Event[0]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-17T23:57:42.803
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
    .  



Event[1]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-17T23:57:48.014
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
   Windows  

Event[2]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-17T23:57:54.545
  Event ID: 4097
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     :: : <CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>;  SHA1: <4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5>.

Event[3]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-17T23:58:24.670
  Event ID: 4112
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
          : ?24 ? ?2015 ?. 2:21:10.

Event[4]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-17T23:58:52.445
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
    Windows  .

Event[5]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-18T00:01:46.519
  Event ID: 4113
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     -      : ?29 ? ?2015 ?. 18:49:19.

Event[6]:
  Log Name: Application
  Source: Microsoft-Windows-Search-ProfileNotify
  Date: 2015-07-18T00:01:53.000
  Event ID: 5
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  Windows        "DS88-WIN10IP\Jenya" .


Event[7]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:01:53.497
  Event ID: 1534
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
     Create   {D63AA156-D534-4BAC-9BF1-55359CF5EC30};        .
. 



Event[8]:
  Log Name: Application
  Source: Microsoft-Windows-Search-ProfileNotify
  Date: 2015-07-18T00:01:54.000
  Event ID: 5
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  Windows        "DS88-WIN10IP\Olga" .


Event[9]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:01:54.534
  Event ID: 1534
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
     Create   {D63AA156-D534-4BAC-9BF1-55359CF5EC30};        .
. 



Event[10]:
  Log Name: Application
  Source: Microsoft-Windows-Search-ProfileNotify
  Date: 2015-07-18T00:01:55.000
  Event ID: 5
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  Windows        "DS88-WIN10IP\Deti" .


Event[11]:
  Log Name: Application
  Source: Microsoft-Windows-Search-ProfileNotify
  Date: 2015-07-18T00:01:56.000
  Event ID: 5
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  Windows        "DS88-WIN10IP\dsergey88" .


Event[12]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:01:55.406
  Event ID: 1534
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
     Create   {D63AA156-D534-4BAC-9BF1-55359CF5EC30};        .
. 



Event[13]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:01:56.154
  Event ID: 1534
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
     Create   {D63AA156-D534-4BAC-9BF1-55359CF5EC30};        .
. 



Event[14]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-18T00:05:23.924
  Event ID: 4109
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      :: : <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>  Sha1: <742C3192E607E424EB4549542BE1BBC53E6174E2>.

Event[15]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-18T00:05:23.924
  Event ID: 4108
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     :: : <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>  Sha1: <4F65566336DB6598581D584A596C87934D5F2AB4>.

Event[16]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-18T00:05:23.956
  Event ID: 4111
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
          : ?18 ? ?2015 ?. 23:25:35.

Event[17]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:07:57.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .


Event[18]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:07:57.095
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
   .  



Event[19]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-18T00:09:09.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DS88-WIN10IP
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[20]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:09:09.939
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
    .  



Event[21]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:09:13.251
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
   Windows  

Event[22]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-18T00:09:26.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
Expected event (Started [0]).

Event[23]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:09:26.057
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
    Windows  .

Event[24]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T00:09:35.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
Service started.

Event[25]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T00:09:36.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[26]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-18T00:10:30.601
  Event ID: 4097
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     :: : <CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>;  SHA1: <97817950D81C9670CC34D809CF794431367EF474>.

Event[27]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T00:11:35.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[28]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T00:11:36.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
Service stopped.

Event[29]:
  Log Name: Application
  Source: Microsoft-Windows-Complus
  Date: 2015-07-18T00:11:42.000
  Event ID: 781
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 COM+        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\COM3\Eventlog.

Event[30]:
  Log Name: Application
  Source: Microsoft-Windows-MSDTC 2
  Date: 2015-07-18T00:11:44.000
  Event ID: 4202
  Task: TM
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
MSDTC    :

   (OFF = 0  ON = 1):
    = 0,
   = 0,
    : 
    = 0,
    = 0,
 -  (TIP) = 0,
   XA = 0,
   SNA LU 6.2 = 1,
    MSDTC =    ,
   = NT AUTHORITY\NetworkService,
    = 0

   = 0
    = 1


Event[31]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T00:12:14.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[32]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:12:21.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[33]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:12:23.000
  Event ID: 1034
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .  =Security-SPP-WriteWauMarker  =500

Event[34]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:12:23.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,        override-only.
 =(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) 
 =55c92734-d682-4d71-983e-d6ec3f16059f
 SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Event[35]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:12:23.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[36]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:12:23.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .
10.0.10240.16384

Event[37]:
  Log Name: Application
  Source: Microsoft-Windows-MSDTC Client 2
  Date: 2015-07-18T00:15:22.000
  Event ID: 4879
  Task: CM
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 MSDTC   (HR=0x80000171)        DS88-WIN10IP.

Event[38]:
  Log Name: Application
  Source: Microsoft-Windows-Complus
  Date: 2015-07-18T00:15:33.000
  Event ID: 781
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 COM+        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\COM3\Eventlog.

Event[39]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 16389
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     .

Event[40]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =OfficeB13AFB38-CD79-4AE5-9F7F-EED058D750CA PPD License
 =9b2fc674-1729-9947-d79e-b14526d95c30

Event[41]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =client-issuance-root-bridge-test Issuance License
 =7256a55f-e989-4e06-b2c2-c527f49e4527

Event[42]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =XrML 2.1 License - Product Key Configuration
 =968f85d3-74e5-4d39-90a0-68ee069a3b79

Event[43]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =OfficeA24CCA51-3D54-4C41-8A76-4031F5338CB2 PPD License
 =0d07f46a-03ac-a280-c6b5-0162f0527cc2

Event[44]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 Publishing License (Public)
 =7132be3b-7168-4006-b9a4-b46f9bb14709

Event[45]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 Publishing License (Private)
 =5ca8c038-3a94-4a82-ac06-855f1c4ced8d

Event[46]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL oob License (Public)
 =ba614571-1db7-405e-a36b-9d7cf0fabb10

Event[47]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL oob License (Private)
 =d9e74a9f-aa88-4cd0-b60f-d780d18f1589

Event[48]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL oob License (Public)
 =40b366e6-d6d6-4172-8c81-eefefc68e2ca

Event[49]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL oob License (Private)
 =d7c25dd7-d429-4519-b0d4-8a19fbf5d17a

Event[50]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =client-issuance-ul-oob Issuance License
 =7209e8e3-cce2-49dd-8f6e-2cc8a611f202

Event[51]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL phone License (Public)
 =108e03bb-cebc-4264-8c30-653ebdc9beaa

Event[52]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL phone License (Private)
 =c0dd1b29-08bb-4637-8fb0-fce0a6c50128

Event[53]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL volume License (Public)
 =6be8941e-61ec-49da-aa74-b1f63520ed09

Event[54]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =Office 15 UL volume License (Private)
 =d81ef325-1a48-48ca-af97-a9a7ed5e225c

Event[55]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =client-issuance-stil Issuance License
 =285583cd-fc43-4806-ace6-d247b7edd434

Event[56]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =client-issuance-ul Issuance License
 =ce939c0e-53f7-4011-a286-78b6975fa5f0

Event[57]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =client-issuance-root Issuance License
 =7cbeb41c-1778-47f2-aa36-51a5a618f716

Event[58]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PUBLIC}
 =97960ad6-6279-4bcf-a1dc-e1d8625fc695

Event[59]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PRIVATE}
 =0c75e5ea-eb57-4dc5-806e-c3e39610f0eb

Event[60]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 =client-issuance-bridge-office Issuance License
 =4d4a5396-01a7-4ae5-9973-b53bb1af5c30

Event[61]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:42.000
  Event ID: 1016
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     . 
ACID=a24cca51-3d54-4c41-8a76-4031f5338cb2
PKeyId=53f2b8eb-7e66-1f39-2890-64dec3643627

Event[62]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:43.000
  Event ID: 1034
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .  =Security-SPP-WriteWauMarker  =500

Event[63]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:43.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,        override-only.
 =(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) 
 =55c92734-d682-4d71-983e-d6ec3f16059f
 SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Event[64]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:15:43.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[65]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.362
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Win32_OfflineFilesConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[66]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.376
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 InvProv     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[67]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.391
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 UserProfileConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[68]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.419
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Win32_UserStateConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[69]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.426
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Win32_FolderRedirectionConfiguration     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[70]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.430
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Win32_OfflineFilesConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[71]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.440
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Win32_UserStateConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[72]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.443
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 UserProfileConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[73]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.445
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 InvProv     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[74]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.449
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Win32_FolderRedirectionConfiguration     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[75]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.452
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Win32_OfflineFilesConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[76]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.459
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 UserProfileConfigurationProvider     ROOT\CIMV2   Windows      LocalSystem.    , ,      ,     .

Event[77]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.486
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 MDMSettingsProv     ROOT\CIMV2\mdm   Windows      LocalSystem.    , ,      ,     .

Event[78]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.491
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 MDMSettingsProv     ROOT\CIMV2\mdm   Windows      LocalSystem.    , ,      ,     .

Event[79]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.511
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 DMWmiBridgeProv     ROOT\CIMV2\mdm\dmmap   Windows      LocalSystem.    , ,      ,     .

Event[80]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.514
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 DMWmiBridgeProv     ROOT\CIMV2\mdm\dmmap   Windows      LocalSystem.    , ,      ,     .

Event[81]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.522
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 DMWmiBridgeProv     ROOT\CIMV2\mdm\dmmap   Windows      LocalSystem.    , ,      ,     .

Event[82]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.620
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 MDMSettingsProv     ROOT\CIMV2\mdm   Windows      LocalSystem.    , ,      ,     .

Event[83]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.689
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 PowerMeterProvider     ROOT\CIMV2\power   Windows      LocalSystem.    , ,      ,     .

Event[84]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.692
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 PowerMeterProvider     ROOT\CIMV2\power   Windows      LocalSystem.    , ,      ,     .

Event[85]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.694
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 ProfileAssociationProviderCimV2     ROOT\CIMV2\power   Windows      LocalSystem.    , ,      ,     .

Event[86]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.856
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 PowerMeterProvider     ROOT\CIMV2\power   Windows      LocalSystem.    , ,      ,     .

Event[87]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:44.860
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 ProfileAssociationProviderCimV2     ROOT\CIMV2\power   Windows      LocalSystem.    , ,      ,     .

Event[88]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.000
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 WpcWebSyncProv     ROOT\CIMV2\Applications\WindowsParentalControls   Windows      LocalSystem.    , ,      ,     .

Event[89]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.014
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 WpcWebSyncProvSecured     ROOT\CIMV2\Applications\WindowsParentalControls\Secured   Windows      LocalSystem.    , ,      ,     .

Event[90]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.022
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 WpcWebSyncProvSecured     ROOT\CIMV2\Applications\WindowsParentalControls\Secured   Windows      LocalSystem.    , ,      ,     .

Event[91]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.053
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 WpcWebSyncProv     ROOT\CIMV2\Applications\WindowsParentalControls   Windows      LocalSystem.    , ,      ,     .

Event[92]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.249
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 MINT     ROOT\PEH   Windows      LocalSystem.    , ,      ,     .

Event[93]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.251
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 MINT     ROOT\PEH   Windows      LocalSystem.    , ,      ,     .

Event[94]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.258
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 MINT     ROOT\PEH   Windows      LocalSystem.    , ,      ,     .

Event[95]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.350
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 NetEventPacketCapture     ROOT\StandardCimv2   Windows      LocalSystem.    , ,      ,     .

Event[96]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.380
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 NetEventPacketCapture     ROOT\StandardCimv2   Windows      LocalSystem.    , ,      ,     .

Event[97]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.631
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 NetEventPacketCapture     ROOT\StandardCimv2   Windows      LocalSystem.    , ,      ,     .

Event[98]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.889
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 ProfileAssociationProviderInterop     ROOT\Interop   Windows      LocalSystem.    , ,      ,     .

Event[99]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:45.949
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 ProfileAssociationProviderInterop     ROOT\Interop   Windows      LocalSystem.    , ,      ,     .

Event[100]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:46.629
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 WsmAgent     ROOT\Microsoft\Windows\winrm   Windows      LocalSystem.    , ,      ,     .

Event[101]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:46.637
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 WsmAgent     ROOT\Microsoft\Windows\winrm   Windows      LocalSystem.    , ,      ,     .

Event[102]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:47.189
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 EventTracingManagement     ROOT\Microsoft\Windows\EventTracingManagement   Windows      LocalSystem.    , ,      ,     .

Event[103]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:47.191
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 EventTracingManagement     ROOT\Microsoft\Windows\EventTracingManagement   Windows      LocalSystem.    , ,      ,     .

Event[104]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:47.241
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 EventTracingManagement     ROOT\Microsoft\Windows\EventTracingManagement   Windows      LocalSystem.    , ,      ,     .

Event[105]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:47.263
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 DSCCoreProviders     ROOT\Microsoft\Windows\DesiredStateConfiguration   Windows      LocalSystem.    , ,      ,     .

Event[106]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:47.272
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 DSCCoreProviders     ROOT\Microsoft\Windows\DesiredStateConfiguration   Windows      LocalSystem.    , ,      ,     .

Event[107]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:15:47.326
  Event ID: 63
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 DSCCoreProviders     ROOT\Microsoft\Windows\DesiredStateConfiguration   Windows      LocalSystem.    , ,      ,     .

Event[108]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T00:16:11.959
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[109]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-18T00:18:37.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 Windows Search .


Event[110]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T00:18:51.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    Windows .

Event[111]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:19:03.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[112]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:19:25.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : WinSetupDiag01
:  
 CAB: 0

 :
P1: 1
P2: 4
P3: 9
P4: 0
P5: 0x0
P6: 0x0
P7: 10166
P8: X
P9: 10240
P10: th1

 :
C:\Windows\Panther\setupact.log
C:\Windows\Panther\diagerr.xml
C:\Windows\INF\setupapi.setup.log
C:\Windows\INF\setupapi.dev.log
C:\Windows\INF\setupapi.offline.log

    :


 : 
  : 0
 : 7ed00914-2cc9-11e5-9bc2-d8cb8a158772
 : 262144
 : 

Event[113]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:19:31.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  124592829689,  5
 : WinSetupDiag01
:  
 CAB: 0

 :
P1: 1
P2: 4
P3: 9
P4: 0
P5: 0x0
P6: 0x0
P7: 10166
P8: X
P9: 10240
P10: th1

 :
C:\Windows\Panther\setupact.log
C:\Windows\Panther\diagerr.xml
C:\Windows\INF\setupapi.setup.log
C:\Windows\INF\setupapi.dev.log
C:\Windows\INF\setupapi.offline.log
C:\Windows\Temp\WER2F0E.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_1_5c1fb54fddac79e561e7e623479d9f354045b7fb_00000000_0bf64797

 : 
  : 0
 : 7ed00914-2cc9-11e5-9bc2-d8cb8a158772
 : 0
 : 7b05f2ec8337de416e5adf1c292ffe32

Event[114]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:19:45.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  124592603515,  5
 : PnPDriverImportError
:  
 CAB: 0

 :
P1: x64
P2: 0000000D
P3: prnms009.Inf
P4: b3a25c8d32d630c2a3bcbfa62598c729c23d0753
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\DMIBB2D.tmp.log.xml
C:\Windows\System32\spool\tools\Microsoft Print To PDF\prnms009.inf
C:\Windows\Temp\WERBBDA.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_5711bc8df7197ffaac792bd5fc70bd2893ffe_00000000_032a72ae

 : 
  : 0
 : e5c6ba01-2cc7-11e5-9bc1-d8cb8a158772
 : 0
 : 3fd7b806bed5b87f61e09089085c5305

Event[115]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:19:46.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  124592603884,  5
 : PnPDriverImportError
:  
 CAB: 0

 :
P1: x64
P2: 0000000D
P3: prnms001.Inf
P4: ed3db02081a32745e450229518aa953ceb508203
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\DMIBC0A.tmp.log.xml
C:\Windows\System32\spool\tools\Microsoft XPS Document Writer\prnms001.inf
C:\Windows\Temp\WERBC49.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_a2f8446411b669f1177fd2872abf114f9d5eae2_00000000_032a7fdd

 : 
  : 0
 : e5c6ba02-2cc7-11e5-9bc1-d8cb8a158772
 : 0
 : 9a01087778f69426f9fe89793d2eda71

Event[116]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T00:19:50.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     -    winlogon <SessionEnv>.

