Skip to content

Instantly share code, notes, and snippets.

@daslicht

daslicht/gist:6eec920d85dde46ae2387defe15a7880

Last active August 14, 2017 07:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save daslicht/6eec920d85dde46ae2387defe15a7880 to your computer and use it in GitHub Desktop.
Save daslicht/6eec920d85dde46ae2387defe15a7880 to your computer and use it in GitHub Desktop.
Download ZIP
Windows 10 Errors out of the box
Raw
gistfile1.txt
<?xml version="1.0" encoding="UTF-8"?>
<Events>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:17:26.715849900Z" />
<EventRecordID>413</EventRecordID>
<Correlation />
<Execution ProcessID="500" ThreadID="5944" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">machine-default</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data>
<Data Name="param5">{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:17:26.715849900Z" />
<EventRecordID>412</EventRecordID>
<Correlation />
<Execution ProcessID="500" ThreadID="5944" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:17:26.715849900Z" />
<EventRecordID>411</EventRecordID>
<Correlation />
<Execution ProcessID="500" ThreadID="5944" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">machine-default</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data>
<Data Name="param5">{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:17:26.715849900Z" />
<EventRecordID>410</EventRecordID>
<Correlation />
<Execution ProcessID="500" ThreadID="5944" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-14T07:17:09.429591000Z" />
<EventRecordID>423</EventRecordID>
<Correlation ActivityID="{92FE121A-14CC-0006-821A-FE92CC14D301}" />
<Execution ProcessID="2232" ThreadID="4612" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-14T07:17:09.074051800Z" />
<EventRecordID>420</EventRecordID>
<Correlation ActivityID="{92FE121A-14CC-0000-CA26-FE92CC14D301}" />
<Execution ProcessID="2232" ThreadID="4612" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-14T07:17:09.073984500Z" />
<EventRecordID>419</EventRecordID>
<Correlation ActivityID="{92FE121A-14CC-0000-CA26-FE92CC14D301}" />
<Execution ProcessID="2232" ThreadID="4612" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Device Registration" Guid="{23B8D46B-67DD-40A3-B636-D43E50552C6D}" />
<EventID>360</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:14:56.080177000Z" />
<EventRecordID>6</EventRecordID>
<Correlation />
<Execution ProcessID="2120" ThreadID="3196" />
<Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="Message">Windows Hello for Business provisioning will not be launched.</Data>
<Data Name="DeviceIsJoined">Not Tested</Data>
<Data Name="AADPrt">No</Data>
<Data Name="NgcPolicyEnabled">Not Tested</Data>
<Data Name="NgcHardwarePolicyMet">Not Tested</Data>
<Data Name="UserIsRemote">Yes</Data>
<Data Name="LogonCertRequired">Not Tested</Data>
<Data Name="MachinePolicySource">none</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Windows Hello for Business provisioning will not be launched.
Device is AAD joined ( AADJ or DJ++ ): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: Not Tested
Machine is governed by none policy.
