161200x800000000000002221SystemDESKTOP-GHH64PV\Device\HarddiskVolume4000000000100000000000000A10004C001000200010000C000000000000000000000000000000000Dump file creation failed due to error during dump creation.ErrorClassic614000x80004000000000002222SystemDESKTOP-GHH64PV0x0605aswSP2017-04-28T00:46:31.000000000Z240{ "flags" : "0x00000010" , "registration_version" : "0x00000202" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Security Enhancer" , "supportedFeatures": "0x00000000" , "instances" : [["388401","0x00000000"]] }{02000000-0004-0000-24A7-4E622FD3D201}File System Filter 'aswSP' (6.0, ‎2017‎-‎04‎-‎28T00:46:31.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002223SystemDESKTOP-GHH64PV0x0606aswSnx2017-04-28T00:35:06.000000000Z237{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "supportedFeatures": "0x00000000" , "instances" : [["137600","0x00000000"]] }{02000000-0005-0000-9109-51622FD3D201}File System Filter 'aswSnx' (6.0, ‎2017‎-‎04‎-‎28T00:35:06.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002224SystemDESKTOP-GHH64PV0x01009FileCrypt2030-05-28T01:10:59.000000000Z233{ "flags" : "0x00000000" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Encryption" , "supportedFeatures": "0x00000003" , "instances" : [["141100","0x00000000"]] }{02000000-0006-0000-BF70-53622FD3D201}File System Filter 'FileCrypt' (10.0, ‎2030‎-‎05‎-‎28T01:10:59.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002225SystemDESKTOP-GHH64PV0x01009npsvctrig2097-07-25T03:18:05.000000000Z219{ "flags" : "0x00000018" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "(null)" , "supportedFeatures": "0x00000000" , "instances" : [["46000","0x00000000"]] }{02000000-0007-0000-A3F5-5C622FD3D201}File System Filter 'npsvctrig' (10.0, ‎2097‎-‎07‎-‎25T03:18:05.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager41516300x80004000000000022226SystemDESKTOP-GHH64PV2780xffffd808026a02900x00x00x00000false40trueThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.CriticalInfoSystemMicrosoft-Windows-Kernel-Power1720420300x80000000000004042227SystemDESKTOP-GHH64PV26Connectivity state in standby: Disconnected, Reason: NIC complianceInformationInfoSystemMicrosoft-Windows-Kernel-Power101141410100x20000000000000002228SystemDESKTOP-GHH64PVWUDFPfWUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.InformationStartup of the UMDF reflectorInfoSystemMicrosoft-Windows-DriverFrameworks-UserMode2190321200x80000000000000002229SystemDESKTOP-GHH64PV24ACPI\INT3400\2&daba3ff&1322122634114\Driver\WUDFRd0The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.WarningInfoSystemMicrosoft-Windows-Kernel-PnP7036400x800000000000002230SystemDESKTOP-GHH64PV\Device\NDMP1Intel(R) Dual Band Wireless-AC 82600000080002003800000000007C1B004000000000000000000000000000000000000000000000000057445256AB000000The \Device\NDMP1 service entered the Intel(R) Dual Band Wireless-AC 8260 state.InformationClassic7001400x800000000000002231SystemDESKTOP-GHH64PV\Device\NDMP1Intel(R) Dual Band Wireless-AC 8260000008000200380000000000591B0060000000000000000000000000000000000000000000000000574452565041000055044700x80000000000000002232SystemDESKTOP-GHH64PV0031270110029291Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002233SystemDESKTOP-GHH64PV0231270110029291Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002234SystemDESKTOP-GHH64PV0431270110029291Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002235SystemDESKTOP-GHH64PV0631270110029291Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002236SystemDESKTOP-GHH64PV0131270110029291Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002237SystemDESKTOP-GHH64PV0331270110029291Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002238SystemDESKTOP-GHH64PV0531270110029291Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002239SystemDESKTOP-GHH64PV0731270110029291Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power5210422000x80000000000004042240SystemDESKTOP-GHH64PV100Active battery count change.InformationInfoSystemMicrosoft-Windows-Kernel-Power7010400x800000000000002241SystemDESKTOP-GHH64PV\Device\NDMP1Intel(R) Dual Band Wireless-AC 8260000008000200380000000000621B006000000000000000000000000000000000000000000000000000000000000000009804000x80000000000000022242SystemDESKTOP-GHH64PVD:\Device\HarddiskVolume10Volume D: (\Device\HarddiskVolume1) is healthy. No action is needed.InformationInfoSystem7017400x800000000000002243SystemDESKTOP-GHH64PV\Device\NDMP1Intel(R) Dual Band Wireless-AC 8260000008000200380000000000691B0060000000000000000000000000000000000000000000000000574452561000560E9804000x80000000000000022244SystemDESKTOP-GHH64PV\\?