Event[117]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T00:19:53.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    -    winlogon <SessionEnv>.

Event[118]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T00:20:01.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SearchIndexer (2552) Windows:    (0)  (10.00.10240.0000).

Event[119]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T00:20:01.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SearchIndexer (2552) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.047, [4] 0.016, [5] 0.000, [6] 0.000, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000.

Event[120]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T00:20:01.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SearchIndexer (2552) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.046, [3] 0.000, [4] 0.000, [5] 0.047, [6] 0.047, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.016. 
 : 1 0

Event[121]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:20:46.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,        override-only.
 =(Security-SPP-Reserved-EnableNotificationMode) 
 =0ff1ce15-a989-479d-af46-f275c6370663
 SKU=a24cca51-3d54-4c41-8a76-4031f5338cb2

Event[122]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:21:29.000
  Event ID: 8230
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 :
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0xc004f034;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_NOTIFICATION;PartialProductKey=3V66T;ProductKeyType=Retail;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=RETAIL

Event[123]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:21:33.000
  Event ID: 8230
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 :
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0xc004f034;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_NOTIFICATION;PartialProductKey=3V66T;ProductKeyType=Retail;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=RETAIL

Event[124]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:21:35.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[125]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:21:35.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[126]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:21:35.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[127]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:21:35.000
  Event ID: 8198
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   (slui.exe)    :
hr=0xC004F034
  :
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Event[128]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:22:05.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
        2015-07-18T21:21:05Z. : RulesEngine.

Event[129]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:22:05.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .


Event[130]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:23:34.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     .
:caller=SystemSettings.exe

Event[131]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:23:35.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[132]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:23:35.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[133]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:23:35.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .
10.0.10240.16384

Event[134]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:23:49.000
  Event ID: 8230
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 :
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0xc004f034;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_NOTIFICATION;PartialProductKey=3V66T;ProductKeyType=Retail;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=RETAIL

Event[135]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:23:58.000
  Event ID: 8230
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 :
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0xc004f034;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_NOTIFICATION;PartialProductKey=3V66T;ProductKeyType=Retail;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=RETAIL

Event[136]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:01.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
        2015-07-18T21:21:01Z. : RulesEngine.

Event[137]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:01.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .


Event[138]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:22.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     .
:caller=OLicenseHeartbeat.exe

Event[139]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:22.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[140]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:23.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[141]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:23.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .
10.0.10240.16384

Event[142]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:23.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =0ff1ce15-a989-479d-af46-f275c6370663
 =
1: a24cca51-3d54-4c41-8a76-4031f5338cb2, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: b13afb38-cd79-4ae5-9f7f-eed058d750ca, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[143]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:25:23.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =0ff1ce15-a989-479d-af46-f275c6370663
 =
1: a24cca51-3d54-4c41-8a76-4031f5338cb2, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: b13afb38-cd79-4ae5-9f7f-eed058d750ca, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[144]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:26:13.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
        2015-07-18T21:21:13Z. : RulesEngine.

Event[145]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:26:13.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .


Event[146]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:26:32.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     .
:caller=SystemSettings.exe

Event[147]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:26:32.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[148]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:26:32.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[149]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:26:32.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .
10.0.10240.16384

Event[150]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:27:08.000
  Event ID: 8230
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 :
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0xc004f034;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_NOTIFICATION;PartialProductKey=3V66T;ProductKeyType=Retail;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=RETAIL

Event[151]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T00:27:34.146
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: ds88-Win10IP
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[152]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:27:41.314
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 1268 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1952 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1088 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1268 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1952 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1268 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1952 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[153]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T00:27:41.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    -    winlogon <SessionEnv>.

Event[154]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:27:57.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .


Event[155]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T00:27:57.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[156]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-18T00:27:57.000
  Event ID: 8225
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 VSS  -  ,    . 

Event[157]:
  Log Name: Application
  Source: Microsoft-Windows-MSDTC
  Date: 2015-07-18T00:27:57.000
  Event ID: 4111
  Task: SVC
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 MS DTC .

Event[158]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T00:27:57.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[159]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T00:27:57.000
  Event ID: 2
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    Windows .

Event[160]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:27:57.084
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
   .  



Event[161]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-18T00:28:47.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DS88-WIN10IP
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[162]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T00:28:47.180
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
    .  



Event[163]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:28:56.832
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
   Windows  

Event[164]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-18T00:29:01.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
Expected event (Started [0]).

Event[165]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T00:29:04.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
Service started.

Event[166]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T00:29:04.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[167]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T00:29:22.580
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
    Windows  .

Event[168]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T00:30:38.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     -    winlogon <SessionEnv>.

Event[169]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T00:30:39.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    -    winlogon <SessionEnv>.

Event[170]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T00:30:59.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SearchIndexer (4452) Windows:    (0)  (10.00.10240.0000).

Event[171]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T00:31:00.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SearchIndexer (4452) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.094, [4] 0.062, [5] 0.000, [6] 0.000, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000.

Event[172]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T00:31:00.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SearchIndexer (4452) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.031, [3] 0.000, [4] 0.000, [5] 0.406, [6] 0.016, [7] 0.015, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[173]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-18T00:31:02.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 Windows Search .


Event[174]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T00:31:04.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[175]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T00:31:05.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
Service stopped.

Event[176]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:31:33.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     .
:trigger=logon;sessionid=1

Event[177]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:31:33.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[178]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:31:34.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[179]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:31:34.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .
10.0.10240.16384

Event[180]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T00:32:01.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[181]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T00:32:06.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    Windows .

Event[182]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  92017250241,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: PCI\VEN_10DE&DEV_0FBC&SUBSYS_13811569&REV_A1
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WERFD8E.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_b54364435a27a3cc846a6aacec2b4d793aad84ea_00000000_16537dcc

 : 
  : 0
 : b087566c-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 8f89dcd3a438208e27143dfd1b5fa22b

Event[183]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  92014836693,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: PCI\VEN_1002&DEV_4383&SUBSYS_D6931462&REV_40
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WERFEF7.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_4df29b299fb391ddb72147df5e883e5ea7aa7f_00000000_1653801e

 : 
  : 0
 : b087566d-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : cf06f9a8bdda24498395f62b898d131e

Event[184]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:10.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851241,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_00
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER5AE.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_23384c9527599ddb3c5e71a6518aac52f13a5b_00000000_1653833b

 : 
  : 0
 : b087566e-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 0c52fa96f5f5947387b87e9806f140df

Event[185]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:11.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654391,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_00
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER5BF.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_3e9bee3f42fb87594647235539e427c0c00079_00000000_165385bb

 : 
  : 0
 : b087566f-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : ea2486dacfcacca69bcc87834f08fafe

Event[186]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:11.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851229,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER5D0.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_2c22ebf4515cd4b1278fc090e567ff0358546_00000000_1653888a

 : 
  : 0
 : b0875670-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 6ed13b34ba72005bb36fcae1de2f6a60

Event[187]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:12.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654393,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_01
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER5E0.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_8f217ab5ddbc8b4dc93f5bfcea6847c3718e8fe_00000000_16538a7e

 : 
  : 0
 : b0875671-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 13c05b8002d188d155255e1e30b52afc

Event[188]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:14.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851121,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER5F1.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_781c3fada64f1297ecc0fc17a5de6d23a7af2879_00000000_165391c1

 : 
  : 0
 : b0875672-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : a2263f4c7386e09e78f5d2061d8abd25

Event[189]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:14.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851215,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col02
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER601.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_49547d9710c443f0276ef88ce2ee3df1359423f2_00000000_165394af

 : 
  : 0
 : b0875673-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 682cba0a47ce45079168b9a60f5a5872

Event[190]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:15.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654361,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col02
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER631.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_9547159a53f3526cfb99ffa3ba688032c96fa46a_00000000_165397bd

 : 
  : 0
 : b0875674-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 634720bcf7ff930783b1e79d01053e3e

Event[191]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:18.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851137,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col03
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER642.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_6cc4fd2d7cfb1869c85926715c2721a74c39f5_00000000_16539b08

 : 
  : 0
 : b0875675-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 87e017dc966aa3f2398292219a2ca5a8

Event[192]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:20.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654323,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col03
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\WER691.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_178379a7199b128efd5e8cb04f23a58d4220a45e_00000000_1653a75d

 : 
  : 0
 : b0875676-2cca-11e5-9bc2-d8cb8a158772
 : 0
 : 7864d3e9ed35351ff7fc9384a1859aa1

Event[193]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:30.000
  Event ID: 1034
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .  =Security-SPP-WriteWauMarker  =500

Event[194]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:30.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,        override-only.
 =(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Security-SPP-Reserved-EnableNotificationMode) (Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) 
 =55c92734-d682-4d71-983e-d6ec3f16059f
 SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Event[195]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:30.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[196]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:30.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[197]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:30.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[198]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:30.000
  Event ID: 8197
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 SLUI.exe       :
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Event[199]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:31.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: PCI\VEN_1002&DEV_4383&SUBSYS_D6931462&REV_40
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD756.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_4df29b299fb391ddb72147df5e883e5ea7aa7f_00000000_cab_083bd775

 : 
  : 0
 : 5445e5d1-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[200]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:31.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_045E&PID_07F8&REV_0300&MI_01&Col01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD7A4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_c4ead02ee0bacc4ccae2d1baed90a83d111b8_00000000_cab_182fd7b4

 : 
  : 0
 : 544d0ca5-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[201]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: PCI\VEN_10DE&DEV_0FBC&SUBSYS_13811569&REV_A1
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD7C4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_b54364435a27a3cc846a6aacec2b4d793aad84ea_00000000_cab_083bd7d3

 : 
  : 0
 : 5445e5d2-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[202]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_045E&PID_07F8&REV_0300&MI_01&Col02
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD7D4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_5050c2e14d4bad5b7ecf7b24ee44f389036b02d_00000000_cab_182fd88e

 : 
  : 0
 : 544d0ca6-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[203]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_045E&PID_07F8&REV_0300&MI_01&Col02
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD8BF.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_269ea33a5628fc7fc5d6d5f853b885b1cd2d7a4_00000000_cab_182fd8bd

 : 
  : 0
 : 544d0ca7-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[204]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD8EF.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_dcc15449fd5b8e2f818431a92015c71b4d69d32_00000000_cab_182fd8fc

 : 
  : 0
 : 544d0ca8-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[205]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_01
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD90F.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_9655cc655cd6e46b2e5a7eae89eeb44b23a38fec_00000000_cab_182fd90b

 : 
  : 0
 : 544d0ca9-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[206]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_00
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD920.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_cc40acd57dbde14f96acbab82383c6a4464b22_00000000_cab_182fd92b

 : 
  : 0
 : 544d0caa-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[207]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_00
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD931.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f3403243993f7429afa4835e4afb5b0237bb5a_00000000_cab_182fd93a

 : 
  : 0
 : 544d0cab-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[208]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:34.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  92014836693,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: PCI\VEN_1002&DEV_4383&SUBSYS_D6931462&REV_40
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD756.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_4df29b299fb391ddb72147df5e883e5ea7aa7f_00000000_18a7dc96

 : 
  : 0
 : 5445e5d1-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : cf06f9a8bdda24498395f62b898d131e

Event[209]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:36.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -567554816,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_045E&PID_07F8&REV_0300&MI_01&Col01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD7A4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_c4ead02ee0bacc4ccae2d1baed90a83d111b8_00000000_18a7e58f

 : 
  : 0
 : 544d0ca5-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 72f7c14d0fe3eb0b5b132349f6c23adf

Event[210]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:37.000
  Event ID: 8230
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 :
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0x4004f401;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=3V66T;ProductKeyType=Retail;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=RETAIL

Event[211]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:32:37.000
  Event ID: 8197
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 SLUI.exe       :
RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;Trigger=TimerEvent

Event[212]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col03
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WEREC74.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_6cc4fd2d7cfb1869c85926715c2721a74c39f5_00000000_cab_1a87ec93

 : 
  : 0
 : 577ddc64-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[213]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col03
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECA4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_178379a7199b128efd5e8cb04f23a58d4220a45e_00000000_cab_1a87eca3

 : 
  : 0
 : 577ddc65-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[214]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col02
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECB5.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_49547d9710c443f0276ef88ce2ee3df1359423f2_00000000_cab_1a87ecc2

 : 
  : 0
 : 577ddc66-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[215]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col02
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECD5.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_9547159a53f3526cfb99ffa3ba688032c96fa46a_00000000_cab_1a87ecd2

 : 
  : 0
 : 577ddc67-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[216]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECE6.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_781c3fada64f1297ecc0fc17a5de6d23a7af2879_00000000_cab_1a87ecf1

 : 
  : 0
 : 577ddc68-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[217]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED06.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_2c22ebf4515cd4b1278fc090e567ff0358546_00000000_cab_1a87ed10

 : 
  : 0
 : 577ddc69-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[218]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_01
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED36.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_8f217ab5ddbc8b4dc93f5bfcea6847c3718e8fe_00000000_cab_1a87ed30

 : 
  : 0
 : 577ddc6a-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[219]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_00
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED46.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_23384c9527599ddb3c5e71a6518aac52f13a5b_00000000_cab_1a87ed4f

 : 
  : 0
 : 577ddc6b-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[220]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_00
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED67.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_3e9bee3f42fb87594647235539e427c0c00079_00000000_cab_1a87ed6e

 : 
  : 0
 : 577ddc6c-2ccb-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[221]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:38.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  92017250241,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: PCI\VEN_10DE&DEV_0FBC&SUBSYS_13811569&REV_A1
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD7C4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_b54364435a27a3cc846a6aacec2b4d793aad84ea_00000000_1b6bf156

 : 
  : 0
 : 5445e5d2-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 8f89dcd3a438208e27143dfd1b5fa22b

Event[222]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:39.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -567554819,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_045E&PID_07F8&REV_0300&MI_01&Col02
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD7D4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_5050c2e14d4bad5b7ecf7b24ee44f389036b02d_00000000_1b6bf32b

 : 
  : 0
 : 544d0ca6-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : cd8844df18dc711fd1b8bf3c9b9dd1bc

Event[223]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:39.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  91076778068,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_045E&PID_07F8&REV_0300&MI_01&Col02
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD8BF.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_269ea33a5628fc7fc5d6d5f853b885b1cd2d7a4_00000000_1b6bf52f

 : 
  : 0
 : 544d0ca7-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 6a07ba114a38d46452f85c92807063af

Event[224]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:41.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -567554818,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD8EF.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_dcc15449fd5b8e2f818431a92015c71b4d69d32_00000000_1b6bf82c

 : 
  : 0
 : 544d0ca8-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 512fd1f2d26dfb012e89d9b5e70853e0

Event[225]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:42.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  91076778488,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_01
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD90F.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_9655cc655cd6e46b2e5a7eae89eeb44b23a38fec_00000000_1b6bfd9b

 : 
  : 0
 : 544d0ca9-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : ca04614533e5de68974447e779193874

Event[226]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:43.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -567554815,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_00
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD920.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_cc40acd57dbde14f96acbab82383c6a4464b22_00000000_1b6c02fa

 : 
  : 0
 : 544d0caa-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 1f83b3b14e3aecec782fb022bca0e179

Event[227]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:43.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  91076778770,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_045E&PID_07F8&REV_0300&MI_00
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERD931.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_f3403243993f7429afa4835e4afb5b0237bb5a_00000000_1b6c04bf

 : 
  : 0
 : 544d0cab-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : cd38d4403cc9700e652d2ea3fee3fb60

Event[228]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T00:32:44.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851137,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col03
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WEREC74.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_6cc4fd2d7cfb1869c85926715c2721a74c39f5_00000000_1b6c0694

 : 
  : 0
 : 577ddc64-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 87e017dc966aa3f2398292219a2ca5a8

Event[229]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:33:04.000
  Event ID: 8230
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
      .
 :
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0x4004f401;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=3V66T;ProductKeyType=Retail;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=RETAIL

Event[230]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T00:33:31.743
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: ds88-Win10IP
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :      ..   .   Microsoft-Windows-TWinUI/Operational.