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider />
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-14T07:14:51.847791000Z" />
<EventRecordID>226</EventRecordID>
<Correlation ActivityID="{92FE121A-14CC-0002-5313-FE92CC14D301}" />
<Execution ProcessID="2232" ThreadID="4612" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>123</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:13:55.654080300Z" />
<EventRecordID>74</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2604" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Prop_Seconds">84</Data>
<Data Name="Prop_DeviceId">USB\VID_046D&amp;PID_C07D&amp;MI_01\7&amp;15DB2E51&amp;0&amp;0001</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The DSM service was delayed by 84 seconds for a driver query/download/install on device 'USB\VID_046D&amp;PID_C07D&amp;MI_01\7&amp;15DB2E51&amp;0&amp;0001'</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:13:01.794038300Z" />
<EventRecordID>404</EventRecordID>
<Correlation />
<Execution ProcessID="832" ThreadID="1284" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">cphs</Data>
<Data Name="param2">%%1053</Data>
<Binary>63007000680073000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The cphs service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:13:01.794038300Z" />
<EventRecordID>403</EventRecordID>
<Correlation />
<Execution ProcessID="832" ThreadID="1376" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">asComSvc</Data>
<Data Name="param2">%%1053</Data>
<Binary>6100730043006F006D005300760063000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The asComSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7009</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:13:01.794038300Z" />
<EventRecordID>402</EventRecordID>
<Correlation />
<Execution ProcessID="832" ThreadID="1284" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">30000</Data>
<Data Name="param2">cphs</Data>
<Binary>63007000680073000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>A timeout was reached (30000 milliseconds) while waiting for the cphs service to connect.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7009</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:13:01.794038300Z" />
<EventRecordID>401</EventRecordID>
<Correlation />
<Execution ProcessID="832" ThreadID="1376" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">30000</Data>
<Data Name="param2">asComSvc</Data>
<Binary>6100730043006F006D005300760063000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>A timeout was reached (30000 milliseconds) while waiting for the asComSvc service to connect.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>201</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:24.544439500Z" />
<EventRecordID>71</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2580" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>A connection to the Windows Metadata and Internet Services (WMIS) could not be established.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>202</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:24.544383600Z" />
<EventRecordID>70</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2580" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>The Network List Manager reports no connectivity to the internet.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>201</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:24.542950900Z" />
<EventRecordID>68</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2604" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>A connection to the Windows Metadata and Internet Services (WMIS) could not be established.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>202</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:24.542889200Z" />
<EventRecordID>66</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2604" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>The Network List Manager reports no connectivity to the internet.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>201</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:24.542664800Z" />
<EventRecordID>65</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2600" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>A connection to the Windows Metadata and Internet Services (WMIS) could not be established.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>202</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:24.542603300Z" />
<EventRecordID>64</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2600" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>The Network List Manager reports no connectivity to the internet.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>200</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:21.085718900Z" />
<EventRecordID>63</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2580" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>A connection to the Windows Update service could not be established.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>202</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:21.085649600Z" />
<EventRecordID>62</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2580" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>The Network List Manager reports no connectivity to the internet.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>200</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:21.083614200Z" />