\Volume{2f41ef18-9653-4b6e-8ea7-428ff930ef42}\Device\HarddiskVolume50Volume \\?\Volume{2f41ef18-9653-4b6e-8ea7-428ff930ef42} (\Device\HarddiskVolume5) is healthy. No action is needed.InformationInfoSystem1604000x80000000000000002245SystemDESKTOP-GHH64PV36\SystemRoot\System32\Config\SOFTWARE32458119555The access history in hive \SystemRoot\System32\Config\SOFTWARE was cleared updating 324581 keys and creating 19555 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002246SystemDESKTOP-GHH64PV31\SystemRoot\System32\Config\SAM767The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 76 keys and creating 7 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002247SystemDESKTOP-GHH64PV36\SystemRoot\System32\Config\SECURITY1046The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 104 keys and creating 6 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002248SystemDESKTOP-GHH64PV35\SystemRoot\System32\Config\DEFAULT4386301The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 4386 keys and creating 301 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General2400x800000000000002249SystemDESKTOP-GHH64PV00000000010000000000000002000740000000000000000000000000000000000000000000000000Intel(R) Management Engine Interface driver has started successfully.InformationClassic1404000x40000000000000002250SystemDESKTOP-GHH64PV00Credential Guard (LsaIso.exe) configuration: 0x0, 0InformationInfoSystemMicrosoft-Windows-Wininit1696204000x80000000000000002251SystemDESKTOP-GHH64PVO:SYG:SYD:(A;;RC;;;BA)Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.InformationInfoSystemMicrosoft-Windows-Directory-Services-SAM1604000x80000000000000002252SystemDESKTOP-GHH64PV56\??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT71839The access history in hive \??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 718 keys and creating 39 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General18400x800000000000002253SystemDESKTOP-GHH64PV00000800010000000000000012000540000000000000000000000000000000000000000000000000E000000000000000Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup.InformationClassic267400x800000000000002254SystemDESKTOP-GHH64PV0000000001000000000000000B0100400000000000000000000000000000000000000000000000001604000x80000000000000002255SystemDESKTOP-GHH64PV31\SystemRoot\System32\Config\BBI30279The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 302 keys and creating 79 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002256SystemDESKTOP-GHH64PV54\??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT71839The access history in hive \??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 718 keys and creating 39 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General614000x80004000000000002257SystemDESKTOP-GHH64PV0x01005wcifs2088-07-28T20:04:59.000000000Z237{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "supportedFeatures": "0x00000000" , "instances" : [["189900","0x00000000"]] }{02000000-000A-0000-554F-64662FD3D201}File System Filter 'wcifs' (10.0, ‎2088‎-‎07‎-‎28T20:04:59.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager700002000x80800000000000002259SystemDESKTOP-GHH64PVCldFlt%%5043006C00640046006C0074000000The CldFlt service failed to start due to the following error: The request is not supported.ErrorMicrosoft-Windows-Service Control ManagerClassic614000x80004000000000002258SystemDESKTOP-GHH64PV0x01005luafv2037-06-08T02:55:59.000000000Z237{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "supportedFeatures": "0x00000003" , "instances" : [["135000","0x00000000"]] }{02000000-000B-0000-A413-69662FD3D201}File System Filter 'luafv' (10.0, ‎2037‎-‎06‎-‎08T02:55:59.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002260SystemDESKTOP-GHH64PV0x010010storqosflt2015-12-17T20:36:27.000000000Z239{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Quota Management" , "supportedFeatures": "0x00000003" , "instances" : [["244000","0x00000000"]] }{02000000-000C-0000-A413-69662FD3D201}File System Filter 'storqosflt' (10.0, ‎2015‎-‎12‎-‎17T20:36:27.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002261SystemDESKTOP-GHH64PV0x0609aswMonFlt2017-04-28T00:46:02.000000000Z233{ "flags" : "0x00000010" , "registration_version" : "0x00000202" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Anti-Virus" , "supportedFeatures": "0x00000000" , "instances" : [["320700","0x00000000"]] }{02000000-000D-0000-A413-69662FD3D201}File System Filter 'aswMonFlt' (6.0, ‎2017‎-‎04‎-‎28T00:46:02.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager1604000x80000000000000002262SystemDESKTOP-GHH64PV42\SystemRoot\System32\Config\bbimigrate\BBI102The access history in hive \SystemRoot\System32\Config\bbimigrate\BBI was cleared updating 10 keys and creating 2 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General12041000x40000000000000002263SystemDESKTOP-GHH64PVC:\Windows\System32\WUDFHost.exe1176{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Windows\System32\WUDFHost.exe (process ID:1176) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem6013400x800000000000002217SystemDESKTOP-GHH64PV860480 Pacific Standard Time31002E003100000030000000570069006E0064006F00770073002000310030002000500072006F000000310030002E0030002E003100350030003600330020004200750069006C0064002000310035003000360033002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000310035003000360033002E007200730032005F00720065006C0065006100730065002E003100370030003300310037002D00310038003300340000003500390031003700370039003100650000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003800000033003200370030003100000034003000390000004400450053004B0054004F0050002D00470048004800360034005000560000000000The system uptime is 8 seconds.InformationClassic6005400x800000000000002216SystemDESKTOP-GHH64PVE10705000100160013000C0030001F010000000000000000The Event log service was started.InformationClassic6009400x800000000000002215SystemDESKTOP-GHH64PV10.00.15063Multiprocessor Free0Microsoft (R) Windows (R) 10.00. 15063 Multiprocessor Free.InformationClassic6008200x800000000000002214SystemDESKTOP-GHH64PV11:45:48 AM‎5/‎22/‎2017264344E1070500010016000B002D0030002201E10705000100160012002D0030002201600900003C000000010000006009000001000000B004000001000000FEFFFFFFThe previous system shutdown at 11:45:48 AM on ‎5/‎22/‎2017 was unexpected.ErrorClassic12041000x40000000000000002264SystemDESKTOP-GHH64PVC:\Windows\System32\WUDFHost.exe1176{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Windows\System32\WUDFHost.exe (process ID:1176) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem12041000x40000000000000002265SystemDESKTOP-GHH64PVC:\Windows\System32\WUDFHost.exe1176{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Windows\System32\WUDFHost.exe (process ID:1176) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem12041000x40000000000000002266SystemDESKTOP-GHH64PVC:\Windows\System32\WUDFHost.exe1176{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Windows\System32\WUDFHost.exe (process ID:1176) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem12041000x40000000000000002267SystemDESKTOP-GHH64PVC:\Windows\System32\WUDFHost.exe1176{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Windows\System32\WUDFHost.exe (process ID:1176) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem267400x800000000000002268SystemDESKTOP-GHH64PV0000000001000000000000000B01004000000000000000000000000000000000000000000000000050036044680x20000000000000002269SystemDESKTOP-GHH64PVDHCPv4 client service is startedInformationService State EventServiceStartSystemMicrosoft-Windows-Dhcp-Client501030441290x20000000000000002270SystemDESKTOP-GHH64PVDHCPv4 client registered for shutdown notificationInformationService State EventServiceShutdownSystemMicrosoft-Windows-Dhcp-Client51046044620x20000000000000002271SystemDESKTOP-GHH64PVDHCPv6 client service is startedInformationService State EventServiceStartSystemMicrosoft-Windows-DHCPv6-Client400004010x40000000000000002272SystemDESKTOP-GHH64PVWLAN AutoConfig service has successfully started. InformationStartSystemMicrosoft-Windows-WLAN-AutoConfig702604000x80800000000000002273SystemDESKTOP-GHH64PV dam EhStorClassThe following boot-start or system-start driver(s) did not load: dam EhStorClassInformationMicrosoft-Windows-Service Control ManagerClassic700104110100x20002000000000002274SystemDESKTOP-GHH64PV1S-1-5-21-1256797893-996396721-3403840240-1001User Logon Notification for Customer Experience Improvement ProgramInformationInfoSystemMicrosoft-Windows-Winlogon1604000x80000000000000002275SystemDESKTOP-GHH64PV31\??\C:\Users\Lalaith\ntuser.dat4772335The access history in hive \??\C:\Users\Lalaith\ntuser.dat was cleared updating 4772 keys and creating 335 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002276SystemDESKTOP-GHH64PV45\??\C:\Windows\AppCompat\Programs\Amcache.hve76541456The access history in hive \??\C:\Windows\AppCompat\Programs\Amcache.hve was cleared updating 7654 keys and creating 1456 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002277SystemDESKTOP-GHH64PV65\??\C:\Users\Lalaith\AppData\Local\Microsoft\Windows\UsrClass.dat6103651The access history in hive \??\C:\Users\Lalaith\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 6103 keys and creating 651 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General12041000x40000000000000002278SystemDESKTOP-GHH64PVC:\Program Files\AVAST Software\Avast\setup\instup.exe3328{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Program Files\AVAST Software\Avast\setup\instup.exe (process ID:3328) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem1000104000x40000000000000002279SystemDESKTOP-GHH64PVC:\Windows\System32\IWMSSvc.dllWLAN Extensibility Module has successfully started. Module Path: C:\Windows\System32\IWMSSvc.dll InformationInfoSystemMicrosoft-Windows-WLAN-AutoConfig12041000x40000000000000002280SystemDESKTOP-GHH64PVC:\Program Files\AVAST Software\Avast\setup\instup.exe3328{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Program Files\AVAST Software\Avast\setup\instup.exe (process ID:3328) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem1001602000x80800000000000002282SystemDESKTOP-GHH64PVapplication-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailableThe application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.ErrorInfoMicrosoft-Windows-DistributedCOMClassic1001602000x80800000000000002281SystemDESKTOP-GHH64PVapplication-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailableThe application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.ErrorInfoMicrosoft-Windows-DistributedCOMClassic1804000x80000000000000002283SystemDESKTOP-GHH64PV0x140000d80This event triggers the Trusted Platform Module (TPM) provisioning/status check to run.InformationInfoSystemTPM1604000x80000000000000002284SystemDESKTOP-GHH64PV105\??\C:\Users\Lalaith\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat9010The access history in hive \??\C:\Users\Lalaith\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat was cleared updating 90 keys and creating 10 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002285SystemDESKTOP-GHH64PV117\??\C:\Users\Lalaith\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat51The access history in hive \??\C:\Users\Lalaith\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 5 keys and creating 1 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General704004000x80800000000000002286SystemDESKTOP-GHH64PVBackground Intelligent Transfer Servicedemand startauto startBITSThe start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.InformationMicrosoft-Windows-Service Control ManagerClassic102504000x80000000000000002287SystemDESKTOP-GHH64PVThe TPM was successfully provisioned and is now ready for use.InformationInfoSystemMicrosoft-Windows-TPM-WMI102504000x80000000000000002288SystemDESKTOP-GHH64PVThe TPM was successfully provisioned and is now ready for use.InformationInfoSystemMicrosoft-Windows-TPM-WMI12041000x40000000000000002289SystemDESKTOP-GHH64PVC:\Program Files\AVAST Software\Avast\AvastSvc.exe2800{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Program Files\AVAST Software\Avast\AvastSvc.exe (process ID:2800) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem12041000x40000000000000002290SystemDESKTOP-GHH64PVC:\Program Files\AVAST Software\Avast\AvastSvc.exe2800{381B4222-F694-41F0-9685-FF5BB260DF2E}{381B4222-F694-41F0-9685-FF5BB260DF2E}Process C:\Program Files\AVAST Software\Avast\AvastSvc.exe (process ID:2800) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}InformationInfoSystem51300x800000000000002291SystemDESKTOP-GHH64PV\Device\Harddisk2\DR2030080000100000000000000330004802D010000100000C0000000000000000000003A0200000000D61A000000000000FFFFFFFF01000000580000C40200000000200A124002204000000000140000000000000000000000A8BB74BB09B2FFFF000000000000000010A075BB09B2FFFF20A805B109B2FFFF001D010000000000280000011D0000000800000000000000700005000000000A00000000300500000000000000000000An error was detected on device \Device\Harddisk2\DR2 during a paging operation.WarningClassic704004000x80800000000000002292SystemDESKTOP-GHH64PVBackground Intelligent Transfer Serviceauto startdemand startBITSThe start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.InformationMicrosoft-Windows-Service Control ManagerClassic704004000x80800000000000002293SystemDESKTOP-GHH64PVBackground Intelligent Transfer Servicedemand startauto startBITSThe start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.InformationMicrosoft-Windows-Service Control ManagerClassic2400x800000000000002294SystemDESKTOP-GHH64PVGeolocation positioning has been disabled by the user.InformationInfoClassic704004000x80800000000000002295SystemDESKTOP-GHH64PVBackground Intelligent Transfer Serviceauto startdemand startBITSThe start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.InformationMicrosoft-Windows-Service Control ManagerClassic1604000x80000000000000002296SystemDESKTOP-GHH64PV102\??\C:\Users\Lalaith\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat142The access history in hive \??\C:\Users\Lalaith\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 14 keys and creating 2 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General1604000x80000000000000002297SystemDESKTOP-GHH64PV85\??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat00The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages.InformationInfoSystemMicrosoft-Windows-Kernel-General22041800x40000000000000002298SystemDESKTOP-GHH64PV5Reapply power settings upon completion of the provisioning engine's turn 5InformationInfoSystem101403101400x40000000100000002299SystemDESKTOP-GHH64PVimrk.net128170000000000000020010578003F000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000Name resolution for the name imrk.net timed out after none of the configured DNS servers responded.WarningInfoSystemMicrosoft-Windows-DNS Client Events1204100x80000000000000802300SystemDESKTOP-GHH64PV10015063296002017-05-22T21:46:20.489473500ZThe operating system started at system time ‎2017‎-‎05‎-‎22T21:46:20.489473500Z.InformationInfoSystemMicrosoft-Windows-Kernel-General15304000x80000000000000002301SystemDESKTOP-GHH64PV000Virtualization-based security (policies: 0) is disabled.InformationInfoSystemMicrosoft-Windows-Kernel-Boot20143100x80000000000000002302SystemDESKTOP-GHH64PVfalsetrue142The last shutdown's success status was false. The last boot's success status was true.InformationInfoSystemMicrosoft-Windows-Kernel-Boot27143300x80000000000000002303SystemDESKTOP-GHH64PV0 NOEXECUTE=OPTINThe boot type was 0x0.InformationInfoSystemMicrosoft-Windows-Kernel-Boot25043200x80000000000000002304SystemDESKTOP-GHH64PV1The boot menu policy was 0x1.InformationInfoSystemMicrosoft-Windows-Kernel-Boot1804000x80000000000000002305SystemDESKTOP-GHH64PV1There are 0x1 boot options on this system.InformationInfoSystemMicrosoft-Windows-Kernel-Boot3204000x80000000000000002306SystemDESKTOP-GHH64PV0The bootmgr spent 0 ms waiting for user input.InformationInfoSystemMicrosoft-Windows-Kernel-Boot30042100x80000000000000002307SystemDESKTOP-GHH64PV0985698851076910770The firmware reported boot metrics.InformationInfoSystemMicrosoft-Windows-Kernel-Boot614000x80004000000000002312SystemDESKTOP-GHH64PV0x01008FileInfo2042-06-30T07:43:32.000000000Z228{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Bottom" , "supportedFeatures": "0x00000003" , "instances" : [["40500","0x00000000"]] }{02000000-0001-0000-A748-EBD944D3D201}File System Filter 'FileInfo' (10.0, ‎2042‎-‎06‎-‎30T07:43:32.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002313SystemDESKTOP-GHH64PV0x01003Wof1974-03-11T15:47:45.000000000Z232{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : true , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Compression" , "supportedFeatures": "0x00000003" , "instances" : [["40700","0x00000000"]] }{02000000-0002-0000-A748-EBD944D3D201}File System Filter 'Wof' (10.0, ‎1974‎-‎03‎-‎11T15:47:45.