Event[231]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:34:02.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
        2115-06-23T21:34:02Z. : RulesEngine.

Event[232]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T00:34:02.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .


Event[233]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T00:35:08.735
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[234]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T00:35:08.960
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[235]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T08:06:16.641
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: ds88-Win10IP
  Description: 
   Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[236]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:07:22.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
     .
:caller=Explorer.EXE

Event[237]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:07:22.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[238]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:07:22.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[239]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:07:22.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .
10.0.10240.16384

Event[240]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:07:53.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
        2115-06-24T05:07:52Z. : RulesEngine.

Event[241]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:07:53.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    .


Event[242]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:51.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654323,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col03
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECA4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_178379a7199b128efd5e8cb04f23a58d4220a45e_00000000_1ddd9dd6

 : 
  : 0
 : 577ddc65-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 7864d3e9ed35351ff7fc9384a1859aa1

Event[243]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:51.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851215,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col02
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECB5.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_49547d9710c443f0276ef88ce2ee3df1359423f2_00000000_1ddd9fca

 : 
  : 0
 : 577ddc66-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 682cba0a47ce45079168b9a60f5a5872

Event[244]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:52.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654361,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col02
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECD5.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_9547159a53f3526cfb99ffa3ba688032c96fa46a_00000000_1ddda1ae

 : 
  : 0
 : 577ddc67-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 634720bcf7ff930783b1e79d01053e3e

Event[245]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:52.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851121,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: HID\VID_046D&PID_C52F&REV_3000&MI_01&Col01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERECE6.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_781c3fada64f1297ecc0fc17a5de6d23a7af2879_00000000_1ddda383

 : 
  : 0
 : 577ddc68-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : a2263f4c7386e09e78f5d2061d8abd25

Event[246]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:53.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851229,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_01
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED06.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_2c22ebf4515cd4b1278fc090e567ff0358546_00000000_1ddda50a

 : 
  : 0
 : 577ddc69-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 6ed13b34ba72005bb36fcae1de2f6a60

Event[247]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:53.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654393,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_01
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED36.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_8f217ab5ddbc8b4dc93f5bfcea6847c3718e8fe_00000000_1ddda6fe

 : 
  : 0
 : 577ddc6a-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 13c05b8002d188d155255e1e30b52afc

Event[248]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:54.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  -1027851241,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_00
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED46.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_23384c9527599ddb3c5e71a6518aac52f13a5b_00000000_1ddda8b3

 : 
  : 0
 : 577ddc6b-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : 0c52fa96f5f5947387b87e9806f140df

Event[249]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:08:54.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  90904654391,  5
 : PnPRequestAdditionalSoftware
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C52F&REV_3000&MI_00
P3: 10.0.0.0
P4: 0419
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERED67.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_3e9bee3f42fb87594647235539e427c0c00079_00000000_1dddaa88

 : 
  : 0
 : 577ddc6c-2ccb-11e5-b6d1-d8cb8a158772
 : 0
 : ea2486dacfcacca69bcc87834f08fafe

Event[250]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T08:09:19.970
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 57 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 2428 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2172 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 2428 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2172 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\MY
Process 2428 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2172 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 1212 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 744 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections


Event[251]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T08:09:20.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    -    winlogon <SessionEnv>.

Event[252]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:09:36.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
  ,  0
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WER4CA4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_083e4cb4

 : 
  : 0
 : 2e4d4959-2d0b-11e5-b6d1-d8cb8a158772
 : 4
 : 

Event[253]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T08:10:11.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[254]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T08:10:11.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
N/A

Event[255]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-18T08:10:12.000
  Event ID: 8225
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
 VSS  -  ,    . 

Event[256]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T08:10:12.000
  Event ID: 2
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: ds88-Win10IP
  Description: 
    Windows .

Event[257]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T08:10:11.740
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: ds88-Win10IP
  Description: 
   .  



Event[258]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-18T08:10:59.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DSERGEY88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[259]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T08:10:58.805
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[260]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T08:11:07.250
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[261]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-18T08:11:14.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[262]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T08:11:16.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[263]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T08:11:16.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[264]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T08:11:35.952
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[265]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T08:13:16.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[266]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T08:13:17.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[267]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T08:13:19.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[268]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:13:20.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[269]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:13:20.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[270]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:13:20.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[271]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:13:20.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[272]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T08:13:20.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[273]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T08:13:21.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (1356) Windows:    (0)  (10.00.10240.0000).

Event[274]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T08:13:21.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (1356) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.032, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.

Event[275]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T08:13:21.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (1356) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.031, [3] 0.125, [4] 0.000, [5] 0.047, [6] 0.062, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[276]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-18T08:13:22.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[277]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:13:51.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-24T05:13:50Z. : RulesEngine.

Event[278]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:13:51.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[279]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:14:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124592881860,  5
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WER4CA4.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_083e4cb4

 : 
  : 0
 : 2e4d4959-2d0b-11e5-b6d1-d8cb8a158772
 : 0
 : a04dd425356fde41710427274378f4bb

Event[280]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T08:14:18.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[281]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T08:14:19.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[282]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T08:17:49.359
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[283]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T08:17:49.499
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[284]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T08:23:35.350
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[285]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T08:23:38.937
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 5 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 84 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 84 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[286]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T08:23:39.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[287]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T08:23:39.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[288]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T08:23:39.000
  Event ID: 2
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[289]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T08:23:39.778
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[290]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-18T08:24:21.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DSERGEY88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[291]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T08:24:20.661
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[292]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T08:24:27.546
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[293]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-18T08:24:38.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[294]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T08:24:42.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[295]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T08:24:43.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[296]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T08:24:41.537
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[297]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T08:26:42.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[298]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T08:26:43.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[299]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T08:26:45.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[300]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:26:46.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[301]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T08:26:47.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[302]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T08:26:47.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (1332) Windows:    (0)  (10.00.10240.0000).

Event[303]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T08:26:47.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (1332) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.032, [4] 0.015, [5] 0.000, [6] 0.000, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000.

Event[304]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:26:47.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[305]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:26:47.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[306]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T08:26:47.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (1332) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.016, [3] 0.125, [4] 0.000, [5] 0.031, [6] 0.062, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[307]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:26:47.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[308]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-18T08:26:48.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[309]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:27:18.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-24T05:27:17Z. : RulesEngine.

Event[310]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T08:27:18.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[311]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T08:27:38.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[312]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T08:27:40.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[313]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T08:31:11.531
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[314]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T08:31:11.680
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[315]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T08:44:38.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[316]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:47.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 7AA4B90A-8816-4CDE-A273-771FE17ED388
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : a7efc1a5-2d10-11e5-b6d3-d8cb8a158772
 : 262144
 : 

Event[317]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:47.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: FCAC6447-CD88-4368-BA9A-209F88BF3962
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : a7efc1a6-2d10-11e5-b6d3-d8cb8a158772
 : 262144
 : 

Event[318]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:47.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: FCAC6447-CD88-4368-BA9A-209F88BF3962
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERB337.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_b6be2828b4c717074518b5581326731ea5142_00000000_cab_1f06b357

 : 
  : 0
 : a7efc1a6-2d10-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[319]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:47.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 7AA4B90A-8816-4CDE-A273-771FE17ED388
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERB357.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_eba645c6d61545c63fa24d934264982c6d97fb_00000000_cab_0faeb366

 : 
  : 0
 : a7efc1a5-2d10-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[320]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:49.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124611451982,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: FCAC6447-CD88-4368-BA9A-209F88BF3962
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERB337.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_b6be2828b4c717074518b5581326731ea5142_00000000_1f0ab848

 : 
  : 0
 : a7efc1a6-2d10-11e5-b6d3-d8cb8a158772
 : 0
 : 21624c06839c3c42ab644a4af23204b1

Event[321]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:49.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124603267911,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 7AA4B90A-8816-4CDE-A273-771FE17ED388
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERB357.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_eba645c6d61545c63fa24d934264982c6d97fb_00000000_1f0abaf8

 : 
  : 0
 : a7efc1a5-2d10-11e5-b6d3-d8cb8a158772
 : 0
 : daaaf976a816a11980c000799f087911

Event[322]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:55.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : a7efc1a7-2d10-11e5-b6d3-d8cb8a158772
 : 262144
 : 

Event[323]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:55.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERD287.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_3bce27fb4eac86f980189c437de8d1b29197077_00000000_cab_1e8ad2a6

 : 
  : 0
 : a7efc1a7-2d10-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[324]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:48:57.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124611576716,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERD287.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_3bce27fb4eac86f980189c437de8d1b29197077_00000000_1c06d73a

 : 
  : 0
 : a7efc1a7-2d10-11e5-b6d3-d8cb8a158772
 : 0
 : ca749ed0868b7026a91fe52d70614b8a

Event[325]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:50:40.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : eb78180b-2d10-11e5-b6d3-d8cb8a158772
 : 262144
 : 

Event[326]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:50:40.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER6CAF.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_ec9ea38c6cf24b80cc3b4841dee848e4c884419_00000000_cab_0e386cbf

 : 
  : 0
 : eb78180b-2d10-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[327]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:50:42.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124612150126,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER6CAF.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_ec9ea38c6cf24b80cc3b4841dee848e4c884419_00000000_1e3c7162

 : 
  : 0
 : eb78180b-2d10-11e5-b6d3-d8cb8a158772
 : 0
 : d2d77ae24560c907e2d96c2d6c0fc749

Event[328]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:52:30.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 772AAFA1-E0CC-49ED-B870-A227C22FB447
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : 2d05b913-2d11-11e5-b6d3-d8cb8a158772
 : 262144
 : 

Event[329]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:52:30.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 772AAFA1-E0CC-49ED-B870-A227C22FB447
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER1A40.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_88cf812b83c2bab7f8502eaa6e50c115a8fbdc97_00000000_cab_0eb21a4f

 : 
  : 0
 : 2d05b913-2d11-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[330]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T08:52:33.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124611571785,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 772AAFA1-E0CC-49ED-B870-A227C22FB447
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER1A40.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_88cf812b83c2bab7f8502eaa6e50c115a8fbdc97_00000000_1e6a2646

 : 
  : 0
 : 2d05b913-2d11-11e5-b6d3-d8cb8a158772
 : 0
 : 98c79c39ea900803f625806f70e43b45

Event[331]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-18T08:54:05.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[332]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-18T09:03:59.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16386,  : 0x55a0791d
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x00000000005275ac
  : 0x1284
   : 0x01d0c11a7bb16e1c
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : cedf1621-9ccf-4bad-a154-d50aeddba7ac
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[333]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T09:04:02.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162124152,  5
 : MoAppCrash
:  
 CAB: 133169737521

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16386
P4: 55a0791d
P5: Windows.UI.Xaml.dll
P6: 10.0.10240.16389
P7: 55a46bfc
P8: c000027b
P9: 00000000005275ac
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER9FCB.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WERA450.tmp.appcompat.txt
C:\Users\dsergey88\AppData\Local\Temp\WERA627.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_a05edbb2e76ef24145ff89fd7570da7e06057e1_21351821_cab_0cb0a931

 : 
  : 0
 : cedf1621-9ccf-4bad-a154-d50aeddba7ac
 : 131080
 : 5c0fbc58565820f923236dac04619bc8

Event[334]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T09:04:24.519
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[335]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T09:04:24.616
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[336]:
  Log Name: Application
  Source: Microsoft-Windows-Defrag
  Date: 2015-07-18T09:09:43.000
  Event ID: 258
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
         OC (C:)

Event[337]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T09:15:28.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C29A&REV_1327
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER1EDD.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_1ae1a6336505d98cd1eedbb7e1df36f1f6f581b_00000000_cab_076b1eed

 : 
  : 0
 : 620a9047-2d14-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[338]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T09:15:29.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  -319974803,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C29A&REV_1327
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER1EDD.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_1ae1a6336505d98cd1eedbb7e1df36f1f6f581b_00000000_16972371

 : 
  : 0
 : 620a9047-2d14-11e5-b6d3-d8cb8a158772
 : 0
 : 3f5bda9cda1bfc67d60cb623db72ac3f

Event[339]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:32:55.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716) {D4EB96CE-0A8D-4B1C-B56D-490190E326C8}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[340]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:32:55.000
  Event ID: 455
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716) {D4EB96CE-0A8D-4B1C-B56D-490190E326C8}:  -1032 (0xfffffbf8)     C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.

Event[341]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:05.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[342]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:05.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[343]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:15.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[344]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:15.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[345]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:26.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[346]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:26.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[347]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:36.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[348]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:36.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[349]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:46.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[350]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:46.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[351]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:57.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[352]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:33:57.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[353]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:07.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[354]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:07.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[355]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:17.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[356]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:17.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[357]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:28.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[358]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:28.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[359]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:38.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[360]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T10:34:38.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (5716)     ,         . ,      ,     ,     .  -1032.

Event[361]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T10:37:25.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[362]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T10:37:26.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[363]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T10:37:26.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[364]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-18T10:37:31.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : LockAppHost.exe, : 10.0.10240.16386,  : 0x55a06c1b
  : ntdll.dll, : 10.0.10240.16384,  : 0x559f384f
 : 0xc0000005
 : 0x0000000000035aeb
  : 0x47c
   : 0x01d0c12c73abffaa
  : C:\Windows\System32\LockAppHost.exe
  : C:\WINDOWS\SYSTEM32\ntdll.dll
 : f9429312-a542-4004-a41b-4ca772fd1bd0
   : 
 ,    : 

Event[365]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T10:39:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  120275773859,  4
 : APPCRASH
:  
 CAB: 120279238275

 :
P1: LockAppHost.exe
P2: 10.0.10240.16386
P3: 55a06c1b
P4: ntdll.dll
P5: 10.0.10240.16384
P6: 559f384f
P7: c0000005
P8: 0000000000035aeb
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER416C.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER465F.tmp.appcompat.txt
memory.hdmp

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_LockAppHost.exe_baa9b869ef1b39bcab468b4ab28c7ba070e8c886_bb61e62c_cab_20842947

 : 
  : 0
 : f9429312-a542-4004-a41b-4ca772fd1bd0
 : 8
 : f778b61fdd9e25aaa04a67985b96b400

Event[366]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T10:54:28.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[367]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T10:54:28.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[368]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T10:55:33.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WERC2D3.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_09e6c2d3

 : 
  : 0
 : 5dbe397a-2d22-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[369]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T10:55:35.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124592881860,  5
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WERC2D3.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_09e6c2d3

 : 
  : 0
 : 5dbe397a-2d22-11e5-b6d3-d8cb8a158772
 : 0
 : a04dd425356fde41710427274378f4bb

Event[370]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-18T10:57:05.733
  Event ID: 513
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       OnIdentity()   "  ".