<EventRecordID>61</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2604" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>A connection to the Windows Update service could not be established.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>202</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:21.083544000Z" />
<EventRecordID>60</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2604" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>The Network List Manager reports no connectivity to the internet.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>200</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:21.080903800Z" />
<EventRecordID>59</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2600" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>A connection to the Windows Update service could not be established.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>202</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:21.080822700Z" />
<EventRecordID>58</EventRecordID>
<Correlation />
<Execution ProcessID="1176" ThreadID="2600" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
<RenderingInfo Culture="en-US">
<Message>The Network List Manager reports no connectivity to the internet.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:11.571218100Z" />
<EventRecordID>396</EventRecordID>
<Correlation />
<Execution ProcessID="832" ThreadID="1380" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">CldFlt</Data>
<Data Name="param2">%%50</Data>
<Binary>43006C00640046006C0074000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The CldFlt service failed to start due to the following error:
The request is not supported.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:07.390615500Z" />
<EventRecordID>222</EventRecordID>
<Correlation ActivityID="{92FE121A-14CC-0000-3512-FE92CC14D301}" />
<Execution ProcessID="680" ThreadID="820" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:07.390608700Z" />
<EventRecordID>221</EventRecordID>
<Correlation ActivityID="{92FE121A-14CC-0004-2C12-FE92CC14D301}" />
<Execution ProcessID="780" ThreadID="824" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:11:56.865982500Z" />
<EventRecordID>379</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="384" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">24</Data>
<Data Name="DriverName">ACPI\PNP0A0A\2&amp;daba3ff&amp;0</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The driver \Driver\WUDFRd failed to load for the device ACPI\PNP0A0A\2&amp;daba3ff&amp;0.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel>System</Channel>
<Provider>Microsoft-Windows-Kernel-PnP</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:18.993694600Z" />
<EventRecordID>833</EventRecordID>
<Correlation />
<Execution ProcessID="1772" ThreadID="2492" />
<Channel>Security</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
<RenderingInfo Culture="en-US">
<Message>Audit events have been dropped by the transport. 0</Message>
<Level>Error</Level>
<Task>Event processing</Task>
<Opcode>Info</Opcode>
<Channel>Security</Channel>
<Provider>Microsoft-Windows-Eventlog</Provider>
<Keywords>
<Keyword>Audit Success</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>5</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2017-08-14T07:11:56.255653500Z" />
<EventRecordID>376</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">6</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">3221225684</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">1</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">true</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.</Message>
<Level>Critical</Level>
<Task />
<Opcode>Info</Opcode>
<Channel>System</Channel>
<Provider>Microsoft-Windows-Kernel-Power</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}" />
<EventID>29</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:11:39.617127900Z" />
<EventRecordID>361</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FailureStatus">3221225684</Data>
<Data Name="FailureMsgId">1187136</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Windows failed fast startup with error status 0xC00000D4.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel>System</Channel>
<Provider>Microsoft-Windows-Kernel-Boot</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-08-14T07:12:15.727805000Z" />
<EventRecordID>355</EventRecordID>
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data>3:03:56 PM</Data>
<Data>‎8/‎13/‎2017</Data>
<Data />
<Data />
<Data>21661</Data>
<Data />
<Data />
<Binary>E107080000000D000F00030038005D00E107080000000D001600030038005D00600900003C000000010000006009000001000000B004000001000000919DFFFF</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The previous system shutdown at 3:03:56 PM on ‎8/‎13/‎2017 was unexpected.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider />
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SMBWitnessClient" Guid="{32254F6C-AA33-46F0-A5E3-1CBCC74BF683}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T22:58:35.692284400Z" />
<EventRecordID>1</EventRecordID>
<Correlation />
<Execution ProcessID="2236" ThreadID="2256" />
<Channel>Microsoft-Windows-SMBWitnessClient/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="ErrorCode">2</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Witness Client initialization failed with error (The system cannot find the file specified.)</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider />
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2017-08-13T22:58:26.204254600Z" />