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager9804000x80000000000000022314SystemDESKTOP-GHH64PVC:\Device\HarddiskVolume40Volume C: (\Device\HarddiskVolume4) is healthy. No action is needed.InformationInfoSystem161200x800000000000002315SystemDESKTOP-GHH64PV\Device\HarddiskVolume4000000000100000000000000A10004C001000200010000C000000000000000000000000000000000Dump file creation failed due to error during dump creation.ErrorClassic614000x80004000000000002316SystemDESKTOP-GHH64PV0x0605aswSP2017-04-28T00:46:31.000000000Z240{ "flags" : "0x00000010" , "registration_version" : "0x00000202" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Security Enhancer" , "supportedFeatures": "0x00000000" , "instances" : [["388401","0x00000000"]] }{02000000-0004-0000-2034-16DA44D3D201}File System Filter 'aswSP' (6.0, ‎2017‎-‎04‎-‎28T00:46:31.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002317SystemDESKTOP-GHH64PV0x0606aswSnx2017-04-28T00:35:06.000000000Z237{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "supportedFeatures": "0x00000000" , "instances" : [["137600","0x00000000"]] }{02000000-0005-0000-8D96-18DA44D3D201}File System Filter 'aswSnx' (6.0, ‎2017‎-‎04‎-‎28T00:35:06.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002318SystemDESKTOP-GHH64PV0x01009FileCrypt2030-05-28T01:10:59.000000000Z233{ "flags" : "0x00000000" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Encryption" , "supportedFeatures": "0x00000003" , "instances" : [["141100","0x00000000"]] }{02000000-0006-0000-06F9-1ADA44D3D201}File System Filter 'FileCrypt' (10.0, ‎2030‎-‎05‎-‎28T01:10:59.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager614000x80004000000000002319SystemDESKTOP-GHH64PV0x01009npsvctrig2097-07-25T03:18:05.000000000Z219{ "flags" : "0x00000018" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "(null)" , "supportedFeatures": "0x00000000" , "instances" : [["46000","0x00000000"]] }{02000000-0007-0000-3420-22DA44D3D201}File System Filter 'npsvctrig' (10.0, ‎2097‎-‎07‎-‎25T03:18:05.000000000Z) has successfully loaded and registered with Filter Manager.InformationInfoSystemMicrosoft-Windows-FilterManager41516300x80004000000000022320SystemDESKTOP-GHH64PV2780xffffb209b10a40100x00x00x00000false00trueThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.CriticalInfoSystemMicrosoft-Windows-Kernel-Power1720420300x80000000000004042321SystemDESKTOP-GHH64PV26Connectivity state in standby: Disconnected, Reason: NIC complianceInformationInfoSystemMicrosoft-Windows-Kernel-Power101141410100x20000000000000002322SystemDESKTOP-GHH64PVWUDFPfWUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.InformationStartup of the UMDF reflectorInfoSystemMicrosoft-Windows-DriverFrameworks-UserMode2190321200x80000000000000002323SystemDESKTOP-GHH64PV24ACPI\INT3400\2&daba3ff&1322122634114\Driver\WUDFRd0The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.WarningInfoSystemMicrosoft-Windows-Kernel-PnP7036400x800000000000002324SystemDESKTOP-GHH64PV\Device\NDMP1Intel(R) Dual Band Wireless-AC 82600000080002003800000000007C1B004000000000000000000000000000000000000000000000000057445256AB000000The \Device\NDMP1 service entered the Intel(R) Dual Band Wireless-AC 8260 state.InformationClassic7001400x800000000000002325SystemDESKTOP-GHH64PV\Device\NDMP1Intel(R) Dual Band Wireless-AC 8260000008000200380000000000591B0060000000000000000000000000000000000000000000000000574452565041000055044700x80000000000000002326SystemDESKTOP-GHH64PV0031270110029291Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002327SystemDESKTOP-GHH64PV0231270110029291Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002328SystemDESKTOP-GHH64PV0431270110029291Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002329SystemDESKTOP-GHH64PV0631270110029291Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002330SystemDESKTOP-GHH64PV0131270110029291Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power55044700x80000000000000002331SystemDESKTOP-GHH64PV0331270110029291Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (3 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 2701 Maximum performance percentage: 100 Minimum performance percentage: 29 Minimum throttle percentage: 29InformationInfoSystemMicrosoft-Windows-Kernel-Processor-Power