Details:
AddLegacyDriverFiles: Unable to back up image of binary  Microsoft LLDP.

System Error:
  .
.

Event[371]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-18T10:57:21.000
  Event ID: 8194
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    ( = C:\WINDOWS\system32\svchost.exe -k netsvcs;  =   Windows).

Event[372]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-18T10:57:43.904
  Event ID: 8300
  Task: N/A
  Level: 
  Opcode: 
  Keyword: Performance, 
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10.

Event[373]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-18T10:58:10.739
  Event ID: 8301
  Task: N/A
  Level: 
  Opcode: 
  Keyword: Performance, 
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10.

Event[374]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-18T10:58:10.739
  Event ID: 8302
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10.

Event[375]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-18T11:00:34.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[376]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T11:11:12.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : 8d158160-2d24-11e5-b6d3-d8cb8a158772
 : 262144
 : 

Event[377]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T11:11:12.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : 8d158161-2d24-11e5-b6d3-d8cb8a158772
 : 262144
 : 

Event[378]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T11:11:12.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER1489.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_3bce27fb4eac86f980189c437de8d1b29197077_00000000_cab_21fd1499

 : 
  : 0
 : 8d158160-2d24-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[379]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T11:11:12.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER14F8.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_ec9ea38c6cf24b80cc3b4841dee848e4c884419_00000000_cab_13e51506

 : 
  : 0
 : 8d158161-2d24-11e5-b6d3-d8cb8a158772
 : 4
 : 

Event[380]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T11:11:13.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124611576716,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER1489.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_3bce27fb4eac86f980189c437de8d1b29197077_00000000_228d195c

 : 
  : 0
 : 8d158160-2d24-11e5-b6d3-d8cb8a158772
 : 0
 : ca749ed0868b7026a91fe52d70614b8a

Event[381]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-18T11:49:11.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16386,  : 0x55a0791d
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x223c
   : 0x01d0c12cacb788db
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : c93f062d-d4c3-4bce-a70d-2166808f83fc
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[382]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T11:49:17.016
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[383]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T11:49:18.890
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[384]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T11:50:05.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133160633947,  5
 : MoAppCrash
:  
 CAB: 133169834686

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16386
P4: 55a0791d
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WERDCB6.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WERE959.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE9A8.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WEREFD4.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_8e3b25a6265054884e1542dd2465e0f2263c0_21351821_cab_2258ac99

 : 
  : 0
 : c93f062d-d4c3-4bce-a70d-2166808f83fc
 : 8
 : f7e759512803a2a0fdf87da8ec144192

Event[385]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T11:57:24.000
  Event ID: 6001
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      winlogon <Sens>.

Event[386]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T11:57:24.474
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 2 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 1016 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1016 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main


Event[387]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T11:57:25.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[388]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T11:57:30.000
  Event ID: 6001
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      winlogon <Sens>.

Event[389]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T11:57:31.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[390]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T11:57:30.641
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 39 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 740 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1016 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 740 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\MY
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 740 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 1224 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 756 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections


Event[391]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T11:58:49.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[392]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-18T11:58:49.000
  Event ID: 8225
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  -  ,    . 

Event[393]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T11:58:49.000
  Event ID: 2
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[394]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T11:58:49.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[395]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T11:58:49.438
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[396]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-18T11:59:24.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DSERGEY88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[397]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-18T11:59:24.146
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[398]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-18T11:59:30.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[399]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T11:59:31.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[400]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T11:59:30.175
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[401]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-18T11:59:35.864
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[402]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-18T11:59:43.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[403]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T11:59:49.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=TiWorker.exe

Event[404]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T11:59:50.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[405]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T11:59:51.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      .
 =explorer Component PPD License
 =5e3b56a1-653f-db4e-7bb6-ede0eb45da68

Event[406]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T11:59:51.000
  Event ID: 1034
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .  =Security-SPP-WriteWauMarker  =500

Event[407]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T11:59:51.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,        override-only.
 =(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Security-SPP-Reserved-EnableNotificationMode) (Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) 
 =55c92734-d682-4d71-983e-d6ec3f16059f
 SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Event[408]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T11:59:51.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[409]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T11:59:52.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[410]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:00:22.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-24T09:00:22Z. : RulesEngine.

Event[411]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:00:22.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[412]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T12:01:31.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[413]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-18T12:01:32.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[414]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T12:01:46.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[415]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:01:46.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[416]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:01:46.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[417]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:01:46.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[418]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:01:46.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[419]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-18T12:01:47.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[420]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T12:01:47.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (2216) Windows:    (0)  (10.00.10240.0000).

Event[421]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T12:01:47.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (2216) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.015, [3] 0.047, [4] 0.016, [5] 0.000, [6] 0.000, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000.

Event[422]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T12:01:47.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (2216) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.000, [3] 0.125, [4] 0.000, [5] 0.031, [6] 0.062, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[423]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-18T12:01:48.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[424]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:02:16.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-24T09:02:16Z. : RulesEngine.

Event[425]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-18T12:02:16.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[426]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T12:02:31.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124612150126,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WER14F8.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_ec9ea38c6cf24b80cc3b4841dee848e4c884419_00000000_04f71713

 : 
  : 0
 : 8d158161-2d24-11e5-b6d3-d8cb8a158772
 : 0
 : d2d77ae24560c907e2d96c2d6c0fc749

Event[427]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T12:06:25.351
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[428]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-18T12:06:25.501
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[429]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T12:37:28.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[430]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T12:37:28.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[431]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T13:44:28.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[432]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T14:40:00.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[433]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T14:40:05.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[434]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T14:40:05.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[435]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-18T14:40:11.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x1104
   : 0x01d0c13d648a1d9f
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 73dfdf51-4cf2-4e49-823e-cfe9cbff221f
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[436]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T14:40:17.733
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[437]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T14:41:16.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 133169945977

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WER72E3.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WER7778.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER77C7.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WER7F4A.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_cab_1b886c08

 : 
  : 0
 : 73dfdf51-4cf2-4e49-823e-cfe9cbff221f
 : 8
 : fa363cd0c4733be7f279278cfc870286

Event[438]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T14:46:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 7AA4B90A-8816-4CDE-A273-771FE17ED388
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : 944392fa-2d42-11e5-b6d4-d8cb8a158772
 : 262144
 : 

Event[439]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T14:46:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : 944392fb-2d42-11e5-b6d4-d8cb8a158772
 : 262144
 : 

Event[440]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T14:46:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERE56B.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_ec9ea38c6cf24b80cc3b4841dee848e4c884419_00000000_cab_23ece57a

 : 
  : 0
 : 944392fb-2d42-11e5-b6d4-d8cb8a158772
 : 4
 : 

Event[441]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T14:46:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 7AA4B90A-8816-4CDE-A273-771FE17ED388
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERE57A.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_eba645c6d61545c63fa24d934264982c6d97fb_00000000_cab_23f0e5a9

 : 
  : 0
 : 944392fa-2d42-11e5-b6d4-d8cb8a158772
 : 4
 : 

Event[442]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T14:46:10.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124612150126,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERE56B.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_ec9ea38c6cf24b80cc3b4841dee848e4c884419_00000000_2300eaaa

 : 
  : 0
 : 944392fb-2d42-11e5-b6d4-d8cb8a158772
 : 0
 : d2d77ae24560c907e2d96c2d6c0fc749

Event[443]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T14:46:11.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124603267911,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80246001
P3: 7AA4B90A-8816-4CDE-A273-771FE17ED388
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERE57A.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_eba645c6d61545c63fa24d934264982c6d97fb_00000000_2300ec7f

 : 
  : 0
 : 944392fa-2d42-11e5-b6d4-d8cb8a158772
 : 0
 : daaaf976a816a11980c000799f087911

Event[444]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T15:25:06.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[445]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T15:25:06.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[446]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-18T15:25:07.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : LockAppHost.exe, : 10.0.10240.16386,  : 0x55a06c1b
  : ntdll.dll, : 10.0.10240.16384,  : 0x559f384f
 : 0xc0000005
 : 0x0000000000035aeb
  : 0x3f4
   : 0x01d0c150f1259711
  : C:\Windows\System32\LockAppHost.exe
  : C:\WINDOWS\SYSTEM32\ntdll.dll
 : a94ba0ac-edba-4c0b-a193-727e0d52f7e7
   : 
 ,    : 

Event[447]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T15:25:08.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  120275773859,  4
 : APPCRASH
:  
 CAB: 0

 :
P1: LockAppHost.exe
P2: 10.0.10240.16386
P3: 55a06c1b
P4: ntdll.dll
P5: 10.0.10240.16384
P6: 559f384f
P7: c0000005
P8: 0000000000035aeb
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER918F.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER9624.tmp.appcompat.txt
memory.hdmp

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_LockAppHost.exe_baa9b869ef1b39bcab468b4ab28c7ba070e8c886_bb61e62c_0b0496cf

 : 
  : 0
 : a94ba0ac-edba-4c0b-a193-727e0d52f7e7
 : 4104
 : f778b61fdd9e25aaa04a67985b96b400

Event[448]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T15:26:07.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WER7E31.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_08597e41

 : 
  : 0
 : 29d3e94a-2d48-11e5-b6d4-d8cb8a158772
 : 4
 : 

Event[449]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T15:26:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124592881860,  5
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WER7E31.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_08597e41

 : 
  : 0
 : 29d3e94a-2d48-11e5-b6d4-d8cb8a158772
 : 0
 : a04dd425356fde41710427274378f4bb

Event[450]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T16:14:02.134
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[451]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T16:53:26.663
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[452]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T17:41:20.977
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[453]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T18:37:03.849
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[454]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T18:44:53.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[455]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:49:41.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212) {B5D04433-D3C5-4467-84D3-0A58F0E16F21}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[456]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:49:41.000
  Event ID: 455
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212) {B5D04433-D3C5-4467-84D3-0A58F0E16F21}:  -1032 (0xfffffbf8)     C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.

Event[457]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:49:51.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[458]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:49:51.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[459]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:01.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[460]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:01.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[461]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:11.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[462]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:11.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[463]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:22.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[464]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:22.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[465]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:32.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[466]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:32.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[467]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:42.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[468]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:42.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[469]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T20:50:47.657
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[470]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:53.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[471]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:50:53.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[472]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:51:03.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[473]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:51:03.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[474]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:51:13.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[475]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:51:13.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[476]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:51:24.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[477]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-18T20:51:24.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (1212)     ,         . ,      ,     ,     .  -1032.

Event[478]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T21:16:47.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[479]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-18T21:16:48.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[480]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T23:38:01.221
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[481]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-18T23:39:01.524
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[482]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-18T23:44:47.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[483]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T23:48:36.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C294&REV_1327
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER84AC.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_b3bd8e941f38d97bbe772a32c47d45f9555837_00000000_cab_1bad84bb

 : 
  : 0
 : 5bf83f42-2d8e-11e5-b6d4-d8cb8a158772
 : 4
 : 

Event[484]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-18T23:48:37.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  -327195679,  5
 : PnPGenericDriverFound
:  
 CAB: 0

 :
P1: x64
P2: USB\VID_046D&PID_C294&REV_1327
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER84AC.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_b3bd8e941f38d97bbe772a32c47d45f9555837_00000000_05e9899d

 : 
  : 0
 : 5bf83f42-2d8e-11e5-b6d4-d8cb8a158772
 : 0
 : 94ec32fff25d57fb162b985be3a17972

Event[485]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-19T00:18:04.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x2514
   : 0x01d0c1821f320a5b
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : c0f63b92-f037-40e8-a805-66e0c3d7f1c1
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[486]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T00:18:05.178
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[487]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T00:18:14.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WER90BE.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WER996A.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BFB.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WERA4D6.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_1390a5fc

 : 
  : 0
 : c0f63b92-f037-40e8-a805-66e0c3d7f1c1
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[488]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T00:18:15.607
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[489]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T00:18:16.566
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[490]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T00:18:17.301
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[491]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T03:30:16.760
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[492]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:21.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=OLicenseHeartbeat.exe

Event[493]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:22.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[494]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:22.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[495]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:22.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[496]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:22.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,        override-only.
 =(Security-SPP-Reserved-EnableNotificationMode) 
 =0ff1ce15-a989-479d-af46-f275c6370663
 SKU=a24cca51-3d54-4c41-8a76-4031f5338cb2

Event[497]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:22.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =0ff1ce15-a989-479d-af46-f275c6370663
 =
1: a24cca51-3d54-4c41-8a76-4031f5338cb2, 1, 0 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: b13afb38-cd79-4ae5-9f7f-eed058d750ca, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[498]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:55.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-25T00:30:55Z. : RulesEngine.

Event[499]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T03:30:55.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[500]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T03:59:02.073
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[501]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T07:38:05.749
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[502]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T07:38:17.760
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[503]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T07:38:38.344
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[504]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-19T07:44:13.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[505]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T07:49:20.374
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[506]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T08:46:19.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=Explorer.EXE

Event[507]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T08:46:20.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[508]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T08:46:20.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[509]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T08:46:20.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[510]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T08:46:50.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-25T05:46:50Z. : RulesEngine.

Event[511]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T08:46:50.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[512]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T08:59:19.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[513]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T08:59:20.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[514]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T09:06:10.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[515]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T09:06:10.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[516]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-19T09:06:16.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x28ac
   : 0x01d0c1e90067f912
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : c19dc197-6c53-4beb-bfd1-682a4ced990f
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[517]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T09:06:18.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WER12C2.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WER1767.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1833.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WER193D.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_1ffc194a

 : 
  : 0
 : c19dc197-6c53-4beb-bfd1-682a4ced990f
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[518]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T09:06:20.440
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[519]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T10:31:06.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 8024000b
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : 1d804b61-2de8-11e5-b6d4-d8cb8a158772
 : 262144
 : 

Event[520]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T10:31:06.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 8024000b
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :

    :


 : 
  : 0
 : 1d804b62-2de8-11e5-b6d4-d8cb8a158772
 : 262144
 : 

Event[521]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T10:31:06.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 8024000b
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERBD63.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_7c689622187ccc1c972174c8cc92be9a73fe82_00000000_cab_1c45bd73

 : 
  : 0
 : 1d804b62-2de8-11e5-b6d4-d8cb8a158772
 : 4
 : 

Event[522]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T10:31:06.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 8024000b
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERBD73.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.10240.16389_17821123b06a65a3d479b553d7a9ca49379caeb8_00000000_cab_0dcdbd82

 : 
  : 0
 : 1d804b61-2de8-11e5-b6d4-d8cb8a158772
 : 4
 : 

Event[523]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T10:31:09.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124612157988,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 8024000b
P3: CFA351DB-77C9-4863-8341-1996E56D4489
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERBD63.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_7c689622187ccc1c972174c8cc92be9a73fe82_00000000_23ddc88f

 : 
  : 0
 : 1d804b62-2de8-11e5-b6d4-d8cb8a158772
 : 0
 : 2cf5fa3a593a05730e292325d1a272b5

Event[524]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T10:31:10.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124611589389,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 8024000b
P3: 8F42F47B-7180-4E47-B69A-36844E5D100E
P4: Download
P5: 1
P6: 0
P7: 0
P8: WSAutoUpdate
P9: {855E8A7C-ECB4-4CA3-B045-1DFA50104289}
P10: 0

 :
C:\Windows\Temp\WERBD73.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_17821123b06a65a3d479b553d7a9ca49379caeb8_00000000_23ddca44

 : 
  : 0
 : 1d804b61-2de8-11e5-b6d4-d8cb8a158772
 : 0
 : 33ef12ecc3bdefea80d6c6cac9c76ae6

Event[525]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T11:22:01.105
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[526]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-19T12:44:04.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[527]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-19T13:12:14.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[528]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T13:13:05.189
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[529]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T13:13:08.280
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[530]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-19T13:14:01.431
  Event ID: 513
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       OnIdentity()   "  ".