<EventRecordID>3</EventRecordID>
<Correlation />
<Execution ProcessID="1248" ThreadID="1252" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">SceSetup</Data>
<Data Name="FileName" />
<Data Name="ErrorCode">3221225525</Data>
<Data Name="LoggingMode">268435461</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Session "SceSetup" failed to start with the following error: 0xC0000035</Message>
<Level>Error</Level>
<Task>Session</Task>
<Opcode>Start</Opcode>
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Provider>Microsoft-Windows-Kernel-EventTracing</Provider>
<Keywords>
<Keyword>Session</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2017-08-13T22:58:17.966487900Z" />
<EventRecordID>2</EventRecordID>
<Correlation />
<Execution ProcessID="1156" ThreadID="1160" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">SceSetup</Data>
<Data Name="FileName" />
<Data Name="ErrorCode">3221225525</Data>
<Data Name="LoggingMode">268435461</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Session "SceSetup" failed to start with the following error: 0xC0000035</Message>
<Level>Error</Level>
<Task>Session</Task>
<Opcode>Start</Opcode>
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Provider>Microsoft-Windows-Kernel-EventTracing</Provider>
<Keywords>
<Keyword>Session</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>1</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2017-08-13T22:57:50.896571700Z" />
<EventRecordID>1</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="132" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">AutoLogger-Diagtrack-Listener</Data>
<Data Name="FileName">x:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl</Data>
<Data Name="ErrorCode">3221225530</Data>
<Data Name="LoggingMode">142606337</Data>
<Data Name="FailureReason">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Session "AutoLogger-Diagtrack-Listener" stopped due to the following error: 0xC000003A</Message>
<Level>Error</Level>
<Task>Session</Task>
<Opcode>Stop</Opcode>
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Provider>Microsoft-Windows-Kernel-EventTracing</Provider>
<Keywords>
<Keyword>Session</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T22:26:59.074596200Z" />
<EventRecordID>203</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0007-E63F-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:26:58.886049300Z" />
<EventRecordID>194</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0006-CE46-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:26:58.885966800Z" />
<EventRecordID>193</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0006-CE46-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Device Registration" Guid="{23B8D46B-67DD-40A3-B636-D43E50552C6D}" />
<EventID>360</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:06.530558500Z" />
<EventRecordID>4</EventRecordID>
<Correlation />
<Execution ProcessID="5428" ThreadID="4104" />
<Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="Message">Windows Hello for Business provisioning will not be launched.</Data>
<Data Name="DeviceIsJoined">Not Tested</Data>
<Data Name="AADPrt">No</Data>
<Data Name="NgcPolicyEnabled">Not Tested</Data>
<Data Name="NgcHardwarePolicyMet">Not Tested</Data>
<Data Name="UserIsRemote">Yes</Data>
<Data Name="LogonCertRequired">Not Tested</Data>
<Data Name="MachinePolicySource">none</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Windows Hello for Business provisioning will not be launched.
Device is AAD joined ( AADJ or DJ++ ): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: Not Tested
Machine is governed by none policy.
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider />
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:05.870940400Z" />
<EventRecordID>189</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0001-4E37-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:05.052626600Z" />
<EventRecordID>187</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0007-2E36-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4296" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:04.617641800Z" />
<EventRecordID>185</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0001-4137-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:03.739273800Z" />
<EventRecordID>169</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0000-E23F-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:03.639195200Z" />
<EventRecordID>166</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0000-DE3F-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:03.530894400Z" />
<EventRecordID>151</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0001-3D37-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:03.530847900Z" />
<EventRecordID>150</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0001-3D37-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:03.530800800Z" />
<EventRecordID>149</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0001-3D37-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:03.530750800Z" />
<EventRecordID>148</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0001-3D37-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:03.530690500Z" />
<EventRecordID>147</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0001-3D37-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:02.051265400Z" />
<EventRecordID>118</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0007-3E36-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-21-2399683709-1169827650-3115492340-1001" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:01.841813100Z" />
