4894. P6: 0
  4895. P7: 80246013
  4896. P8: UpdateOrchestrator
  4897. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4898. P10: 0
  4899.  
  4900. Attached files:
  4901. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8CF.tmp.WERInternalMetadata.xml
  4902.  
  4903. These files may be available here:
  4904. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.17134.112_e64b3f1d8ada10c1be435c795dec243f1f97753_00000000_1ab3ea56
  4905.  
  4906. Analysis symbol:
  4907. Rechecking for solution: 0
  4908. Report Id: bbcd2a1b-1ace-4c8b-a12d-d09e27c65794
  4909. Report Status: 268435456
  4910. Hashed bucket: acb15cc7e65f5986d75a5d68e8503ffc
  4911. Cab Guid: 0"
  4912. Information 7/29/2018 4:10:58 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  4913. Event Name: WindowsUpdateFailure3
  4914. Response: Not available
  4915. Cab Id: 0
  4916.  
  4917. Problem signature:
  4918. P1: 10.0.17134.112
  4919. P2: 80246013
  4920. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4921. P4: Install
  4922. P5: 200
  4923. P6: 0
  4924. P7: 80246013
  4925. P8: UpdateOrchestrator
  4926. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4927. P10: 0
  4928.  
  4929. Attached files:
  4930.  
  4931. These files may be available here:
  4932. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.17134.112_e64b3f1d8ada10c1be435c795dec243f1f97753_00000000_2ecfe8c0
  4933.  
  4934. Analysis symbol:
  4935. Rechecking for solution: 0
  4936. Report Id: bbcd2a1b-1ace-4c8b-a12d-d09e27c65794
  4937. Report Status: 4
  4938. Hashed bucket:
  4939. Cab Guid: 0"
  4940. Information 7/29/2018 4:10:58 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  4941. Event Name: WindowsUpdateFailure3
  4942. Response: Not available
  4943. Cab Id: 0
  4944.  
  4945. Problem signature:
  4946. P1: 10.0.17134.112
  4947. P2: 80246013
  4948. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4949. P4: Install
  4950. P5: 200
  4951. P6: 0
  4952. P7: 80246013
  4953. P8: UpdateOrchestrator
  4954. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4955. P10: 0
  4956.  
  4957. Attached files:
  4958.  
  4959. These files may be available here:
  4960.  
  4961.  
  4962. Analysis symbol:
  4963. Rechecking for solution: 0
  4964. Report Id: bbcd2a1b-1ace-4c8b-a12d-d09e27c65794
  4965. Report Status: 1074003968
  4966. Hashed bucket:
  4967. Cab Guid: 0"
  4968. Information 7/29/2018 4:10:58 PM System Restore 8216 None Skipping creation of restore point (Process = c:\windows\system32\svchost.exe -k netsvcs -p; Description = Windows Update) as there is a restore point avaliable which is recent enough for System Restore.
  4969. Information 7/29/2018 4:10:58 PM ESENT 916 General svchost (2596,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4970. Information 7/29/2018 3:52:00 PM ESENT 916 General svchost (2248,G,98) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
  4971. Information 7/29/2018 3:13:58 PM VSS 8224 None The VSS service is shutting down due to idle timeout.
  4972. Information 7/29/2018 3:10:59 PM Windows Error Reporting 1001 None "Fault bucket 1682760115931856892, type 5
  4973. Event Name: WindowsUpdateFailure3
  4974. Response: Not available
  4975. Cab Id: 0
  4976.  
  4977. Problem signature:
  4978. P1: 10.0.17134.112
  4979. P2: 80246013
  4980. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  4981. P4: Install
  4982. P5: 200
  4983. P6: 0
  4984. P7: 80246013
  4985. P8: UpdateOrchestrator
  4986. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  4987. P10: 0
  4988.  
  4989. Attached files:
  4990. \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA40.tmp.WERInternalMetadata.xml
  4991.  
  4992. These files may be available here:
  4993. C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.17134.112_e64b3f1d8ada10c1be435c795dec243f1f97753_00000000_066cfbb7
  4994.  
  4995. Analysis symbol:
  4996. Rechecking for solution: 0
  4997. Report Id: 45664b7b-b079-4623-a01e-452db431b6c1
  4998. Report Status: 268435456
  4999. Hashed bucket: acb15cc7e65f5986d75a5d68e8503ffc
  5000. Cab Guid: 0"
  5001. Information 7/29/2018 3:10:58 PM Windows Error Reporting 1001 None "Fault bucket , type 0
  5002. Event Name: WindowsUpdateFailure3
  5003. Response: Not available
  5004. Cab Id: 0
  5005.  
  5006. Problem signature:
  5007. P1: 10.0.17134.112
  5008. P2: 80246013
  5009. P3: A43DC31B-FBDC-43D7-8087-A71A788D8EC6
  5010. P4: Install
  5011. P5: 200
  5012. P6: 0
  5013. P7: 80246013
  5014. P8: UpdateOrchestrator
  5015. P9: {9482F4B4-E343-43B6-B170-9A65BC822C77}
  5016. P10: 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!