Details:
AddLegacyDriverFiles: Unable to back up image of binary  Microsoft LLDP.

System Error:
  .
.

Event[531]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-19T13:14:17.000
  Event ID: 8194
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    ( = C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\IKernel.exe -Embedding;  =    ).

Event[532]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-19T13:14:43.336
  Event ID: 8300
  Task: N/A
  Level: 
  Opcode: 
  Keyword: Performance, 
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11.

Event[533]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-19T13:15:20.736
  Event ID: 8301
  Task: N/A
  Level: 
  Opcode: 
  Keyword: Performance, 
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11.

Event[534]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-19T13:15:20.736
  Event ID: 8302
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11.

Event[535]:
  Log Name: Application
  Source: Microsoft-Windows-Winsrv
  Date: 2015-07-19T13:15:25.870
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
     : balabolka.exe.

Event[536]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T13:15:32.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[537]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-19T13:15:32.905
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 39 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 2052 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1164 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 368 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 2052 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1164 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\MY
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\MY
Process 2052 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1164 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections


Event[538]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-19T13:15:43.529
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 102 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 4088 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 688 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\WindowSizing
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Keyboard Layout\Toggle
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\Assemblies
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\StartupNotify
Process 688 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\DWM
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ImmersiveShell\PersistedApplicationData\Volatile
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Accent
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Control Panel\International\User Profile
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{9E04CAB2-CC14-11DF-BB8C-A2F1DED72085}\Count
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\Root
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\PageSetup
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\AppDataLow\Software\Microsoft\RepService
Process 620 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Control Panel\International
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Keyboard Layout\Preload
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\SortOrder
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 368 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\CA
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Control Panel\Input Method\Hot Keys
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{B267E3AD-A825-4A09-82B9-EEC22AA3B847}\Count
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{A3D53349-6E61-4557-8FC7-0028EDCEEBF6}\Count
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F2A1CB5A-E3CC-4A2E-AF9D-505A7009D442}\Count
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\Positions
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CAA59E3C-4792-41A5-9909-6A6A8D32490E}\Count
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\Shell
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Skydrive\Controller
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Control Panel\Desktop
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Keyboard Layout
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\TIP
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SoftLanding
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\trust
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\Printers
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{FA99DFC7-6AC2-453A-A5E2-5E2AFF4507BD}\Count
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\VirtualDesktops
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Security
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ModeTriggerCachedKey
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VirtualDesktops
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\PlayToReceiver
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\AppDataLow
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\MSF\Registration\Listen
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\GameBar
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\DirectSwitchHotkeys


Event[539]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-19T13:15:43.687
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 26 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002_Classes:
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 4088 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 4088 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 3536 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 2704 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache
Process 4088 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\ActivatableClasses
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\ActivatableClasses
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\CLSID
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\MIME\Database\Content Type\text/html
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root
Process 3768 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage
Process 4460 (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage


Event[540]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T13:20:21.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[541]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T13:20:59.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[542]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T13:21:00.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[543]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-19T13:21:54.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[544]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:19:03.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[545]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:19:04.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[546]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:19:04.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[547]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-19T15:19:07.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x22e4
   : 0x01d0c20ca33b084b
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 9b63d9c2-3b82-41eb-bd58-29ab6e912900
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[548]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T15:19:16.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER75B7.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER875C.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER88F3.tmp.hdmp
C:\Users\dsergey88\AppData\Local\Temp\WER8FCA.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_22059025

 : 
  : 0
 : 9b63d9c2-3b82-41eb-bd58-29ab6e912900
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[549]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T15:19:16.524
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[550]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T15:19:18.620
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[551]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T15:34:39.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  -1497299926,  5
 : WPNConnectionFailure
:  
 CAB: 0

 :
P1: Data Reconnect
P2: 8804038d
P3: WNS
P4: IPv4
P5: None
P6: LAN
P7: 1
P8: 203
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\wpn_6218208485850896483.evtx
C:\Users\dsergey88\AppData\Local\Temp\WER9EA8.tmp.WERInternalMetadata.xml

    :


 : 
  : 0
 : 840d6bf5-2e12-11e5-b6d4-d8cb8a158772
 : 0
 : 4a44c1f3af8cf8257ff65506de27bd8d

Event[552]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T15:39:56.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  -1497299926,  5
 : WPNConnectionFailure
:  
 CAB: 0

 :
P1: Data Reconnect
P2: 8804038d
P3: WNS
P4: IPv4
P5: None
P6: LAN
P7: 1
P8: 203
P9: 
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\wpn_9926183243078827945.evtx
C:\Users\Deti\AppData\Local\Temp\WER6DFB.tmp.WERInternalMetadata.xml

    :


 : 
  : 0
 : 40062792-2e13-11e5-b6d4-d8cb8a158772
 : 0
 : 4a44c1f3af8cf8257ff65506de27bd8d

Event[553]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:46:50.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[554]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:46:50.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[555]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:53:32.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[556]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:53:32.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[557]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-19T15:53:33.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x1490
   : 0x01d0c221e1a237d7
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 92e423a4-9d7f-4b40-a54b-1fc46080ae2c
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[558]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T15:53:35.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERF4D4.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WERFB8B.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBAC.tmp.hdmp
C:\Users\dsergey88\AppData\Local\Temp\WERFCB6.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_1a4cfcc3

 : 
  : 0
 : 92e423a4-9d7f-4b40-a54b-1fc46080ae2c
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[559]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T15:53:38.088
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[560]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:58:07.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[561]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:58:07.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[562]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T15:59:29.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=SystemSettings.exe

Event[563]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T15:59:30.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[564]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T15:59:30.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[565]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T15:59:30.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[566]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:59:54.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[567]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T15:59:55.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[568]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T16:00:00.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-25T13:00:00Z. : RulesEngine.

Event[569]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-19T16:00:00.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[570]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T16:18:00.947
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[571]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T16:51:18.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[572]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T16:51:18.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[573]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-19T17:44:26.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[574]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-19T17:54:42.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x2a30
   : 0x01d0c21d1b78af7f
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 138a90e0-416a-4a05-b798-3e48d154655f
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[575]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T17:54:45.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WERDEA0.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WERE78A.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE7BA.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WERE8E4.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_01f7e8f1

 : 
  : 0
 : 138a90e0-416a-4a05-b798-3e48d154655f
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[576]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T17:56:45.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133163276145,  5
 : MoAppHang
:  
 CAB: 133170974462

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: 2264
P6: 4194304
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WERB3CE.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WERBAC6.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Microsoft.Window_b6ee29e2aeedc8e6b2a7aafaee6db2f129747_21351821_cab_1d19bc98

 : 
  : 0
 : 5d514a26-2e26-11e5-b6d4-d8cb8a158772
 : 8
 : fa15afe3c052b9cc6b9a3877e4ee662c

Event[577]:
  Log Name: Application
  Source: Application Hang
  Date: 2015-07-19T17:56:45.000
  Event ID: 1002
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 ShellExperienceHost.exe  10.0.10240.16391    Windows   .  ,      ,      "  "   .
  : 920
  : 01d0c232d9eaa6a2
  : 4294967295
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : 5d514a26-2e26-11e5-b6d4-d8cb8a158772
    : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
  ,    : App 


Event[578]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T17:56:44.611
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :      ..   .   Microsoft-Windows-TWinUI/Operational.

Event[579]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T17:56:44.700
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[580]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T17:56:44.771
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[581]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T18:07:01.365
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[582]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T18:50:10.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[583]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T18:50:11.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[584]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-19T19:01:22.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x2674
   : 0x01d0c23a9ee6f316
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : f3e8ebc9-3c9b-40c3-93d6-bb5fc0caa2c7
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[585]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T19:01:33.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[586]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T19:01:33.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[587]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-19T19:01:38.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x20c4
   : 0x01d0c23c2a812fb7
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 6ec902b7-92d8-4139-81ce-3027b3a5674a
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[588]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T19:01:47.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WER246B.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WER486E.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER488F.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WER493C.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_23b94948

 : 
  : 0
 : 6ec902b7-92d8-4139-81ce-3027b3a5674a
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[589]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-19T19:01:49.832
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[590]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-19T19:01:58.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133163248312,  5
 : MoAppCrash
:  
 CAB: 133171024081

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 802b000a
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WERE61A.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WEREC83.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECC3.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WERED70.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_43372d57869234e723815c95908a43cfd9c1f_21351821_cab_2399746f

 : 
  : 0
 : f3e8ebc9-3c9b-40c3-93d6-bb5fc0caa2c7
 : 8
 : b969acce95e1f4c0de2c5948d2ecb5cc

Event[591]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T19:16:21.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[592]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T19:16:21.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[593]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T19:27:27.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[594]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-19T19:27:27.282
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 1 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 368 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall


Event[595]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-19T19:27:36.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[596]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-19T22:44:39.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[597]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-19T22:59:07.617
  Event ID: 10000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  3 - ?2015?-?07?-?19T19:59:07.617064000Z.

Event[598]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-19T22:59:33.260
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  3,  ?2015?-?07?-?19T19:59:07.617064000Z.

Event[599]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T07:52:08.180
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Photos_8wekyb3d8bbwe!App. :      ..   .   Microsoft-Windows-TWinUI/Operational.

Event[600]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:01:53.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=OLicenseHeartbeat.exe

Event[601]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:01:53.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[602]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:01:53.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[603]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:01:53.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[604]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:01:53.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =0ff1ce15-a989-479d-af46-f275c6370663
 =
1: a24cca51-3d54-4c41-8a76-4031f5338cb2, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: b13afb38-cd79-4ae5-9f7f-eed058d750ca, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[605]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:02:24.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-26T05:02:24Z. : RulesEngine.

Event[606]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:02:24.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[607]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:03:10.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=wmiprvse.exe

Event[608]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:03:10.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[609]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:03:10.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[610]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:03:10.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[611]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:03:11.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]



Event[612]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:04:03.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-26T05:04:03Z. : RulesEngine.

Event[613]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T08:04:03.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[614]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-20T08:44:29.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[615]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-20T08:45:32.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : LockAppHost.exe, : 10.0.10240.16386,  : 0x55a06c1b
  : ntdll.dll, : 10.0.10240.16384,  : 0x559f384f
 : 0xc0000005
 : 0x0000000000035aeb
  : 0x115c
   : 0x01d0c2aeb6617597
  : C:\Windows\System32\LockAppHost.exe
  : C:\WINDOWS\SYSTEM32\ntdll.dll
 : c43b552e-c69e-4a99-9d84-c76d8e057e96
   : 
 ,    : 

Event[616]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T08:45:34.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  120275773859,  4
 : APPCRASH
:  
 CAB: 0

 :
P1: LockAppHost.exe
P2: 10.0.10240.16386
P3: 55a06c1b
P4: ntdll.dll
P5: 10.0.10240.16384
P6: 559f384f
P7: c0000005
P8: 0000000000035aeb
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER73B0.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER7A0A.tmp.appcompat.txt
memory.hdmp

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_LockAppHost.exe_baa9b869ef1b39bcab468b4ab28c7ba070e8c886_bb61e62c_1b9b7a67

 : 
  : 0
 : c43b552e-c69e-4a99-9d84-c76d8e057e96
 : 4104
 : f778b61fdd9e25aaa04a67985b96b400

Event[617]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T08:45:35.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  128871790467,  5
 : FaultTolerantHeap
:  
 CAB: 0

 :
P1: LockAppHost.exe
P2: 10.0.10240.16386
P3: 55A06C1B
P4: ffffbaad
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FTH7362.tmp\fthempty.txt
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER7373.tmp.WERInternalMetadata.xml

    :


 : 
  : 0
 : 889a0896-2ea2-11e5-b6d4-d8cb8a158772
 : 0
 : a615d79531f403171251b6083874f7e9

Event[618]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T09:17:23.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[619]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T09:17:24.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[620]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T09:17:25.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[621]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-20T09:17:30.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x1d30
   : 0x01d0c222b72eb28c
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 172fc123-8abf-4d04-92bb-6ee9493cc8e7
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[622]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T09:17:34.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERBD30.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WERC1E4.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC281.tmp.hdmp
C:\Users\dsergey88\AppData\Local\Temp\WERC82F.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_2e58c83c

 : 
  : 0
 : 172fc123-8abf-4d04-92bb-6ee9493cc8e7
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[623]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T09:17:37.135
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[624]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T11:20:22.846
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[625]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T11:36:41.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[626]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T11:36:41.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[627]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T13:17:20.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[628]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T13:17:20.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[629]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T13:18:07.849
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[630]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T14:12:01.135
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[631]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T14:20:29.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[632]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T14:20:29.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[633]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-20T14:44:16.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[634]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T15:21:03.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[635]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T15:21:03.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[636]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T15:59:01.011
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[637]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T16:15:01.752
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[638]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T17:21:39.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[639]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T17:21:40.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[640]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T18:58:44.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[641]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T18:58:44.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[642]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T19:12:52.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[643]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T19:12:52.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[644]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T19:29:13.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[645]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T19:29:13.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[646]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T19:37:01.083
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[647]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-20T19:44:57.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[648]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T19:53:56.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[649]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T19:53:57.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[650]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T19:58:18.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  128875494462,  5
 : RADAR_PRE_LEAK_64
:  
 CAB: 0

 :
P1: explorer.exe
P2: 10.0.10240.16390
P3: 10.0.10240.2.0.0
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\RDR568F.tmp\empty.txt
C:\Users\dsergey88\AppData\Local\Temp\WER5690.tmp.WERInternalMetadata.xml

    :


 : 
  : 0
 : 82b23dfb-2f00-11e5-b6d4-d8cb8a158772
 : 0
 : bf71ee2ada41a8c5e3ebb8332b7f780c

Event[651]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T20:04:52.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[652]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T20:04:52.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[653]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:18:01.532
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[654]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-20T20:23:31.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x2664
   : 0x01d0c2c85ac8f81b
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 912934e5-f2ba-4c0a-9f6d-851f47090fb6
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[655]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:23:30.786
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[656]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T20:23:32.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WER77B3.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER7C19.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C3A.tmp.hdmp
C:\Users\dsergey88\AppData\Local\Temp\WER7DD1.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_210a7dde

 : 
  : 0
 : 912934e5-f2ba-4c0a-9f6d-851f47090fb6
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[657]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:23:34.970
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[658]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T20:40:30.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[659]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-20T20:40:30.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[660]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:44:25.013
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail. :     .   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[661]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:45:03.045
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[662]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-20T20:48:24.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x1dc8
   : 0x01d0c2b3c19b0131
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 5b5508af-98f2-4935-a531-1f33adc61ef2
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[663]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T20:48:28.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\Deti\AppData\Local\Temp\WER42F8.tmp.WERInternalMetadata.xml
C:\Users\Deti\AppData\Local\Temp\WER5056.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5096.tmp.hdmp
C:\Users\Deti\AppData\Local\Temp\WER5152.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_1c59516f

 : 
  : 0
 : 5b5508af-98f2-4935-a531-1f33adc61ef2
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[664]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:48:28.780
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[665]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:48:28.857
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[666]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:48:28.924
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[667]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:48:30.882
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[668]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T20:48:31.012
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[669]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T21:03:02.998
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[670]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-20T21:41:01.079
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[671]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T21:48:06.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=Explorer.EXE

Event[672]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T21:48:07.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[673]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T21:48:07.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[674]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T21:48:07.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[675]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T21:48:37.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-26T18:48:37Z. : RulesEngine.