<EventRecordID>90</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0000-B63F-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:01.841740500Z" />
<EventRecordID>89</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0000-B63F-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:22:01.841648900Z" />
<EventRecordID>88</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0000-B63F-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:21:56.490500400Z" />
<EventRecordID>30</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0006-FB39-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4296" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:21:52.702915300Z" />
<EventRecordID>27</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0006-E739-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4296" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:21:50.599823200Z" />
<EventRecordID>25</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0006-BA39-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4296" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:21:49.340283200Z" />
<EventRecordID>23</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0006-7939-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T22:21:46.719547500Z" />
<EventRecordID>21</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0004-4538-FA4B8814D301}" />
<Execution ProcessID="3308" ThreadID="4436" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1001</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1001 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>123</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:25:02.045225800Z" />
<EventRecordID>39</EventRecordID>
<Correlation />
<Execution ProcessID="876" ThreadID="4396" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Prop_Seconds">483</Data>
<Data Name="Prop_DeviceId">PCI\VEN_10DE&amp;DEV_100A&amp;SUBSYS_29831462&amp;REV_A1\4&amp;3834D97&amp;0&amp;0008</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The DSM service was delayed by 483 seconds for a driver query/download/install on device 'PCI\VEN_10DE&amp;DEV_100A&amp;SUBSYS_29831462&amp;REV_A1\4&amp;3834D97&amp;0&amp;0008'</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>123</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:16:56.333128900Z" />
<EventRecordID>35</EventRecordID>
<Correlation />
<Execution ProcessID="876" ThreadID="4396" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Prop_Seconds">238</Data>
<Data Name="Prop_DeviceId">PCI\VEN_8086&amp;DEV_0412&amp;SUBSYS_85341043&amp;REV_06\3&amp;11583659&amp;0&amp;10</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The DSM service was delayed by 238 seconds for a driver query/download/install on device 'PCI\VEN_8086&amp;DEV_0412&amp;SUBSYS_85341043&amp;REV_06\3&amp;11583659&amp;0&amp;10'</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>123</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:12:46.685028700Z" />
<EventRecordID>24</EventRecordID>
<Correlation />
<Execution ProcessID="876" ThreadID="3068" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Prop_Seconds">15</Data>
<Data Name="Prop_DeviceId">USB\VID_088E&amp;PID_5036\6F8CA02A_7B1D05F5</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The DSM service was delayed by 15 seconds for a driver query/download/install on device 'USB\VID_088E&amp;PID_5036\6F8CA02A_7B1D05F5'</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>123</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:12:30.843938900Z" />
<EventRecordID>18</EventRecordID>
<Correlation />
<Execution ProcessID="876" ThreadID="4396" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Prop_Seconds">72</Data>
<Data Name="Prop_DeviceId">USB\VID_0A4D&amp;PID_00F0&amp;MI_00\6&amp;17CD24E&amp;0&amp;0000</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The DSM service was delayed by 72 seconds for a driver query/download/install on device 'USB\VID_0A4D&amp;PID_00F0&amp;MI_00\6&amp;17CD24E&amp;0&amp;0000'</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DeviceSetupManager</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:09:27.666502800Z" />
<EventRecordID>257</EventRecordID>
<Correlation />
<Execution ProcessID="948" ThreadID="4932" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T16:06:54.499779100Z" />
<EventRecordID>17</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0006-7033-FA4B8814D301}" />
<Execution ProcessID="1448" ThreadID="2692" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1000</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1000 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T16:06:53.724446300Z" />
<EventRecordID>15</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0002-5C32-FA4B8814D301}" />
<Execution ProcessID="1448" ThreadID="2692" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1000</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1000 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>808</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>36</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:06:41.804300300Z" />
<EventRecordID>2</EventRecordID>
<Correlation />
<Execution ProcessID="2940" ThreadID="2588" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<LoadPluginFailed xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<PluginDllName>PrintConfig registration timed out: C:\WINDOWS\SysWOW64\regsvr32.exe /s "C:\WINDOWS\SysWOW64\PrintConfig.dll"</PluginDllName>