Event[676]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T21:48:37.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[677]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T22:08:38.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : PnPDriverNotFound
:  
 CAB: 0

 :
P1: x64
P2: USBPRINT\CanonLBP2900287A
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\DMIB508.tmp.log.xml
C:\Users\dsergey88\AppData\Local\Temp\WERB557.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_e2678e2f5ab83f9b43f1f5d2fad08f4f81655ce3_00000000_cab_281eb565

 : 
  : 0
 : b998e624-2f12-11e5-b6d4-d8cb8a158772
 : 4
 : 

Event[678]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-20T22:08:41.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  -1477437669,  5
 : PnPDriverNotFound
: http://oca.microsoft.com/resredir.aspx?SID=21511&iBucketTable=5&iBucket=-1477437669&BucketHash=4dc9e8acd14751cdde5dcba6d9fcaf64
 CAB: 0

 :
P1: x64
P2: USBPRINT\CanonLBP2900287A
P3: 
P4: 
P5: 
P6: 
P7: 
P8: 
P9: 
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\DMIB508.tmp.log.xml
C:\Users\dsergey88\AppData\Local\Temp\WERB557.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_e2678e2f5ab83f9b43f1f5d2fad08f4f81655ce3_00000000_20a6c072

 : 
  : 0
 : b998e624-2f12-11e5-b6d4-d8cb8a158772
 : 0
 : 4dc9e8acd14751cdde5dcba6d9fcaf64

Event[679]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T23:20:52.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=EXCEL.EXE

Event[680]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T23:20:52.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[681]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T23:20:52.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[682]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T23:20:52.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[683]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T23:20:52.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =0ff1ce15-a989-479d-af46-f275c6370663
 =
1: a24cca51-3d54-4c41-8a76-4031f5338cb2, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: b13afb38-cd79-4ae5-9f7f-eed058d750ca, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[684]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T23:21:23.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-26T20:21:23Z. : RulesEngine.

Event[685]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-20T23:21:23.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[686]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:25:20.151
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[687]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:25:20.151
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[688]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:25:28.255
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[689]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:25:28.565
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[690]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:25:29.166
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[691]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:25:29.389
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[692]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:25:52.532
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[693]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:25:59.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[694]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:26:09.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[695]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:26:19.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[696]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:26:29.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[697]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:26:39.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[698]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:26:49.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[699]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:26:59.000
  Event ID: 490
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb"    ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[700]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:09.000
  Event ID: 489
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:     "C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log"   ,   32 (0x00000020): "      ,       . ".      , : -1032 (0xfffffbf8).

Event[701]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:09.000
  Event ID: 455
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:  -1032 (0xfffffbf8)     C:\Users\dsergey88\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.

Event[702]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:09.000
  Event ID: 454
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296) {BBA227B2-0EB1-424B-9573-586C0474979C}:      .   -1032.

Event[703]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:19.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[704]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:19.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[705]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:29.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[706]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:29.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[707]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:40.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[708]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:40.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[709]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:50.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[710]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:27:50.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[711]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:00.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[712]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:00.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[713]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:11.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[714]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:11.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[715]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:28:21.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=rundll32.exe

Event[716]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:21.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[717]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:21.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[718]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:28:21.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[719]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:28:21.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[720]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:28:21.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[721]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:31.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[722]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:31.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[723]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:42.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[724]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:42.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[725]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:52.000
  Event ID: 488
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     "C:\WINDOWS\system32\edbtmp.log",   5 (0x00000005): "  . ".      , : -1032 (0xfffffbf8).

Event[726]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T08:28:52.000
  Event ID: 413
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SettingSyncHost (2296)     ,         . ,      ,     ,     .  -1032.

Event[727]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:28:53.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T05:28:53Z. : RulesEngine.

Event[728]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:28:53.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[729]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:33:10.296
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[730]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T08:33:22.318
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :         ..   .   Microsoft-Windows-TWinUI/Operational.

Event[731]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:35:18.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=OLicenseHeartbeat.exe

Event[732]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:35:18.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[733]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:35:18.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[734]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:35:18.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[735]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:35:18.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =0ff1ce15-a989-479d-af46-f275c6370663
 =
1: a24cca51-3d54-4c41-8a76-4031f5338cb2, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: b13afb38-cd79-4ae5-9f7f-eed058d750ca, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[736]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:35:48.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T05:35:48Z. : RulesEngine.

Event[737]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T08:35:48.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[738]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T08:43:59.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[739]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T08:43:59.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[740]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T08:44:57.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[741]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T09:01:01.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[742]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T09:01:01.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[743]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T09:01:06.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : Windows.UI.Xaml.dll, : 10.0.10240.16389,  : 0x55a46bfc
 : 0xc000027b
 : 0x0000000000482ed7
  : 0x2cb0
   : 0x01d0c37a9cba920d
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : ca801900-2411-41c9-95a6-9f9f79f5ff0f
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[744]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T09:01:08.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_15dc16f6

 : 
  : 0
 : ca801900-2411-41c9-95a6-9f9f79f5ff0f
 : 4196
 : 

Event[745]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T09:01:10.551
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[746]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T09:01:29.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_15dc16f6

 : 
  : 0
 : ca801900-2411-41c9-95a6-9f9f79f5ff0f
 : 96
 : 

Event[747]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T09:22:02.231
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[748]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T09:28:44.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[749]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T09:30:57.756
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[750]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T09:30:57.887
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[751]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T09:30:57.969
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[752]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T09:31:04.045
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[753]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T09:32:59.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[754]:
  Log Name: Application
  Source: Microsoft-Windows-Defrag
  Date: 2015-07-21T09:37:20.000
  Event ID: 258
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
         OC (C:)

Event[755]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T11:00:03.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133162757946,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Windows\Temp\WERF766.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3da0ffdbd6fea5dd399f5b21d864c5a9104842e_21351821_1248f776

 : 
  : 0
 : ca801900-2411-41c9-95a6-9f9f79f5ff0f
 : 4104
 : fa363cd0c4733be7f279278cfc870286

Event[756]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T11:13:01.074
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[757]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-21T11:16:12.000
  Event ID: 8216
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    ( = C:\WINDOWS\system32\svchost.exe -k netsvcs;  =   Windows),       ,  .

Event[758]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T11:19:12.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[759]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:24:53.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[760]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:24:53.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[761]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:25:11.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[762]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T11:25:10.827
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 43 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 5108 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Keyboard Layout\Toggle
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\Assemblies
Process 5108 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\DWM
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Control Panel\International\User Profile
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\Root
Process 2516 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Control Panel\International
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Keyboard Layout\Preload
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\SortOrder
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 368 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\CA
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Control Panel\Input Method\Hot Keys
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\Keyboard Layout
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\TIP
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\trust
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1384 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\CTF\DirectSwitchHotkeys


Event[763]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T11:25:11.066
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 4 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002_Classes:
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 5236 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES
Process 8092 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002_CLASSES\ActivatableClasses


Event[764]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:25:12.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <TrustedInstaller>.

Event[765]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:25:20.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[766]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:25:39.000
  Event ID: 6001
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      winlogon <Sens>.

Event[767]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:25:39.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[768]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T11:25:39.253
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 33 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1744 (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 368 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\MY
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 748 (\Device\HarddiskVolume4\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 80 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections


Event[769]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T11:26:44.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[770]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T11:26:44.000
  Event ID: 8225
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  -  ,    . 

Event[771]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T11:26:44.528
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[772]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T11:27:53.324
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[773]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T11:27:58.172
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[774]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-21T11:28:01.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[775]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T11:28:02.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[776]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T11:28:07.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[777]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T11:28:10.427
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[778]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:14.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=TiWorker.exe

Event[779]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:16.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[780]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:16.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      .
 =ClipService Component PPD License
 =8f2a5247-8b75-c861-e6fc-881d7732791b

Event[781]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:16.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      .
 =explorer Component PPD License
 =5e3b56a1-653f-db4e-7bb6-ede0eb45da68

Event[782]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:17.000
  Event ID: 1034
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .  =Security-SPP-WriteWauMarker  =500

Event[783]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:17.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,        override-only.
 =(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Security-SPP-Reserved-EnableNotificationMode) (Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) 
 =55c92734-d682-4d71-983e-d6ec3f16059f
 SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Event[784]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:17.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[785]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:17.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[786]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:47.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T08:28:47Z. : RulesEngine.

Event[787]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:28:47.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[788]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T11:30:02.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[789]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T11:30:03.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[790]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T11:30:11.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[791]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:30:11.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[792]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:30:12.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[793]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:30:12.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[794]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:30:12.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[795]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T11:30:12.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[796]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T11:30:13.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (3772) Windows:    (0)  (10.00.10240.0000).

Event[797]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T11:30:13.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (3772) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.032, [4] 0.062, [5] 0.000, [6] 0.000, [7] 0.031, [8] 0.000, [9] 0.000, [10] 0.000.

Event[798]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T11:30:13.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (3772) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.016, [3] 0.125, [4] 0.000, [5] 0.031, [6] 0.047, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[799]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T11:30:14.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[800]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:30:42.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T08:30:42Z. : RulesEngine.

Event[801]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T11:30:42.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[802]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:32:48.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[803]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T11:32:49.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[804]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T11:33:35.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[805]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T11:34:36.693
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[806]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T11:34:36.888
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[807]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T13:19:33.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[808]:
  Log Name: Application
  Source: gupdatem
  Date: 2015-07-21T13:19:33.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[809]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T13:44:55.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[810]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:02:28.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=Explorer.EXE

Event[811]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:02:28.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[812]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:02:28.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[813]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:02:28.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[814]:
  Log Name: Application
  Source: Microsoft-Windows-Backup
  Date: 2015-07-21T14:02:40.001
  Event ID: 753
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
       .

Event[815]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:02:58.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T11:02:58Z. : RulesEngine.

Event[816]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:02:58.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[817]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T14:05:59.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[818]:
  Log Name: Application
  Source: Microsoft-Windows-Backup
  Date: 2015-07-21T14:12:40.004
  Event ID: 754
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
     .

Event[819]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T14:18:02.354
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 2156 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1172 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 376 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 2156 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1172 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2156 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1172 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[820]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T14:18:02.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[821]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T14:18:03.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[822]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T14:18:03.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[823]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T14:18:03.111
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[824]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T14:21:33.625
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[825]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T14:21:34.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[826]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T14:21:39.788
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[827]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T14:21:42.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[828]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T14:21:42.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[829]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-21T14:21:42.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[830]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T14:21:49.247
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[831]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T14:21:59.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[832]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T14:21:59.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[833]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T14:22:14.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4804) Windows:    (0)  (10.00.10240.0000).

Event[834]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T14:22:14.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4804) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.047, [4] 0.062, [5] 0.000, [6] 0.000, [7] 0.047, [8] 0.000, [9] 0.000, [10] 0.000.

Event[835]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T14:22:15.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4804) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.047, [3] 0.000, [4] 0.000, [5] 0.297, [6] 0.000, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[836]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T14:22:16.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[837]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T14:22:44.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[838]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T14:23:42.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[839]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T14:23:43.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[840]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T14:23:44.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[841]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:23:45.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[842]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T14:23:46.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[843]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:23:46.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[844]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:23:46.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[845]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:23:46.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[846]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:24:16.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T11:24:16Z. : RulesEngine.

Event[847]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T14:24:17.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[848]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T14:27:46.977
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[849]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T14:27:47.113
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[850]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T15:21:02.047
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 2132 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1192 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 324 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 2132 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1192 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2132 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1192 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[851]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:21:02.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[852]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:21:07.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[853]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:21:07.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[854]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T15:22:44.537
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp. :         ..   .   Microsoft-Windows-TWinUI/Operational.

Event[855]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T15:22:58.823
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 1 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 324 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall


Event[856]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:22:59.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[857]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T15:23:00.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[858]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T15:23:00.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[859]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T15:23:00.386
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[860]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T15:23:40.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DSERGEY88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[861]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T15:23:40.388
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[862]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T15:23:42.652
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[863]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T15:23:43.571
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[864]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T15:23:45.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[865]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T15:23:45.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[866]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-21T15:23:47.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[867]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:23:57.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[868]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:23:58.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[869]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:24:14.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4652) Windows:    (0)  (10.00.10240.0000).

Event[870]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:24:15.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4652) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.172, [4] 0.078, [5] 0.000, [6] 0.000, [7] 0.016, [8] 0.000, [9] 0.016, [10] 0.000.

Event[871]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:24:15.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4652) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.047, [3] 0.000, [4] 0.000, [5] 0.594, [6] 0.078, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[872]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T15:24:18.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[873]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T15:24:45.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[874]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:25:08.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[875]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:25:14.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[876]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:25:15.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[877]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T15:25:24.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16393,  : 0x55a9d38f
  : Windows.UI.Xaml.dll, : 10.0.10240.16393,  : 0x55a9d318
 : 0xc000027b
 : 0x0000000000483197
  : 0x12d8
   : 0x01d0c3b028c419ed
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : 61994c25-6479-421f-abf2-e6e3db739f15
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[878]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T15:25:42.894
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[879]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T15:25:45.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[880]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T15:25:46.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[881]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T15:25:49.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[882]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T15:25:50.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[883]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T15:25:51.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[884]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T15:25:54.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERF548.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER478F.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\triagedump.dmp
WERGenerationLog.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada

 : 
  : 0
 : 61994c25-6479-421f-abf2-e6e3db739f15
 : 100
 : 

Event[885]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:25:55.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[886]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T15:25:55.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[887]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T15:25:54.532
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[888]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T15:25:54.719
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 18 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\Root
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 84 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\CA
Process 852 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 852 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\trust
Process 1008 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 852 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main


Event[889]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T15:25:55.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[890]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T15:25:56.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[891]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T15:25:56.623
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[892]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:26:04.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[893]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T15:26:15.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERF548.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER478F.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\triagedump.dmp
WERGenerationLog.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada

 : 
  : 0
 : 61994c25-6479-421f-abf2-e6e3db739f15
 : 96
 : 

Event[894]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T15:26:53.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T12:26:53Z. : RulesEngine.

Event[895]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T15:26:53.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[896]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T15:27:03.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERF548.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER478F.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\triagedump.dmp
WERGenerationLog.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada

 : 
  : 0
 : 61994c25-6479-421f-abf2-e6e3db739f15
 : 96
 : 

Event[897]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:27:59.000
  Event ID: 1002
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   ,   "explorer.exe"  .

Event[898]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T15:30:10.400
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[899]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T15:30:10.491
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[900]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:38:45.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (5164) Windows:    (0)  (10.00.10240.0000).

Event[901]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:38:45.000
  Event ID: 300
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (5164) Windows:     .

Event[902]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:38:45.000
  Event ID: 301
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (5164) Windows:      C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log.

Event[903]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:38:45.000
  Event ID: 302
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (5164) Windows:    .

Event[904]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:38:45.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (5164) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.016, [3] 0.000, [4] 0.000, [5] 0.219, [6] 0.078, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.

Event[905]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T15:38:45.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (5164) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.000, [3] 0.016, [4] 0.000, [5] 0.015, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[906]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T15:38:46.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[907]:
  Log Name: Application
  Source: Microsoft-Windows-Winsrv
  Date: 2015-07-21T15:46:07.128
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
     : balabolka.exe.

Event[908]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:46:13.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[909]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T15:46:12.471
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 4 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 84 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[910]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:46:19.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[911]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T15:46:19.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[912]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T16:55:49.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=Explorer.EXE

Event[913]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T16:55:49.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[914]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T16:55:49.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[915]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T16:55:49.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[916]:
  Log Name: Application
  Source: Microsoft-Windows-Backup
  Date: 2015-07-21T16:56:12.672
  Event ID: 753
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
       .

Event[917]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T16:56:19.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T13:56:19Z. : RulesEngine.

Event[918]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T16:56:19.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[919]:
  Log Name: Application
  Source: Microsoft-Windows-CAPI2
  Date: 2015-07-21T16:56:53.349
  Event ID: 513
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       OnIdentity()   "  ".

Details:
AddLegacyDriverFiles: Unable to back up image of binary  Microsoft LLDP.

System Error:
  .
.

Event[920]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-21T16:57:13.269
  Event ID: 8300
  Task: N/A
  Level: 
  Opcode: 
  Keyword: Performance, 
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12.

Event[921]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-21T16:57:21.000
  Event ID: 8215
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     ( =  ).

Event[922]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-21T16:57:21.000
  Event ID: 8199
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   : (   ).

Event[923]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-21T16:57:21.061
  Event ID: 8301
  Task: N/A
  Level: 
  Opcode: 
  Keyword: Performance, 
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12.

Event[924]:
  Log Name: Application
  Source: Microsoft-Windows-System-Restore
  Date: 2015-07-21T16:57:21.061
  Event ID: 8302
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12.

Event[925]:
  Log Name: Application
  Source: Microsoft-Windows-Backup
  Date: 2015-07-21T16:57:21.289
  Event ID: 754
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
     .

Event[926]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T16:57:27.788
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 1 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 84 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall


Event[927]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T16:57:28.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[928]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T16:57:29.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[929]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T16:57:29.345
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[930]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:05:21.502
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[931]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T17:05:23.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[932]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-21T17:05:29.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[933]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:05:28.343
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[934]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:05:30.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[935]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:05:31.000
  Event ID: 455
  Task:    
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
svchost (1752) SRUJet:  -1811 (0xfffff8ed)     C:\WINDOWS\system32\SRU\SRU0002A.log.

Event[936]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:05:33.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[937]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:05:57.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[938]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:05:59.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[939]:
  Log Name: Application
  Source: Microsoft-Windows-Backup
  Date: 2015-07-21T17:06:11.424
  Event ID: 753
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
       .

Event[940]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:06:16.717
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[941]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:06:31.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (524) Windows:    (0)  (10.00.10240.0000).

Event[942]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:06:31.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (524) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.125, [4] 0.312, [5] 0.000, [6] 0.000, [7] 0.156, [8] 0.000, [9] 0.000, [10] 0.000.

Event[943]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:06:32.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (524) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.046, [3] 0.000, [4] 0.000, [5] 0.125, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.016. 
 : 1 0

Event[944]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T17:06:37.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[945]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-21T17:06:52.000
  Event ID: 8202
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   (   ).

Event[946]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T17:07:22.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[947]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:07:30.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[948]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:07:31.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[949]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:08:26.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16391,  : 0x55a72d2e
  : CoreUIComponents.dll, : 0.0.0.0,  : 0x55a71e06
 : 0xc0000005
 : 0x0000000000061562
  : 0x9cc
   : 0x01d0c3be74017106
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\WINDOWS\system32\CoreUIComponents.dll
 : 49c03e2e-7750-46e8-a8dd-661569b7bb92
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[950]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:21.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=Explorer.EXE

Event[951]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T17:09:26.000
  Event ID: 8224
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  - - . 

Event[952]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T17:09:27.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: CoreUIComponents.dll
P6: 0.0.0.0
P7: 55a71e06
P8: c0000005
P9: 0000000000061562
P10: 

 :

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_763c3ea9d84a85a6f89679ca61c715f8989a3_21351821_1fc4602d

 : 
  : 0
 : 49c03e2e-7750-46e8-a8dd-661569b7bb92
 : 4196
 : 

Event[953]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:37.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[954]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:39.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      .
 =ClipService Component PPD License
 =8f2a5247-8b75-c861-e6fc-881d7732791b

Event[955]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:39.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      .
 =explorer Component PPD License
 =5e3b56a1-653f-db4e-7bb6-ede0eb45da68

Event[956]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:41.000
  Event ID: 1034
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .  =Security-SPP-WriteWauMarker  =500

Event[957]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:41.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,        override-only.
 =(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Security-SPP-Reserved-EnableNotificationMode) (Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) 
 =55c92734-d682-4d71-983e-d6ec3f16059f
 SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Event[958]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:41.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[959]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:09:42.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[960]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T17:09:47.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[961]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T17:09:50.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[962]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-21T17:10:12.000
  Event ID: 8199
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   : ( ).

Event[963]:
  Log Name: Application
  Source: Microsoft-Windows-Backup
  Date: 2015-07-21T17:10:12.148
  Event ID: 754
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
     .

Event[964]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:10:14.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T14:10:12Z. : RulesEngine.

Event[965]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:10:14.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[966]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:10:22.766
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 2088 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1164 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 8 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 2088 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1164 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2088 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1164 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[967]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:10:23.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[968]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T17:10:24.000
  Event ID: 8225
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  -  ,    . 

Event[969]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:10:24.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[970]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:10:24.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[971]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:10:24.822
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[972]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T17:21:12.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[973]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T17:11:37.729
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[974]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T17:11:41.268
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[975]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:21:13.231
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[976]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:21:16.229
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[977]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-21T17:21:19.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[978]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:21:19.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[979]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:21:24.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[980]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:21:36.612
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[981]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:21:40.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[982]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:21:41.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[983]:
  Log Name: Application
  Source: Microsoft-Windows-Backup
  Date: 2015-07-21T17:21:49.951
  Event ID: 753
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
       .

Event[984]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:22:00.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4532) Windows:    (0)  (10.00.10240.0000).

Event[985]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:22:00.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4532) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000.

Event[986]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:22:02.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4532) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=1) 
 
  : [1] 0.000, [2] 0.031, [3] 0.000, [4] 0.000, [5] 1.297, [6] 0.078, [7] 0.062, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[987]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T17:22:03.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[988]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T17:22:05.000
  Event ID: 3037
  Task:   
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        <C:\[0780b3c6-05f4-4330-b098-a1fc1abf23c1]\ProgramData\Microsoft\Windows\Start Menu\>.

:  "",  "SystemIndex"

:
	URL-       .       , ,         .  (HRESULT : 0x80040d0d) (0x80040d0d)


Event[989]:
  Log Name: Application
  Source: System Restore
  Date: 2015-07-21T17:22:34.000
  Event ID: 8202
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   ( ).

Event[990]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T17:22:38.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[991]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:23:19.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[992]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:23:20.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[993]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T17:23:25.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[994]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:23:26.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[995]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T17:23:27.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[996]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:05.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[997]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:07.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      .
 =ClipService Component PPD License
 =8f2a5247-8b75-c861-e6fc-881d7732791b

Event[998]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:07.000
  Event ID: 1004
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
      .
 =explorer Component PPD License
 =5e3b56a1-653f-db4e-7bb6-ede0eb45da68

Event[999]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:09.000
  Event ID: 1034
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .  =Security-SPP-WriteWauMarker  =500

Event[1000]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:09.000
  Event ID: 1033
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,        override-only.
 =(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Security-SPP-Reserved-EnableNotificationMode) (Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) 
 =55c92734-d682-4d71-983e-d6ec3f16059f
 SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Event[1001]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:09.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[1002]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:09.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[1003]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T17:24:36.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERF548.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER478F.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\triagedump.dmp
WERGenerationLog.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada

 : 
  : 0
 : 61994c25-6479-421f-abf2-e6e3db739f15
 : 96
 : 

Event[1004]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:39.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T14:24:39Z. : RulesEngine.

Event[1005]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:24:39.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[1006]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:24:55.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1007]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:24:54.827
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 2056 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1176 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 540 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1176 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2056 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2056 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1176 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[1008]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:24:56.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1009]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:24:56.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1010]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T17:24:56.000
  Event ID: 8225
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 VSS  -  ,    . 

Event[1011]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:24:56.732
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[1012]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T17:25:31.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DSERGEY88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[1013]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:25:32.301
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[1014]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:25:35.108
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[1015]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:25:37.777
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[1016]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:25:50.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1017]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:25:50.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1018]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:25:59.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4084) Windows:    (0)  (10.00.10240.0000).

Event[1019]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:25:59.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4084) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.

Event[1020]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:25:59.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4084) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.016, [5] 0.078, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[1021]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T17:25:59.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[1022]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T17:26:36.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1023]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:27:06.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1024]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:27:05.918
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 1832 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1144 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 8 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1832 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1144 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1832 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1144 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[1025]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:27:06.740
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[1026]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:27:16.199
  Event ID: 24
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
  $Core    "select * from __InstanceOperationEvent",   "__InstanceOperationEvent"       //./root.   .

Event[1027]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:27:16.227
  Event ID: 24
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
  $Core    "select * from __ClassOperationEvent",   "__ClassOperationEvent"       //./root.   .

Event[1028]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:27:16.227
  Event ID: 24
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
  $Core    "select * from __NamespaceOperationEvent",   "__NamespaceOperationEvent"       //./root.   .

Event[1029]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:27:16.227
  Event ID: 24
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
  $Core    "select * from __SystemEvent",   "__SystemEvent"       //./root.   .

Event[1030]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:27:16.227
  Event ID: 24
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
  $Core    "select * from __TimerEvent",   "__TimerEvent"       //./root.   .

Event[1031]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:27:16.228
  Event ID: 10
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
        "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'"    "//./root" -  0x80041033.       ,     .

Event[1032]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:28:04.650
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[1033]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:28:05.642
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[1034]:
  Log Name: Application
  Source: VSS
  Date: 2015-07-21T17:28:17.000
  Event ID: 8211
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   :     WMI Writer   {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}     . 

:
     

:
      : {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
     : WMI Writer

Event[1035]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:28:18.304
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[1036]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:28:34.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1037]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:28:35.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1038]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:28:35.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <GPClient>.

Event[1039]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:28:35.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <Sens>.

Event[1040]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:28:48.127
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Getstarted_2.2.7.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca. :          ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1041]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:29:13.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <Sens>.

Event[1042]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:29:13.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1043]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:29:18.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1044]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:29:18.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1045]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:29:18.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <GPClient>.

Event[1046]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:29:18.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <Sens>.

Event[1047]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:23.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0x500
   : 0x01d0c3c1a272dd75
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 5c3ec9c9-5d94-4a55-8382-d1f13fb1ca21
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1048]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:24.350
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[1049]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:24.463
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1050]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:25.169
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Getstarted_8wekyb3d8bbwe!App. : Unknown HResult Error code: 0x800106d9.   .   Microsoft-Windows-TWinUI/Operational.

Event[1051]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:26.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xca4
   : 0x01d0c3c1a5650abe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 51d1b6c8-f964-4412-ab44-3f9087505867
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1052]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:28.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xd60
   : 0x01d0c3c1a6ba8f9b
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : e7ed7abb-aaf0-45d2-9187-9c2d36b1fd02
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1053]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:29.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xde4
   : 0x01d0c3c1a7143c37
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 8964d853-0180-4729-b9e9-d81d1a9de1b6
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1054]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:30.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xe6c
   : 0x01d0c3c1a7ac0df2
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : aaa94b05-886e-480b-ac7a-67e348e1f676
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1055]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:31.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xefc
   : 0x01d0c3c1a810e9f2
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 71d0104b-86a4-4a30-8a01-113787fba24e
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1056]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:30.482
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1057]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:31.095
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1058]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:31.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xf7c
   : 0x01d0c3c1a861bc79
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : a2333ab2-2b92-480b-a56b-1596b142b4d5
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1059]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:31.615
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1060]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:33.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xffc
   : 0x01d0c3c1a955b8cc
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 2289c98e-271a-4391-85e3-89773e6f72b5
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1061]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:33.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0x4b8
   : 0x01d0c3c1a96c989d
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : b9bc6a99-347c-441a-85e4-f7db122c6eae
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1062]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:33.213
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1063]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:33.367
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1064]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:35.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0x9f8
   : 0x01d0c3c1aa8e2aaa
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 74109295-5159-4c80-ba7f-667128dfb6fe
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1065]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:36.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xcc8
   : 0x01d0c3c1ab28fc4c
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : ff83b6fe-4596-4c42-8d3d-dd8e46e81b7a
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1066]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:37.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xdc8
   : 0x01d0c3c1aba9611b
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 6fec9a4b-367d-44d7-bc18-4207a3e2bcc3
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1067]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:37.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xe68
   : 0x01d0c3c1ac201273
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 2b6de0a1-4504-4723-bfcf-24ef128483ee
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1068]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:37.127
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1069]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:29:37.894
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1070]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:43.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0xedc
   : 0x01d0c3c1af8b3187
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : b783cb29-312c-4e44-aa30-aaa8741be773
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1071]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:48.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0x248
   : 0x01d0c3c1b2a61473
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : f9066c94-ecdd-4a7f-80b4-9e0c5f797f36
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1072]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:29:49.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : SearchUI.exe, : 10.0.10240.16393,  : 0x55a9d117
  : CortanaApi.dll, : 0.0.0.0,  : 0x55a9ccbc
 : 0x80000003
 : 0x000000000015a893
  : 0x560
   : 0x01d0c3c1b33c6f3e
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
 : 680d6193-85df-49f0-9991-5cc1a3ecfe18
   : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 ,    : CortanaUI

Event[1073]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:03.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <GPClient>.

Event[1074]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:03.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <Sens>.

Event[1075]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:03.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <GPClient>.

Event[1076]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:04.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1077]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:24.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <Sens>.

Event[1078]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:24.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1079]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:57.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <GPClient>.

Event[1080]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:57.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <Sens>.

Event[1081]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:57.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <GPClient>.

Event[1082]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:30:57.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1083]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:30:57.226
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 3 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 488 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 488 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 488 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[1084]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:30:57.804
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[1085]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T17:31:32.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DSERGEY88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[1086]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:31:34.288
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[1087]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:31:36.017
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[1088]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:31:38.779
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[1089]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:31:53.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1090]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:31:53.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1091]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:31:58.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (3596) Windows:    (0)  (10.00.10240.0000).

Event[1092]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:31:58.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (3596) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.