<ErrorCode>0x1</ErrorCode>
<Context>1</Context>
</LoadPluginFailed>
</UserData>
<RenderingInfo Culture="en-US">
<Message>The print spooler failed to load a plug-in module PrintConfig registration timed out: C:\WINDOWS\SysWOW64\regsvr32.exe /s "C:\WINDOWS\SysWOW64\PrintConfig.dll", error code 0x1. See the event user data for context information.</Message>
<Level>Error</Level>
<Task>Initializing</Task>
<Opcode>Spooler Operation Failed</Opcode>
<Channel>Admin</Channel>
<Provider>Microsoft-Windows-PrintService</Provider>
<Keywords>
<Keyword>Print Spooler</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>808</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>36</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:06:36.413264300Z" />
<EventRecordID>1</EventRecordID>
<Correlation />
<Execution ProcessID="2940" ThreadID="2588" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<LoadPluginFailed xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<PluginDllName>PrintConfig registration timed out: C:\WINDOWS\SysWOW64\regsvr32.exe /s "C:\WINDOWS\SysWOW64\PrintConfig.dll"</PluginDllName>
<ErrorCode>0x1</ErrorCode>
<Context>1</Context>
</LoadPluginFailed>
</UserData>
<RenderingInfo Culture="en-US">
<Message>The print spooler failed to load a plug-in module PrintConfig registration timed out: C:\WINDOWS\SysWOW64\regsvr32.exe /s "C:\WINDOWS\SysWOW64\PrintConfig.dll", error code 0x1. See the event user data for context information.</Message>
<Level>Error</Level>
<Task>Initializing</Task>
<Opcode>Spooler Operation Failed</Opcode>
<Channel>Admin</Channel>
<Provider>Microsoft-Windows-PrintService</Provider>
<Keywords>
<Keyword>Print Spooler</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>69</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000001</Keywords>
<TimeCreated SystemTime="2017-08-13T16:06:31.812725000Z" />
<EventRecordID>13</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0000-FE33-FA4B8814D301}" />
<Execution ProcessID="1448" ThreadID="2692" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">1168</Data>
<Data Name="PackageFullName">Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="User">S-1-5-21-2399683709-1169827650-3115492340-1000</Data>
<Data Name="DesiredStatus">32</Data>
<Data Name="CurrentStatus">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Failed with 0x490 modifying AppModel Runtime status for package Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy for user S-1-5-21-2399683709-1169827650-3115492340-1000 (current status = 0x0, desired status = 0x20).</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>Process</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>21</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000400000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T23:03:09.935621000Z" />
<EventRecordID>11</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0002-8E31-FA4B8814D301}" />
<Execution ProcessID="572" ThreadID="664" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942410</Data>
<Data Name="Context">onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1544 S-1-5-18 microsoft.windows.fontdrvhost</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>CreateAppContainerProfile failed for AppContainer onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1544 S-1-5-18 microsoft.windows.fontdrvhost with error 0x8007000A.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>27</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T23:03:09.935394300Z" />
<EventRecordID>10</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0002-8E31-FA4B8814D301}" />
<Execution ProcessID="572" ThreadID="664" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
<Data Name="Context">C:\WINDOWS\system32\config\systemprofile\AppData\Local\Packages\microsoft.windows.fontdrvhost</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>CreateAppContainerProfile failed with error 0x800700B7 because it was unable to create folder C:\WINDOWS\system32\config\systemprofile\AppData\Local\Packages\microsoft.windows.fontdrvhost.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>36</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T23:03:09.934927300Z" />
<EventRecordID>9</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0002-8E31-FA4B8814D301}" />
<Execution ProcessID="572" ThreadID="664" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147944122</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>DeleteAppContainerProfile failed with error 0x800706BA because it was unable to unregister with the firewall.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>36</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T23:03:09.934925000Z" />
<EventRecordID>8</EventRecordID>
<Correlation ActivityID="{4BFA3182-1488-0003-8531-FA4B8814D301}" />
<Execution ProcessID="620" ThreadID="688" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147944122</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>DeleteAppContainerProfile failed with error 0x800706BA because it was unable to unregister with the firewall.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>21</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000400000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:06.809963800Z" />
<EventRecordID>5</EventRecordID>
<Correlation ActivityID="{8AC2263E-1487-0001-0A27-C28A8714D301}" />
<Execution ProcessID="4052" ThreadID="2804" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942410</Data>