Event[1093]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:31:58.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (3596) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.016, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[1094]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T17:31:58.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[1095]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:32:44.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1096]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:32:50.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1097]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:33:18.837
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1098]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:33:21.853
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1099]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:33:24.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1100]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:33:23.759
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 4 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 516 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1992 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1992 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1992 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Internet Explorer\Main


Event[1101]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:33:34.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1102]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:33:35.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1103]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:33:44.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[1104]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T17:33:45.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[1105]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T17:34:04.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1106]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:34:31.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[1107]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:34:31.351
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 25 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005_Classes:
Process 4252 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 5352 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 5352 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 4396 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 6492 (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 6952 (\Device\HarddiskVolume4\Program Files\Logitech\SetPointP\SetPoint.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 6952 (\Device\HarddiskVolume4\Program Files\Logitech\SetPointP\SetPoint.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 6952 (\Device\HarddiskVolume4\Program Files\Logitech\SetPointP\SetPoint.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 3316 (\Device\HarddiskVolume4\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6019.42021.0_x64__8wekyb3d8bbwe\HxTsr.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 4252 (\Device\HarddiskVolume4\Windows\System32\taskhostw.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\CLSID
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\CLSID
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance
Process 3316 (\Device\HarddiskVolume4\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6019.42021.0_x64__8wekyb3d8bbwe\HxTsr.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\ActivatableClasses
Process 5392 (\Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6018.23501.0_x64__8wekyb3d8bbwe\OHub.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\ActivatableClasses
Process 5352 (\Device\HarddiskVolume4\Windows\System32\sihost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\ActivatableClasses
Process 4396 (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\ActivatableClasses
Process 6376 (\Device\HarddiskVolume4\Windows\System32\backgroundTaskHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\ActivatableClasses
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}
Process 1128 (\Device\HarddiskVolume4\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005_CLASSES\Local Settings\Software\Microsoft\Windows\Shell


Event[1108]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:34:32.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[1109]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:34:32.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[1110]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:34:35.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1111]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:35:02.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T14:35:02Z. : RulesEngine.

Event[1112]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:35:03.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[1113]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:35:29.177
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[1114]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T17:36:02.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: DSERGEY88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[1115]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:36:01.713
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[1116]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:36:08.401
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[1117]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:36:10.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1118]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:36:10.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[1119]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:36:10.096
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[1120]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-21T17:36:15.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[1121]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:36:56.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1122]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:36:57.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1123]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:36:59.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4400) Windows:    (0)  (10.00.10240.0000).

Event[1124]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:36:59.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4400) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.016, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.

Event[1125]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:36:59.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4400) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.000, [3] 0.015, [4] 0.000, [5] 0.032, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[1126]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T17:36:59.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[1127]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T17:37:26.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1128]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:38:10.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[1129]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:38:11.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[1130]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T17:38:19.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1131]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:38:23.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[1132]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T17:38:23.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[1133]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:39:19.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[1134]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:39:20.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[1135]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:39:20.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[1136]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:39:50.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T14:39:50Z. : RulesEngine.

Event[1137]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:39:50.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[1138]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T17:40:47.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133164480966,  5
 : MoAppCrash
:  
 CAB: 133172568608

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERF548.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER478F.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1f764ada\triagedump.dmp
WERGenerationLog.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_cab_1984916f

 : 
  : 0
 : 61994c25-6479-421f-abf2-e6e3db739f15
 : 8
 : a2f0cc91cbc52deaee823bbf623e210f

Event[1139]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T17:40:49.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133163141318,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16391
P4: 55a72d2e
P5: CoreUIComponents.dll
P6: 0.0.0.0
P7: 55a71e06
P8: c0000005
P9: 0000000000061562
P10: 

 :
C:\Windows\Temp\WER940F.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_763c3ea9d84a85a6f89679ca61c715f8989a3_21351821_1984974b

 : 
  : 0
 : 49c03e2e-7750-46e8-a8dd-661569b7bb92
 : 4104
 : 0b1ade5ad50671f7bef4b39b38fe5078

Event[1140]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T17:40:49.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  124604762736,  5
 : WindowsUpdateFailure3
:  
 CAB: 0

 :
P1: 10.0.10240.16389
P2: 80072f8f
P3: 00000000-0000-0000-0000-000000000000
P4: Scan
P5: 0
P6: 0
P7: 8024500b
P8: UpdateOrchestrator
P9: {7971F918-A847-4430-9279-4A52D1EFE18D}
P10: 0

 :
C:\Windows\Temp\WER44C1.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_10.0.10240.16389_fe9ff211689cdca45648baee968329502d5982d_00000000_1984998d

 : 
  : 0
 : 3b805704-2fb2-11e5-b6d6-d8cb8a158772
 : 0
 : c9c608aeb8f87d1a2adccb9974c62e3b

Event[1141]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T17:42:10.569
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[1142]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T17:42:10.693
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[1143]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:56:08.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1144]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:56:08.626
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 2360 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1268 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 396 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1268 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2360 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2360 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1268 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[1145]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:56:09.463
  Event ID: 1532
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   .  



Event[1146]:
  Log Name: Application
  Source: Microsoft-Windows-EventSystem
  Date: 2015-07-21T17:56:48.000
  Event ID: 4625
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 EventSystem        86400 .      REG_DWORD   SuppressDuplicateDuration    : HKLM\Software\Microsoft\EventSystem\EventLog.

Event[1147]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:56:48.606
  Event ID: 1531
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    .  



Event[1148]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:56:51.230
  Event ID: 5615
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
   Windows  

Event[1149]:
  Log Name: Application
  Source: NvStreamSvc
  Date: 2015-07-21T17:56:56.000
  Event ID: 2003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Expected event (Started [0]).

Event[1150]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:57:02.000
  Event ID: 100
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service started.

Event[1151]:
  Log Name: Application
  Source: Microsoft-Windows-WMI
  Date: 2015-07-21T17:57:02.280
  Event ID: 5617
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    Windows  .

Event[1152]:
  Log Name: Application
  Source: NVNetworkService
  Date: 2015-07-21T17:57:07.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1153]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:57:22.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1154]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:57:23.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1155]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:57:40.000
  Event ID: 102
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4420) Windows:    (0)  (10.00.10240.0000).

Event[1156]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:57:40.000
  Event ID: 105
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4420) Windows:     (0). (=0 ) 
 
  : [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.

Event[1157]:
  Log Name: Application
  Source: ESENT
  Date: 2015-07-21T17:57:41.000
  Event ID: 326
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SearchIndexer (4420) Windows:      (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (=0) 
 
  : [1] 0.000, [2] 0.031, [3] 0.047, [4] 0.000, [5] 0.812, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000. 
 : 1 0

Event[1158]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2015-07-21T17:57:42.000
  Event ID: 1003
  Task:  
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
 Windows Search .


Event[1159]:
  Log Name: Application
  Source: Disc Soft Lite Bus Service
  Date: 2015-07-21T17:58:13.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1160]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:58:29.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1161]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:58:34.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1162]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:58:36.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1163]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T17:58:42.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16393,  : 0x55a9d38f
  : Windows.UI.Xaml.dll, : 10.0.10240.16393,  : 0x55a9d318
 : 0xc000027b
 : 0x0000000000483197
  : 0x1180
   : 0x01d0c3c596b309fe
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : d87b8df9-b1c6-4570-a9e7-9bda95987c95
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[1164]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T17:58:57.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  133164480966,  5
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :
C:\Users\dsergey88\AppData\Local\Temp\WERF29.tmp.WERInternalMetadata.xml
C:\Users\dsergey88\AppData\Local\Temp\WER12D3.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AF2.tmp.hdmp
C:\Users\dsergey88\AppData\Local\Temp\WER3736.tmp.WERDataCollectionFailure.txt

    :
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_1fd23de9

 : 
  : 0
 : d87b8df9-b1c6-4570-a9e7-9bda95987c95
 : 4104
 : a2f0cc91cbc52deaee823bbf623e210f

Event[1165]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:58:59.888
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[1166]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:59:02.000
  Event ID: 103
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
SkypeUpdate service is shutting down due to idle timeout.

Event[1167]:
  Log Name: Application
  Source: SkypeUpdate
  Date: 2015-07-21T17:59:03.000
  Event ID: 101
  Task: Service Events
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
Service stopped.

Event[1168]:
  Log Name: Application
  Source: gupdate
  Date: 2015-07-21T17:59:13.000
  Event ID: 0
  Task: 
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
N/A

Event[1169]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T17:59:13.198
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1170]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T17:59:16.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:<none>

Event[1171]:
  Log Name: Application
  Source: SecurityCenter
  Date: 2015-07-21T17:59:17.000
  Event ID: 1
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    Windows .

Event[1172]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:59:19.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1173]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T17:59:18.758
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 1 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 364 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall


Event[1174]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T17:59:26.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1175]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T18:00:16.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[1176]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T18:00:17.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[1177]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T18:00:17.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[1178]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T18:00:47.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T15:00:47Z. : RulesEngine.

Event[1179]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T18:00:47.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


Event[1180]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T18:03:06.090
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
    WmiApRpl (WmiApRpl)  .        Last Counter  Last Help.

Event[1181]:
  Log Name: Application
  Source: Microsoft-Windows-LoadPerf
  Date: 2015-07-21T18:03:06.217
  Event ID: 1000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
C    WmiApRpl (WmiApRpl)  .         ,   .

Event[1182]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:07:32.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1183]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:07:37.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1184]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:07:37.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1185]:
  Log Name: Application
  Source: Application Error
  Date: 2015-07-21T18:07:38.000
  Event ID: 1000
  Task:   
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  : ShellExperienceHost.exe, : 10.0.10240.16393,  : 0x55a9d38f
  : Windows.UI.Xaml.dll, : 10.0.10240.16393,  : 0x55a9d318
 : 0xc000027b
 : 0x0000000000483197
  : 0x1e60
   : 0x01d0c3c6bec6597b
  : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  : C:\Windows\System32\Windows.UI.Xaml.dll
 : c58be0e6-dae1-49f9-8ec8-fcef2c6a6c76
   : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 ,    : App

Event[1186]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T18:07:59.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_043a858a

 : 
  : 0
 : c58be0e6-dae1-49f9-8ec8-fcef2c6a6c76
 : 4196
 : 

Event[1187]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T18:07:59.766
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :     ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1188]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T18:08:01.871
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App. :  .   .   Microsoft-Windows-TWinUI/Operational.

Event[1189]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T18:08:17.723
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1002
  User Name: DSERGEY88-PC\Deti
  Computer: dsergey88-PC
  Description: 
   Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1190]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T18:08:20.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_043a858a

 : 
  : 0
 : c58be0e6-dae1-49f9-8ec8-fcef2c6a6c76
 : 96
 : 

Event[1191]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:08:28.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1192]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T18:08:27.932
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 1 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1002:
Process 364 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall


Event[1193]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:08:37.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1194]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T18:09:38.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WER67D.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_0880069d

 : 
  : 0
 : 8090fb4c-2fba-11e5-b6de-d8cb8a158772
 : 4
 : 

Event[1195]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T18:09:59.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MoAppCrash
:  
 CAB: 0

 :
P1: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
P2: praid:App
P3: 10.0.10240.16393
P4: 55a9d38f
P5: combase.dll
P6: 10.0.10240.16384
P7: 559f3aac
P8: 80004001
P9: 00000000000230e5
P10: 

 :

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.Window_f3b8e667cde5a7bbdf86eb3e91669a4899ed49_21351821_043a858a

 : 
  : 0
 : c58be0e6-dae1-49f9-8ec8-fcef2c6a6c76
 : 96
 : 

Event[1196]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2015-07-21T18:10:20.000
  Event ID: 1001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
  ,  0
 : MpTelemetry
:  
 CAB: 0

 :
P1: 2152759308
P2: unspecified
P3: ScanFile
P4: 4.8.10240.16384
P5:  Windows (77BDAF73-B396-481F-9042-AD358843EC24)
P6: unspecified
P7: unspecified
P8: 
P9: 
P10: 

 :
C:\Windows\Temp\MPInstrumentation\client_manifest.txt
C:\Windows\Temp\WER67D.tmp.WERInternalMetadata.xml

    :
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_324376368b6edad480861648bff165b96fc8377_00000000_cab_0880069d

 : 
  : 0
 : 8090fb4c-2fba-11e5-b6de-d8cb8a158772
 : 96
 : 

Event[1197]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T18:31:43.509
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1198]:
  Log Name: Application
  Source: Microsoft-Windows-Immersive-Shell
  Date: 2015-07-21T18:31:43.845
  Event ID: 5973
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
   microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1. :   ..   .   Microsoft-Windows-TWinUI/Operational.

Event[1199]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:31:49.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1200]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T18:31:49.160
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 7 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 2156 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 364 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 2156 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Internet Explorer\Main
Process 2156 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Event[1201]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:31:54.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1202]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T18:31:54.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1203]:
  Log Name: Application
  Source: Microsoft-Windows-AppModel-State
  Date: 2015-07-21T18:37:55.359
  Event ID: 10
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
       microsoft.windows.authhost.a_8wekyb3d8bbwe.  : 3

Event[1204]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T18:53:04.444
  Event ID: 10000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2 - ?2015?-?07?-?21T15:53:04.443977000Z.

Event[1205]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T18:53:04.451
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2,  ?2015?-?07?-?21T15:53:04.443977000Z.

Event[1206]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T18:53:09.230
  Event ID: 10000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2 - ?2015?-?07?-?21T15:53:09.230237200Z.

Event[1207]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T18:53:09.238
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2,  ?2015?-?07?-?21T15:53:09.230237200Z.

Event[1208]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T18:55:22.739
  Event ID: 10000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2 - ?2015?-?07?-?21T15:55:22.739222100Z.

Event[1209]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T18:55:22.743
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2,  ?2015?-?07?-?21T15:55:22.739222100Z.

Event[1210]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T19:00:12.990
  Event ID: 10000
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2 - ?2015?-?07?-?21T16:00:12.989822900Z.

Event[1211]:
  Log Name: Application
  Source: Microsoft-Windows-RestartManager
  Date: 2015-07-21T19:00:12.996
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-21-2584663433-4080431295-3422777322-1005
  User Name: DSERGEY88-PC\dsergey88
  Computer: dsergey88-PC
  Description: 
  2,  ?2015?-?07?-?21T16:00:12.989822900Z.

Event[1212]:
  Log Name: Application
  Source: Microsoft-Windows-Winsrv
  Date: 2015-07-21T19:00:23.435
  Event ID: 10001
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
     : balabolka.exe.

Event[1213]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T19:00:29.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1214]:
  Log Name: Application
  Source: Microsoft-Windows-User Profiles Service
  Date: 2015-07-21T19:00:28.895
  Event ID: 1530
  Task: N/A
  Level: 
  Opcode: 
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\
  Computer: dsergey88-PC
  Description: 
 Windows ,          .   ,     ,   ,     .     . 

 : 
 12 user registry handles leaked from \Registry\User\S-1-5-21-2584663433-4080431295-3422777322-1005:
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 364 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\CA
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\trust
Process 1168 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root
Process 1004 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2584663433-4080431295-3422777322-1005\SOFTWARE\Microsoft\SystemCertificates\Root


Event[1215]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T19:00:41.000
  Event ID: 6003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     -    winlogon <SessionEnv>.

Event[1216]:
  Log Name: Application
  Source: Microsoft-Windows-Winlogon
  Date: 2015-07-21T19:00:41.000
  Event ID: 6000
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    -    winlogon <SessionEnv>.

Event[1217]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T19:02:55.000
  Event ID: 900
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
     .
:caller=Explorer.EXE

Event[1218]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T19:02:55.000
  Event ID: 1066
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
   .
C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000


Event[1219]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T19:02:55.000
  Event ID: 1003
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
       .
 =55c92734-d682-4d71-983e-d6ec3f16059f
 =
1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]
11: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: bbc56067-37f8-49dd-87b2-a418a9ba130a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: c082c31b-2c4f-4e07-94d7-9181fa802c4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: ec67814b-30e6-4a50-bf7b-d55daf729d1e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]



Event[1220]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T19:02:55.000
  Event ID: 902
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .
10.0.10240.16384

Event[1221]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T19:03:25.000
  Event ID: 16384
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
        2115-06-27T16:03:25Z. : RulesEngine.

Event[1222]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2015-07-21T19:03:25.000
  Event ID: 903
  Task: N/A
  Level: 
  Opcode: N/A
  Keyword: 
  User: N/A
  User Name: N/A
  Computer: dsergey88-PC
  Description: 
    .