<Data Name="Context">onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1983 ByteCodeGeneration Microsoft.Advertising.Xaml_8wekyb3d8bbwe</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>CreateAppContainerProfile failed for AppContainer onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1983 ByteCodeGeneration Microsoft.Advertising.Xaml_8wekyb3d8bbwe with error 0x8007000A.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:06.809936000Z" />
<EventRecordID>4</EventRecordID>
<Correlation ActivityID="{8AC2263E-1487-0001-0A27-C28A8714D301}" />
<Execution ProcessID="4052" ThreadID="2804" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>App Container profile failed with error 0x800700B7 because it was unable to register the AppContainer SID.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>21</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000400000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T22:57:56.090981600Z" />
<EventRecordID>2</EventRecordID>
<Correlation ActivityID="{8AC2263E-1487-0002-9026-C28A8714D301}" />
<Execution ProcessID="624" ThreadID="696" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942410</Data>
<Data Name="Context">onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1544 S-1-5-18 microsoft.windows.fontdrvhost</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>CreateAppContainerProfile failed for AppContainer onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1544 S-1-5-18 microsoft.windows.fontdrvhost with error 0x8007000A.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
<EventID>27</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000002</Keywords>
<TimeCreated SystemTime="2017-08-13T22:57:56.090760100Z" />
<EventRecordID>1</EventRecordID>
<Correlation ActivityID="{8AC2263E-1487-0002-9026-C28A8714D301}" />
<Execution ProcessID="624" ThreadID="696" />
<Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2147942583</Data>
<Data Name="Context">C:\WINDOWS\system32\config\systemprofile\AppData\Local\Packages</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>CreateAppContainerProfile failed with error 0x800700B7 because it was unable to create folder C:\WINDOWS\system32\config\systemprofile\AppData\Local\Packages.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-AppModel-Runtime</Provider>
<Keywords>
<Keyword>AppContainer</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7030</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T16:06:28.693842400Z" />
<EventRecordID>253</EventRecordID>
<Correlation />
<Execution ProcessID="696" ThreadID="480" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Printer Extensions and Notifications</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SecurityCenter" />
<EventID Qualifiers="49152">16</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:01:03.216124000Z" />
<EventRecordID>60</EventRecordID>
<Channel>Application</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<EventData>
<Data>Windows Defender</Data>
<Data>SECURITY_PRODUCT_STATE_ON</Data>
<Binary>02000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider />
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SecurityCenter" />
<EventID Qualifiers="49152">16</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:01:03.044236000Z" />
<EventRecordID>58</EventRecordID>
<Channel>Application</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<EventData>
<Data>Windows Defender</Data>
<Data>SECURITY_PRODUCT_STATE_ON</Data>
<Binary>02000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider />
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1108</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T22:58:32.953589700Z" />
<EventRecordID>87</EventRecordID>
<Correlation />
<Execution ProcessID="1588" ThreadID="1848" />
<Channel>Security</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<UserData>
<EventProcessingFailure xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Error Code="15005" />
<EventID>0</EventID>
<PublisherID>Microsoft-Windows-Security-Auditing</PublisherID>
</EventProcessingFailure>
</UserData>
<RenderingInfo Culture="en-US">
<Message>The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.</Message>
<Level>Error</Level>
<Task>Event processing</Task>
<Opcode>Info</Opcode>
<Channel>Security</Channel>
<Provider>Microsoft-Windows-Eventlog</Provider>
<Keywords>
<Keyword>Audit Success</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:04:02.120498700Z" />
<EventRecordID>229</EventRecordID>
<Correlation />
<Execution ProcessID="696" ThreadID="780" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">CldFlt</Data>
<Data Name="param2">%%50</Data>
<Binary>43006C00640046006C0074000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The CldFlt service failed to start due to the following error:
The request is not supported.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:04:00.781050500Z" />
<EventRecordID>226</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="208" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">128</Data>
<Data Name="DriverName">SWD\WPDBUSENUM\_??_USBSTOR#Disk&amp;Ven_Intenso&amp;Prod_Speed_Line&amp;Rev_1.00#000000000000000504&amp;0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WudfRd</Data>
<Data Name="Version">0</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&amp;Ven_Intenso&amp;Prod_Speed_Line&amp;Rev_1.00#000000000000000504&amp;0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.</Message>
<Level>Warning</Level>
<Task />
<Opcode>Info</Opcode>
<Channel>System</Channel>
<Provider>Microsoft-Windows-Kernel-PnP</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:35.754845900Z" />
<EventRecordID>190</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="2684" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">%%2148007941</Data>
<Binary>42004900540053000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The Background Intelligent Transfer Service service terminated with the following service-specific error:
Server execution failed</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Bits-Client" Guid="{EF1CC15B-46C1-414E-BB95-E76B077BD51E}" />
<EventID>16392</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:35.754922800Z" />
<EventRecordID>189</EventRecordID>
<Correlation ActivityID="{8AC2263E-1487-0004-DA26-C28A8714D301}" />
<Execution ProcessID="1140" ThreadID="3344" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">2148007941</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The BITS service failed to start. Error 0x80080005.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel>System</Channel>
<Provider>Microsoft-Windows-Bits-Client</Provider>
<Keywords />
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:33.192139000Z" />
<EventRecordID>188</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="2684" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Network Connection Broker</Data>
<Data Name="param2">%%31</Data>
<Binary>4E006300620053006500720076006900630065000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The Network Connection Broker service terminated with the following error:
A device attached to the system is not functioning.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:33.114007700Z" />
<EventRecordID>187</EventRecordID>
<Correlation />
<Execution ProcessID="960" ThreadID="2664" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">{A47979D2-C419-11D9-A5B4-001185AD2B89}</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:30.379411900Z" />
<EventRecordID>185</EventRecordID>
<Correlation />
<Execution ProcessID="960" ThreadID="1764" />
<Channel>System</Channel>
<Computer>DESKTOP-9OP8T12</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">{4991D34B-80A1-4291-83B6-3328366B9097}</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:21.675584400Z" />
<EventRecordID>174</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="1536" />
<Channel>System</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Connected Devices Platform Service</Data>
<Data Name="param2">Network Connection Broker</Data>
<Data Name="param3">%%1070</Data>
<Binary>4300440050005300760063000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
After starting, the service hung in a start-pending state.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7022</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:02:21.550574300Z" />
<EventRecordID>173</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="1536" />
<Channel>System</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Network Connection Broker</Data>
<Binary>4E006300620053006500720076006900630065000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The Network Connection Broker service hung on starting.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:01:30.358941500Z" />
<EventRecordID>157</EventRecordID>
<Correlation />
<Execution ProcessID="960" ThreadID="1764" />
<Channel>System</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">{4991D34B-80A1-4291-83B6-3328366B9097}</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T23:00:33.088691400Z" />
<EventRecordID>141</EventRecordID>
<Correlation />
<Execution ProcessID="960" ThreadID="1004" />
<Channel>System</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">{A47979D2-C419-11D9-A5B4-001185AD2B89}</Data>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.</Message>
<Level>Error</Level>
<Task />
<Opcode>Info</Opcode>
<Channel />
<Provider>Microsoft-Windows-DistributedCOM</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T22:58:44.392013500Z" />
<EventRecordID>46</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="788" />
<Channel>System</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">iphlpsvc</Data>
<Data Name="param2">%%1058</Data>
<Binary>6900700068006C0070007300760063000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The iphlpsvc service terminated with the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T22:58:35.110013800Z" />
<EventRecordID>44</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="1540" />
<Channel>System</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Spooler</Data>
<Data Name="param2">%%2147942414</Data>
<Binary>530070006F006F006C00650072000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The Spooler service terminated with the following error:
Ran out of memory</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-13T22:58:30.609650400Z" />
<EventRecordID>39</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="1460" />
<Channel>System</Channel>
<Computer>WIN-6HP7PT8AE2G</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">CldFlt</Data>
<Data Name="param2">%%50</Data>
<Binary>43006C00640046006C0074000000</Binary>
</EventData>
<RenderingInfo Culture="en-US">
<Message>The CldFlt service failed to start due to the following error:
The request is not supported.</Message>
<Level>Error</Level>
<Task />
<Opcode />
<Channel />
<Provider>Microsoft-Windows-Service Control Manager</Provider>
<Keywords>
<Keyword>Classic</Keyword>
</Keywords>
</RenderingInfo>
</Event>
</Events>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment