diff --git a/config/end_to_end/nsrlsvr.Dockerfile b/config/end_to_end/nsrlsvr.Dockerfile
new file mode 100644
index 0000000000..7f5a8cbcf9
--- /dev/null
+++ b/config/end_to_end/nsrlsvr.Dockerfile
@@ -0,0 +1,32 @@
+FROM ubuntu:jammy
+MAINTAINER Log2Timeline <log2timeline-dev@go
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Combining the apt-get commands into a single run reduces the size of the resulting image.
+# The apt-get installations below are interdependent and need to be done in sequence.
+RUN apt-get -y update && \
+    apt-get -y install apt-transport-https apt-utils && \
+    apt-get -y install libterm-readline-gnu-perl software-properties-common && \
+    apt-get -y install locales
+
+# Set terminal to UTF-8 by default.
+RUN locale-gen en_US.UTF-8
+RUN update-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+
+# Install nsrlsvr.
+RUN add-apt-repository ppa:gift/dev -y && \
+    apt-get update -q && \
+    apt-get install -y nsrlsvr-server
+
+# Initialize nsrlsvr hashes.txt file.
+RUN mkdir -p /var/share/nsrlsvr && \
+    mkdir -p /usr/share/nsrlsvr && \
+    touch /usr/share/nsrlsvr/hashes.txt
+
+WORKDIR /home/test/
+
+# Clean up apt-get cache files.
+RUN apt-get clean && rm -rf /var/cache/apt/* /var/lib/apt/lists/*
diff --git a/config/end_to_end/run_tests_with_docker.sh b/config/end_to_end/run_tests_with_docker.sh
index 774f2784d4..cdfc222476 100755
--- a/config/end_to_end/run_tests_with_docker.sh
+++ b/config/end_to_end/run_tests_with_docker.sh
@@ -73,25 +73,10 @@ do
 
 	# TODO: move custom test setup and teardown scripts to configuration parameter?
 
-	if [[ ${OUTPUT_FORMAT} == "opensearch" ]] || [[ ${OUTPUT_FORMAT} == "opensearch_ts" ]];
-	then
-		# Install OpenSearch and give it 3 minutes to start-up before running the output end-to-end test.
-		COMMAND="./config/linux/ubuntu_install_opensearch.sh && sleep 3m && ${COMMAND}";
-	fi
-
 	if [[ ${TEST_NAME} == "acserver-mounted" ]];
 	then
 		COMMAND="mkdir -p /mnt/acserver_mount && mount -o ro,noload,noacl,loop,offset=1048576 /sources/acserver.dd /mnt/acserver_mount && ./tests/end-to-end.py --config /config/${TEST_NAME}.ini --references-directory test_data/end_to_end --results-directory plaso-out --sources-directory /mnt --scripts-directory plaso/scripts && umount /mnt/acserver_mount && rmdir /mnt/acserver_mount";
 
-	elif [[ ${TEST_NAME} == *\-nsrlsvr ]];
-	then
-		# Install nsrlsvr and give it 3 minutes to start-up before running the output end-to-end test.
-		COMMAND="./config/linux/ubuntu_install_nsrlsvr.sh && sleep 3m && ${COMMAND}";
-
-	elif [[ ${TEST_NAME} == *\-redis ]];
-	then
-		# TODO: add support for Redis tests
-		continue;
 	fi
 	echo "Running ${TEST_CASE} end-to-end test: ${TEST_NAME}";
 
diff --git a/config/jenkins/build_nsrlsvr.sh b/config/jenkins/build_nsrlsvr.sh
new file mode 100755
index 0000000000..597950e349
--- /dev/null
+++ b/config/jenkins/build_nsrlsvr.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+#
+# Script to run nsrlsvr on an Ubuntu Jenkins instance with Docker.
+
+AUXILIARY_DATA_PATH="/media/auxiliary";
+
+# Exit on error.
+set -e
+
+sudo apt-get install -y curl unzip
+
+cd config/end_to_end;
+
+mkdir -p data;
+
+if [ -f "${AUXILIARY_DATA_PATH}/nsrlsvr/NSRLFile.txt" ];
+then
+	# Note that NSRLFile.txt is approximate 4 GiB in size.
+	cp -f "${AUXILIARY_DATA_PATH}/nsrlsvr/NSRLFile.txt" data/
+fi
+
+if [ ! -f data/NSRLFile.txt ];
+then
+	if [ -f "${AUXILIARY_DATA_PATH}/nsrlsvr/rds_modernm.zip" ];
+	then
+		# Note that this is an older rds_modernm.zip that is approximate 2 GiB in size.
+		cp -f "${AUXILIARY_DATA_PATH}/nsrlsvr/rds_modernm.zip" data/
+	fi
+
+	if [ ! -f data/rds_modernm.zip ];
+	then
+		# Download the minimum modern RDS hash set.
+		# Note that rds_modernm.zip is approximate 18 GiB in size.
+		curl -o data/rds_modernm.zip https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/rds_2024.03.1/RDS_2024.03.1_modern_minimal.zip
+	fi
+
+	if [ ! -f data/rds_modernm.zip ];
+	then
+		echo "Missing: rds_modernm.zip";
+
+		exit 1
+	fi
+
+	unzip -x data/rds_modernm.zip data/rds_modernm/NSRLFile.txt
+
+	mv data/rds_modernm/NSRLFile.txt data/
+fi
+
+if [ ! -f data/NSRLFile.txt ];
+then
+	echo "Missing: NSRLFile.txt";
+
+	exit 1
+fi
+
+docker build -f nsrlsvr.Dockerfile --force-rm --no-cache -t log2timeline/nsrlsvr . ;
+
+# Update the nsrlsvr hashes.txt file from NSRLFile.txt
+docker run -v "${PWD}/data:/data:z" log2timeline/nsrlsvr /bin/bash -c "/usr/bin/python3 /usr/bin/nsrlupdate /data/NSRLFile.txt";
+
+# Preserver the intermediate container so we don't have to rebuild hashes.txt
+docker commit `docker ps -lq` | cut -c8- > nsrlsvr.container
+
diff --git a/config/jenkins/greendale/psort-studentpc1-nsrlsvr.ini b/config/jenkins/greendale/psort-studentpc1-nsrlsvr.ini
index 7a22361f12..96efdc0b84 100644
--- a/config/jenkins/greendale/psort-studentpc1-nsrlsvr.ini
+++ b/config/jenkins/greendale/psort-studentpc1-nsrlsvr.ini
@@ -1,6 +1,6 @@
 [nsrlsvr]
 case=analyze_and_output
-analysis_options=--analysis nsrlsvr --nsrlsvr-port=9120
+analysis_options=--analysis nsrlsvr --nsrlsvr-host=nsrlsvr --nsrlsvr-port=9120
 source=studentpc1.plaso
 output_file=studentpc1.csv
 output_format=dynamic
diff --git a/config/jenkins/run_end_to_end_tests.sh b/config/jenkins/run_end_to_end_tests.sh
index 4069331fd3..d31ef7ead0 100755
--- a/config/jenkins/run_end_to_end_tests.sh
+++ b/config/jenkins/run_end_to_end_tests.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Script to run end-to-end tests on a Linux Jenkins instance with Docker.
+# Script to run end-to-end tests on an Ubuntu Jenkins instance with Docker.
 
 # Fail on error.
 set -e
@@ -33,7 +33,11 @@ docker run log2timeline/plaso ./utils/check_dependencies.py;
 
 COMMAND="./tests/end-to-end.py --config /config/${CONFIGURATION_NAME}.ini --references-directory test_data/end_to_end --results-directory /home/test/plaso/plaso-out --sources-directory /sources --scripts-directory plaso/scripts";
 
-if test ${CONFIGURATION_NAME} = "output_opensearch";
+if test ${CONFIGURATION_NAME} = "psort-studentpc1-nsrlsvr";
+then
+	DOCKER_NETWORK="--network=nsrlsvr-network";
+
+elif test ${CONFIGURATION_NAME} = "output_opensearch" || test ${CONFIGURATION_NAME} = "output_opensearch_ts";
 then
 	DOCKER_NETWORK="--network=opensearch-network";
 
diff --git a/config/linux/ubuntu_install_nsrlsvr.sh b/config/linux/ubuntu_install_nsrlsvr.sh
deleted file mode 100755
index 1327789a51..0000000000
--- a/config/linux/ubuntu_install_nsrlsvr.sh
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-#
-# Script to install nsrlsvr on Ubuntu from the GIFT PPA.
-
-AUXILIARY_DATA_PATH="/media/auxiliary";
-
-# Exit on error.
-set -e
-
-# Install and configure nsrlsvr
-sudo add-apt-repository ppa:gift/dev -y
-sudo apt-get update -q
-sudo apt-get install -y curl net-tools nsrlsvr-server unzip
-
-sudo mkdir -p /var/share/nsrlsvr
-
-if [ -f "${AUXILIARY_DATA_PATH}/nsrlsvr/hashes.txt" ];
-then
-	cp -f "${AUXILIARY_DATA_PATH}/nsrlsvr/hashes.txt" /var/share/nsrlsvr;
-fi
-
-# Have nsrlupdate generate /var/share/nsrlsvr/hashes.txt
-if [ ! -f /var/share/nsrlsvr/hashes.txt ];
-then
-	if [ -f "${AUXILIARY_DATA_PATH}/nsrlsvr/NSRLFile.txt" ];
-	then
-		cp -f "${AUXILIARY_DATA_PATH}/nsrlsvr/NSRLFile.txt" .
-	fi
-
-	if [ ! -f NSRLFile.txt ];
-	then
-		if [ -f "${AUXILIARY_DATA_PATH}/nsrlsvr/rds_modernm.zip" ];
-		then
-			cp -f "${AUXILIARY_DATA_PATH}/nsrlsvr/rds_modernm.zip" .
-		fi
-
-		if [ ! -f rds_modernm.zip ];
-		then
-			# Download the minimum RDS hash set.
-			# Note that rds_modernm.zip is approximate 2 GiB in size.
-			curl -o rds_modernm.zip https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/rds_2024.03.1/RDS_2024.03.1_modern_minimal.zip
-		fi
-
-		if [ ! -f rds_modernm.zip ];
-		then
-			echo "Missing: rds_modernm.zip";
-
-			exit 1
-		fi
-		# Note that NSRLFile.txt is approximate 4 GiB in size.
-		unzip -x rds_modernm.zip rds_modernm/NSRLFile.txt
-
-		mv rds_modernm/NSRLFile.txt .
-	fi
-
-	if [ ! -f NSRLFile.txt ];
-	then
-		echo "Missing: NSRLFile.txt";
-
-		exit 1
-	fi
-
-	# Build the nsrlsvr hashes.txt file
-	sudo mkdir -p /usr/share/nsrlsvr
-	sudo touch /usr/share/nsrlsvr/hashes.txt
-	sudo /usr/bin/python3 /usr/bin/nsrlupdate NSRLFile.txt
-fi
-
-# For the sake of verbosity have nsrlsvr test its set up first
-time sudo /usr/bin/nsrlsvr --dry-run
-
-# Run nsrlsvr listening on port 9120
-sudo /usr/bin/nsrlsvr -p 9120
-
diff --git a/config/linux/ubuntu_install_opensearch.sh b/config/linux/ubuntu_install_opensearch.sh
deleted file mode 100755
index 8568e0c9c5..0000000000
--- a/config/linux/ubuntu_install_opensearch.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-#
-# Script to install OpenSearch on Ubuntu
-
-# Exit on error.
-set -e
-
-OPENSEARCH_VERSION="1.2.2";
-
-sudo apt-get update
-sudo apt-get install -y wget
-
-# TODO: update /etc/sysctl.conf
-# vm.max_map_count=262144
-
-adduser opensearch
-
-# Download OpenSearch
-
-wget -q https://artifacts.opensearch.org/releases/bundle/opensearch/${OPENSEARCH_VERSION}/opensearch-${OPENSEARCH_VERSION}-linux-x64.tar.gz
-
-# Install OpenSearch
-
-tar xfv ${PWD}/opensearch-${OPENSEARCH_VERSION}-linux-x64.tar.gz
-
-# Install the OpenSearch Python bindings
-
-sudo apt-get install -y python3-opensearch
-
-# Start OpenSearch
-
-cd opensearch-${OPENSEARCH_VERSION}
-
-echo "Starting OpenSearch";
-
-su -c './opensearch-tar-install.sh -Eplugins.security.disabled=true' opensearch &
diff --git a/test_data/end_to_end/extract_and_output_with_winevt_rc.log b/test_data/end_to_end/extract_and_output_with_winevt_rc.log
index 651c34f77d..eaf95ebb81 100644
--- a/test_data/end_to_end/extract_and_output_with_winevt_rc.log
+++ b/test_data/end_to_end/extract_and_output_with_winevt_rc.log
@@ -83,8 +83,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-14T15:46:00.5839643+00:00,Creation Time,EVT,WinEVTX,[18 / 0x0012] Provider identifier: {945a8954-c147-4acd-923f-40c45405a658} Source Name: Microsoft-Windows-WindowsUpdateClient Strings: ['\u200eThursday  \u200eMarch \u200e15  \u200e2012'  '3:00 AM'  '\n- Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518)\n- Security Update for Windows 7 for x64-based Systems (KB2621440)\n- Windows Malicious Software Removal Tool x64 - March 2012 (KB890830)\n- Update for Windows 7 for x64-based Systems (KB2639308)\n- Security Update for Windows 7 for x64-based Systems (KB2665364)\n- Security Update for Windows 7 for x64-based Systems (KB2667402)\n- Security Update for Windows 7 for x64-based Systems (KB2641653)'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12089 Event Level: 4 Message string: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ‎Thursday  ‎March ‎15  ‎2012 at 3:00 AM: - Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518)- Security Update for Windows 7 for x64-based Systems (KB2621440)- Windows Malicious Software Removal Tool x64 - March 2012 (KB890830)- Update for Windows 7 for x64-based Systems (KB2639308)- Security Update for Windows 7 for x64-based Systems (KB2665364)- Security Update for Windows 7 for x64-based Systems (KB2667402)- Security Update for Windows 7 for x64-based Systems (KB2641653),winevtx,-
 2012-03-14T16:00:13.3385167+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12090 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-14T16:00:13.3385167+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12090 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
-2012-03-14T16:00:57.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1039089'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310030003600320032002D00310035003000360000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000031003000320034000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12091 Event Level: 4,winevtx,-
-2012-03-14T16:00:57.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1039089'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310030003600320032002D00310035003000360000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000031003000320034000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12091 Event Level: 4,winevtx,-
+2012-03-14T16:00:57.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1039089'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310030003600320032002D00310035003000360000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000031003000320034000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12091 Event Level: 4,winevtx,-
+2012-03-14T16:00:57.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1039089'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310030003600320032002D00310035003000360000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000031003000320034000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12091 Event Level: 4,winevtx,-
 2012-03-14T16:16:43.3392551+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12092 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-14T16:16:43.3392551+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12092 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-14T17:47:16.5235628+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12093 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
@@ -171,8 +171,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-15T07:05:20.5223368+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Volume Shadow Copy'  'running'  '5600530053002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12133 Event Level: 4 Message string: The Volume Shadow Copy service entered the running state.,winevtx,-
 2012-03-15T07:06:03.7156412+00:00,Content Modification Time,EVT,WinEVTX,[22 / 0x0016] Provider identifier: {945a8954-c147-4acd-923f-40c45405a658} Source Name: Microsoft-Windows-WindowsUpdateClient Strings: ['15'  '\n- Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518)\n- Security Update for Windows 7 for x64-based Systems (KB2621440)\n- Windows Malicious Software Removal Tool x64 - March 2012 (KB890830)\n- Update for Windows 7 for x64-based Systems (KB2639308)\n- Security Update for Windows 7 for x64-based Systems (KB2665364)\n- Security Update for Windows 7 for x64-based Systems (KB2667402)\n- Security Update for Windows 7 for x64-based Systems (KB2641653)'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12134 Event Level: 4 Message string: Restart Required: To complete the installation of the following updates  the computer will be restarted within 15 minutes: - Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518)- Security Update for Windows 7 for x64-based Systems (KB2621440)- Windows Malicious Software Removal Tool x64 - March 2012 (KB890830)- Update for Windows 7 for x64-based Systems (KB2639308)- Security Update for Windows 7 for x64-based Systems (KB2665364)- Security Update for Windows 7 for x64-based Systems (KB2667402)- Security Update for Windows 7 for x64-based Systems (KB2641653),winevtx,-
 2012-03-15T07:06:03.7156412+00:00,Creation Time,EVT,WinEVTX,[22 / 0x0016] Provider identifier: {945a8954-c147-4acd-923f-40c45405a658} Source Name: Microsoft-Windows-WindowsUpdateClient Strings: ['15'  '\n- Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518)\n- Security Update for Windows 7 for x64-based Systems (KB2621440)\n- Windows Malicious Software Removal Tool x64 - March 2012 (KB890830)\n- Update for Windows 7 for x64-based Systems (KB2639308)\n- Security Update for Windows 7 for x64-based Systems (KB2665364)\n- Security Update for Windows 7 for x64-based Systems (KB2667402)\n- Security Update for Windows 7 for x64-based Systems (KB2641653)'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12134 Event Level: 4 Message string: Restart Required: To complete the installation of the following updates  the computer will be restarted within 15 minutes: - Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518)- Security Update for Windows 7 for x64-based Systems (KB2621440)- Windows Malicious Software Removal Tool x64 - March 2012 (KB890830)- Update for Windows 7 for x64-based Systems (KB2639308)- Security Update for Windows 7 for x64-based Systems (KB2665364)- Security Update for Windows 7 for x64-based Systems (KB2667402)- Security Update for Windows 7 for x64-based Systems (KB2641653),winevtx,-
-2012-03-15T07:07:35.0000000+00:00,Content Modification Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\svchost.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'Operating System: Recovery (Planned)'  '0x80020002'  'restart'  ''  'NT AUTHORITY\\SYSTEM'  '02000280000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12135 Event Level: 4 Message string: The process C:\Windows\system32\svchost.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)\nReason Code: 0x80020002\nShutdown Type: restart\nComment: ,winevtx,-
-2012-03-15T07:07:35.0000000+00:00,Creation Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\svchost.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'Operating System: Recovery (Planned)'  '0x80020002'  'restart'  ''  'NT AUTHORITY\\SYSTEM'  '02000280000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12135 Event Level: 4 Message string: The process C:\Windows\system32\svchost.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)\nReason Code: 0x80020002\nShutdown Type: restart\nComment: ,winevtx,-
+2012-03-15T07:07:35.0000000+00:00,Content Modification Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\svchost.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'Operating System: Recovery (Planned)'  '0x80020002'  'restart'  None  'NT AUTHORITY\\SYSTEM'  '02000280000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12135 Event Level: 4 Message string: The process C:\Windows\system32\svchost.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)\nReason Code: 0x80020002\nShutdown Type: restart\nComment: ,winevtx,-
+2012-03-15T07:07:35.0000000+00:00,Creation Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\svchost.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'Operating System: Recovery (Planned)'  '0x80020002'  'restart'  None  'NT AUTHORITY\\SYSTEM'  '02000280000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12135 Event Level: 4 Message string: The process C:\Windows\system32\svchost.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)\nReason Code: 0x80020002\nShutdown Type: restart\nComment: ,winevtx,-
 2012-03-15T07:07:38.2127149+00:00,Content Modification Time,EVT,WinEVTX,[27 / 0x001b] Provider identifier: {945a8954-c147-4acd-923f-40c45405a658} Source Name: Microsoft-Windows-WindowsUpdateClient Strings: [] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12136 Event Level: 4 Message string: Automatic Updates is now paused.,winevtx,-
 2012-03-15T07:07:38.2127149+00:00,Creation Time,EVT,WinEVTX,[27 / 0x001b] Provider identifier: {945a8954-c147-4acd-923f-40c45405a658} Source Name: Microsoft-Windows-WindowsUpdateClient Strings: [] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12136 Event Level: 4 Message string: Automatic Updates is now paused.,winevtx,-
 2012-03-15T07:07:38.4627485+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Update'  'stopped'  '770075006100750073006500720076002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12137 Event Level: 4 Message string: The Windows Update service entered the stopped state.,winevtx,-
@@ -279,8 +279,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-15T07:12:59.0000000+00:00,Creation Time,EVT,WinEVTX,[6005 / 0x1775] Source Name: EventLog Strings: ['DC07030004000F0007000C003B001C030000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12153 Event Level: 4,winevtx,-
 2012-03-15T07:12:59.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12152 Event Level: 4,winevtx,-
 2012-03-15T07:12:59.0000000+00:00,Creation Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12152 Event Level: 4,winevtx,-
-2012-03-15T07:12:59.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '245'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12154 Event Level: 4,winevtx,-
-2012-03-15T07:12:59.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '245'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12154 Event Level: 4,winevtx,-
+2012-03-15T07:12:59.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '245'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12154 Event Level: 4,winevtx,-
+2012-03-15T07:12:59.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '245'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12154 Event Level: 4,winevtx,-
 2012-03-15T07:13:00.0312500+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12190 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-03-15T07:13:00.0312500+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12190 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-03-15T07:13:00.5312500+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'running'  '4D004D004300530053002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12191 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the running state.,winevtx,-
@@ -489,8 +489,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-15T14:16:47.7870631+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12292 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-15T14:33:17.7807271+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12293 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-15T14:33:17.7807271+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12293 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-15T16:00:15.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '31881'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12294 Event Level: 4,winevtx,-
-2012-03-15T16:00:15.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '31881'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12294 Event Level: 4,winevtx,-
+2012-03-15T16:00:15.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '31881'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12294 Event Level: 4,winevtx,-
+2012-03-15T16:00:15.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '31881'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12294 Event Level: 4,winevtx,-
 2012-03-15T16:02:50.6951911+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12295 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-15T16:02:50.6951911+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12295 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-15T16:19:20.6923345+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12296 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -591,8 +591,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-15T22:18:49.0000000+00:00,Creation Time,EVT,WinEVTX,[3 / 0x0003] Source Name: Virtual Disk Service Strings: ['@2010005'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12343 Event Level: 4 Message string: Service started.,winevtx,-
 2012-03-15T22:18:49.8092708+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Virtual Disk'  'running'  '7600640073002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12344 Event Level: 4 Message string: The Virtual Disk service entered the running state.,winevtx,-
 2012-03-15T22:18:49.8092708+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Virtual Disk'  'running'  '7600640073002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12344 Event Level: 4 Message string: The Virtual Disk service entered the running state.,winevtx,-
-2012-03-15T22:21:28.0000000+00:00,Content Modification Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['wininit.exe (10.3.58.4)'  'WKS-WIN764BITB'  'Application: Installation (Planned)'  '0x84040002'  'restart'  ''  'SHIELDBASE\\rsydow'  '02000484000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12345 Event Level: 4 Message string: The process wininit.exe (10.3.58.4) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: Application: Installation (Planned)\nReason Code: 0x84040002\nShutdown Type: restart\nComment: ,winevtx,-
-2012-03-15T22:21:28.0000000+00:00,Creation Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['wininit.exe (10.3.58.4)'  'WKS-WIN764BITB'  'Application: Installation (Planned)'  '0x84040002'  'restart'  ''  'SHIELDBASE\\rsydow'  '02000484000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12345 Event Level: 4 Message string: The process wininit.exe (10.3.58.4) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: Application: Installation (Planned)\nReason Code: 0x84040002\nShutdown Type: restart\nComment: ,winevtx,-
+2012-03-15T22:21:28.0000000+00:00,Content Modification Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['wininit.exe (10.3.58.4)'  'WKS-WIN764BITB'  'Application: Installation (Planned)'  '0x84040002'  'restart'  None  'SHIELDBASE\\rsydow'  '02000484000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12345 Event Level: 4 Message string: The process wininit.exe (10.3.58.4) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: Application: Installation (Planned)\nReason Code: 0x84040002\nShutdown Type: restart\nComment: ,winevtx,-
+2012-03-15T22:21:28.0000000+00:00,Creation Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['wininit.exe (10.3.58.4)'  'WKS-WIN764BITB'  'Application: Installation (Planned)'  '0x84040002'  'restart'  None  'SHIELDBASE\\rsydow'  '02000484000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12345 Event Level: 4 Message string: The process wininit.exe (10.3.58.4) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: Application: Installation (Planned)\nReason Code: 0x84040002\nShutdown Type: restart\nComment: ,winevtx,-
 2012-03-15T22:22:03.6982346+00:00,Content Modification Time,EVT,WinEVTX,[7002 / 0x1b5a] Provider identifier: {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} Source Name: Microsoft-Windows-Winlogon Strings: ['2'  'S-1-5-21-2036804247-3058324640-2116585241-1114'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12346 Event Level: 4 Message string: User Logoff Notification for Customer Experience Improvement Program,winevtx,-
 2012-03-15T22:22:03.6982346+00:00,Creation Time,EVT,WinEVTX,[7002 / 0x1b5a] Provider identifier: {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} Source Name: Microsoft-Windows-Winlogon Strings: ['2'  'S-1-5-21-2036804247-3058324640-2116585241-1114'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12346 Event Level: 4 Message string: User Logoff Notification for Customer Experience Improvement Program,winevtx,-
 2012-03-15T22:22:04.1669816+00:00,Content Modification Time,EVT,WinEVTX,[27 / 0x001b] Provider identifier: {945a8954-c147-4acd-923f-40c45405a658} Source Name: Microsoft-Windows-WindowsUpdateClient Strings: [] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12347 Event Level: 4 Message string: Automatic Updates is now paused.,winevtx,-
@@ -695,8 +695,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-15T22:24:07.0000000+00:00,Creation Time,EVT,WinEVTX,[6005 / 0x1775] Source Name: EventLog Strings: ['DC07030004000F00160018000700CE020000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12359 Event Level: 4,winevtx,-
 2012-03-15T22:24:07.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12357 Event Level: 4,winevtx,-
 2012-03-15T22:24:07.0000000+00:00,Creation Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12357 Event Level: 4,winevtx,-
-2012-03-15T22:24:07.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '74'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12360 Event Level: 4,winevtx,-
-2012-03-15T22:24:07.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '74'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12360 Event Level: 4,winevtx,-
+2012-03-15T22:24:07.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '74'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12360 Event Level: 4,winevtx,-
+2012-03-15T22:24:07.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '74'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12360 Event Level: 4,winevtx,-
 2012-03-15T22:24:07.5312500+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['BCWipe service'  'running'  '4200430057006900700065005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12398 Event Level: 4 Message string: The BCWipe service service entered the running state.,winevtx,-
 2012-03-15T22:24:07.5312500+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['BCWipe service'  'running'  '4200430057006900700065005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12398 Event Level: 4 Message string: The BCWipe service service entered the running state.,winevtx,-
 2012-03-15T22:24:07.8281250+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12399 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
@@ -869,8 +869,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-15T22:31:25.4422528+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Portable Device Enumerator Service'  'stopped'  '57005000440042007500730045006E0075006D002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12482 Event Level: 4 Message string: The Portable Device Enumerator Service service entered the stopped state.,winevtx,-
 2012-03-15T22:31:42.7158132+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['BCWipe service'  'stopped'  '4200430057006900700065005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12483 Event Level: 4 Message string: The BCWipe service service entered the stopped state.,winevtx,-
 2012-03-15T22:31:42.7158132+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['BCWipe service'  'stopped'  '4200430057006900700065005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12483 Event Level: 4 Message string: The BCWipe service service entered the stopped state.,winevtx,-
-2012-03-15T22:33:16.0000000+00:00,Content Modification Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\winlogon.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'No title for this reason could be found'  '0x500ff'  'restart'  ''  'SHIELDBASE\\rsydow'  'FF000500000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12484 Event Level: 4 Message string: The process C:\Windows\system32\winlogon.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: No title for this reason could be found\nReason Code: 0x500ff\nShutdown Type: restart\nComment: ,winevtx,-
-2012-03-15T22:33:16.0000000+00:00,Creation Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\winlogon.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'No title for this reason could be found'  '0x500ff'  'restart'  ''  'SHIELDBASE\\rsydow'  'FF000500000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12484 Event Level: 4 Message string: The process C:\Windows\system32\winlogon.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: No title for this reason could be found\nReason Code: 0x500ff\nShutdown Type: restart\nComment: ,winevtx,-
+2012-03-15T22:33:16.0000000+00:00,Content Modification Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\winlogon.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'No title for this reason could be found'  '0x500ff'  'restart'  None  'SHIELDBASE\\rsydow'  'FF000500000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12484 Event Level: 4 Message string: The process C:\Windows\system32\winlogon.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: No title for this reason could be found\nReason Code: 0x500ff\nShutdown Type: restart\nComment: ,winevtx,-
+2012-03-15T22:33:16.0000000+00:00,Creation Time,EVT,WinEVTX,[1074 / 0x0432] Source Name: USER32 Strings: ['C:\\Windows\\system32\\winlogon.exe (WKS-WIN764BITB)'  'WKS-WIN764BITB'  'No title for this reason could be found'  '0x500ff'  'restart'  None  'SHIELDBASE\\rsydow'  'FF000500000000000000000000000000000000000000000000000000000000000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12484 Event Level: 4 Message string: The process C:\Windows\system32\winlogon.exe (WKS-WIN764BITB) has initiated the restart of computer WKS-WIN764BITB on behalf of user SHIELDBASE\rsydow for the following reason: No title for this reason could be found\nReason Code: 0x500ff\nShutdown Type: restart\nComment: ,winevtx,-
 2012-03-15T22:33:16.1385740+00:00,Content Modification Time,EVT,WinEVTX,[7002 / 0x1b5a] Provider identifier: {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} Source Name: Microsoft-Windows-Winlogon Strings: ['2'  'S-1-5-21-2036804247-3058324640-2116585241-1114'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12485 Event Level: 4 Message string: User Logoff Notification for Customer Experience Improvement Program,winevtx,-
 2012-03-15T22:33:16.1385740+00:00,Creation Time,EVT,WinEVTX,[7002 / 0x1b5a] Provider identifier: {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} Source Name: Microsoft-Windows-Winlogon Strings: ['2'  'S-1-5-21-2036804247-3058324640-2116585241-1114'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12485 Event Level: 4 Message string: User Logoff Notification for Customer Experience Improvement Program,winevtx,-
 2012-03-15T22:33:16.5006354+00:00,Content Modification Time,EVT,WinEVTX,[27 / 0x001b] Provider identifier: {945a8954-c147-4acd-923f-40c45405a658} Source Name: Microsoft-Windows-WindowsUpdateClient Strings: [] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12486 Event Level: 4 Message string: Automatic Updates is now paused.,winevtx,-
@@ -975,8 +975,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-15T22:35:10.0000000+00:00,Creation Time,EVT,WinEVTX,[6005 / 0x1775] Source Name: EventLog Strings: ['DC07030004000F00160023000A0013020000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12506 Event Level: 4,winevtx,-
 2012-03-15T22:35:10.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12505 Event Level: 4,winevtx,-
 2012-03-15T22:35:10.0000000+00:00,Creation Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12505 Event Level: 4,winevtx,-
-2012-03-15T22:35:10.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '65'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12507 Event Level: 4,winevtx,-
-2012-03-15T22:35:10.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '65'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12507 Event Level: 4,winevtx,-
+2012-03-15T22:35:10.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '65'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12507 Event Level: 4,winevtx,-
+2012-03-15T22:35:10.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '65'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12507 Event Level: 4,winevtx,-
 2012-03-15T22:35:10.6093750+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12538 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-03-15T22:35:10.6093750+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12538 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-03-15T22:35:10.9843750+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'running'  '4D004D004300530053002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12539 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the running state.,winevtx,-
@@ -1237,8 +1237,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-16T14:49:22.0867518+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12666 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-16T15:48:55.4328539+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12667 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-16T15:48:55.4328539+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12667 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
-2012-03-16T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '62798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12668 Event Level: 4,winevtx,-
-2012-03-16T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '62798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12668 Event Level: 4,winevtx,-
+2012-03-16T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '62798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12668 Event Level: 4,winevtx,-
+2012-03-16T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '62798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12668 Event Level: 4,winevtx,-
 2012-03-16T16:05:25.4474654+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12669 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-16T16:05:25.4474654+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12669 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-16T17:41:58.5058495+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12670 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
@@ -1363,8 +1363,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-17T15:22:39.6215951+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12729 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-17T15:39:09.6439951+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12730 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-17T15:39:09.6439951+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12730 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-17T16:01:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '149258'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12731 Event Level: 4,winevtx,-
-2012-03-17T16:01:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '149258'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12731 Event Level: 4,winevtx,-
+2012-03-17T16:01:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '149258'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12731 Event Level: 4,winevtx,-
+2012-03-17T16:01:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '149258'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12731 Event Level: 4,winevtx,-
 2012-03-17T16:15:27.7596588+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12732 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-17T16:15:27.7596588+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12732 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-17T16:46:57.7921986+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12733 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -1473,8 +1473,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-18T15:02:26.7539196+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12784 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-03-18T15:07:28.0574782+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12785 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-18T15:07:28.0574782+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12785 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-18T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '235598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12786 Event Level: 4,winevtx,-
-2012-03-18T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '235598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12786 Event Level: 4,winevtx,-
+2012-03-18T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '235598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12786 Event Level: 4,winevtx,-
+2012-03-18T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '235598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12786 Event Level: 4,winevtx,-
 2012-03-18T16:02:31.2859575+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12787 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-18T16:02:31.2859575+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12787 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-18T16:19:01.3003507+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12788 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -1577,8 +1577,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-19T15:16:15.9722763+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12836 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-19T15:32:45.9656748+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12837 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-19T15:32:45.9656748+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12837 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-19T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '321998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12838 Event Level: 4,winevtx,-
-2012-03-19T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '321998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12838 Event Level: 4,winevtx,-
+2012-03-19T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '321998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12838 Event Level: 4,winevtx,-
+2012-03-19T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '321998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12838 Event Level: 4,winevtx,-
 2012-03-19T16:41:18.8619133+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12839 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-19T16:41:18.8619133+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12839 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-19T16:57:48.8550443+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12840 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -1681,10 +1681,10 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-20T14:48:39.3977204+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12888 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-20T15:05:09.4191834+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12889 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-20T15:05:09.4191834+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12889 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-20T15:59:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '408338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12890 Event Level: 4,winevtx,-
-2012-03-20T15:59:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '408338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12890 Event Level: 4,winevtx,-
-2012-03-20T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '408398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12891 Event Level: 4,winevtx,-
-2012-03-20T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '408398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12891 Event Level: 4,winevtx,-
+2012-03-20T15:59:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '408338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12890 Event Level: 4,winevtx,-
+2012-03-20T15:59:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '408338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12890 Event Level: 4,winevtx,-
+2012-03-20T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '408398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12891 Event Level: 4,winevtx,-
+2012-03-20T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '408398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12891 Event Level: 4,winevtx,-
 2012-03-20T18:59:53.1272192+00:00,Content Modification Time,EVT,WinEVTX,[7045 / 0x1b85] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['FResponse Service'  'f-response-ent.exe'  'user mode service'  'demand start'  'LocalSystem'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12892 Event Level: 4 Message string: A service was installed in the system.\n\nService Name:  FResponse Service\nService File Name:  f-response-ent.exe\nService Type:  user mode service\nService Start Type:  demand start\nService Account:  LocalSystem,winevtx,-
 2012-03-20T18:59:53.1272192+00:00,Creation Time,EVT,WinEVTX,[7045 / 0x1b85] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['FResponse Service'  'f-response-ent.exe'  'user mode service'  'demand start'  'LocalSystem'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12892 Event Level: 4 Message string: A service was installed in the system.\n\nService Name:  FResponse Service\nService File Name:  f-response-ent.exe\nService Type:  user mode service\nService Start Type:  demand start\nService Account:  LocalSystem,winevtx,-
 2012-03-20T18:59:55.0960448+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'running'  '410065004C006F006F006B00750070005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12893 Event Level: 4 Message string: The Application Experience service entered the running state.,winevtx,-
@@ -1783,8 +1783,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-21T15:48:48.0910569+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12939 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-21T15:48:52.2519234+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'stopped'  '4D004D004300530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12940 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the stopped state.,winevtx,-
 2012-03-21T15:48:52.2519234+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'stopped'  '4D004D004300530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12940 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the stopped state.,winevtx,-
-2012-03-21T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '494798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12941 Event Level: 4,winevtx,-
-2012-03-21T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '494798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12941 Event Level: 4,winevtx,-
+2012-03-21T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '494798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12941 Event Level: 4,winevtx,-
+2012-03-21T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '494798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12941 Event Level: 4,winevtx,-
 2012-03-21T16:05:18.2011987+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12942 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-21T16:05:18.2011987+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12942 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-21T20:37:33.4064113+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12943 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
@@ -1871,8 +1871,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-22T14:53:01.8105196+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'running'  '4D004D004300530053002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12983 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the running state.,winevtx,-
 2012-03-22T14:58:03.0550262+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'stopped'  '4D004D004300530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12984 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the stopped state.,winevtx,-
 2012-03-22T14:58:03.0550262+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'stopped'  '4D004D004300530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12984 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the stopped state.,winevtx,-
-2012-03-22T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '581198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12985 Event Level: 4,winevtx,-
-2012-03-22T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '581198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12985 Event Level: 4,winevtx,-
+2012-03-22T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '581198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12985 Event Level: 4,winevtx,-
+2012-03-22T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '581198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12985 Event Level: 4,winevtx,-
 2012-03-22T16:23:54.6709443+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12986 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-22T16:23:54.6709443+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12986 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-22T16:24:10.9142126+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'running'  '540072007500730074006500640049006E007300740061006C006C00650072002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 12987 Event Level: 4 Message string: The Windows Modules Installer service entered the running state.,winevtx,-
@@ -1917,8 +1917,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-23T10:57:59.0484172+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13006 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-03-23T11:03:43.1596036+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13007 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-23T11:03:43.1596036+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13007 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-23T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '667598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13008 Event Level: 4,winevtx,-
-2012-03-23T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '667598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13008 Event Level: 4,winevtx,-
+2012-03-23T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '667598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13008 Event Level: 4,winevtx,-
+2012-03-23T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '667598'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13008 Event Level: 4,winevtx,-
 2012-03-24T00:25:05.3857895+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13009 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-24T00:25:05.3857895+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13009 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-24T00:41:35.4100490+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13010 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -1943,8 +1943,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-24T06:34:50.3114130+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13019 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-03-24T06:40:48.7231949+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13020 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-24T06:40:48.7231949+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13020 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-24T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '753998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13021 Event Level: 4,winevtx,-
-2012-03-24T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '753998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13021 Event Level: 4,winevtx,-
+2012-03-24T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '753998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13021 Event Level: 4,winevtx,-
+2012-03-24T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '753998'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13021 Event Level: 4,winevtx,-
 2012-03-25T00:25:01.0011354+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13022 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-25T00:25:01.0011354+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13022 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-25T00:41:31.0050585+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13023 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -1971,10 +1971,10 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-25T04:06:03.9207376+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Microsoft Software Shadow Copy Provider'  'stopped'  '730077007000720076002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13033 Event Level: 4 Message string: The Microsoft Software Shadow Copy Provider service entered the stopped state.,winevtx,-
 2012-03-25T11:41:31.5113908+00:00,Content Modification Time,EVT,WinEVTX,[50 / 0x0032] Provider identifier: {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb} Source Name: Microsoft-Windows-Time-Service Strings: ['5000'  '900'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13034 Event Level: 3 Message string: The time service detected a time difference of greater than 5000 milliseconds for 900 seconds. The time difference might be caused by synchronization with low-accuracy time sources or by suboptimal network conditions. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. When a valid time stamp is received from a time service provider  the time service will correct itself.,winevtx,-
 2012-03-25T11:41:31.5113908+00:00,Creation Time,EVT,WinEVTX,[50 / 0x0032] Provider identifier: {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb} Source Name: Microsoft-Windows-Time-Service Strings: ['5000'  '900'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13034 Event Level: 3 Message string: The time service detected a time difference of greater than 5000 milliseconds for 900 seconds. The time difference might be caused by synchronization with low-accuracy time sources or by suboptimal network conditions. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. When a valid time stamp is received from a time service provider  the time service will correct itself.,winevtx,-
-2012-03-25T15:59:36.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '840338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13035 Event Level: 4,winevtx,-
-2012-03-25T15:59:36.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '840338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13035 Event Level: 4,winevtx,-
-2012-03-25T16:00:36.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '840398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13036 Event Level: 4,winevtx,-
-2012-03-25T16:00:36.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '840398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13036 Event Level: 4,winevtx,-
+2012-03-25T15:59:36.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '840338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13035 Event Level: 4,winevtx,-
+2012-03-25T15:59:36.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '840338'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13035 Event Level: 4,winevtx,-
+2012-03-25T16:00:36.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '840398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13036 Event Level: 4,winevtx,-
+2012-03-25T16:00:36.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '840398'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13036 Event Level: 4,winevtx,-
 2012-03-25T22:34:58.2913030+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13037 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-25T22:34:58.2913030+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13037 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-25T22:35:13.8645445+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'running'  '540072007500730074006500640049006E007300740061006C006C00650072002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13038 Event Level: 4 Message string: The Windows Modules Installer service entered the running state.,winevtx,-
@@ -2001,8 +2001,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-26T04:06:03.7441117+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Microsoft Software Shadow Copy Provider'  'stopped'  '730077007000720076002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13048 Event Level: 4 Message string: The Microsoft Software Shadow Copy Provider service entered the stopped state.,winevtx,-
 2012-03-26T05:50:08.4706442+00:00,Content Modification Time,EVT,WinEVTX,[105 / 0x0069] Provider identifier: {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} Source Name: Microsoft-Windows-Eventlog Strings: ['Application'  'C:\\Windows\\System32\\Winevt\\Logs\\Archive-Application-2012-03-26-05-50-01-755.evtx'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13049 Event Level: 4 Message string: Event log automatic backup\n\tLog:\tApplication\n\tFile:\tC:\Windows\System32\Winevt\Logs\Archive-Application-2012-03-26-05-50-01-755.evtx\n,winevtx,-
 2012-03-26T05:50:08.4706442+00:00,Creation Time,EVT,WinEVTX,[105 / 0x0069] Provider identifier: {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} Source Name: Microsoft-Windows-Eventlog Strings: ['Application'  'C:\\Windows\\System32\\Winevt\\Logs\\Archive-Application-2012-03-26-05-50-01-755.evtx'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13049 Event Level: 4 Message string: Event log automatic backup\n\tLog:\tApplication\n\tFile:\tC:\Windows\System32\Winevt\Logs\Archive-Application-2012-03-26-05-50-01-755.evtx\n,winevtx,-
-2012-03-26T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '926798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13050 Event Level: 4,winevtx,-
-2012-03-26T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '926798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13050 Event Level: 4,winevtx,-
+2012-03-26T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '926798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13050 Event Level: 4,winevtx,-
+2012-03-26T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '926798'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13050 Event Level: 4,winevtx,-
 2012-03-26T19:37:18.8011389+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13051 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-26T19:37:18.8011389+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13051 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-26T19:37:42.3958644+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'running'  '540072007500730074006500640049006E007300740061006C006C00650072002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13052 Event Level: 4 Message string: The Windows Modules Installer service entered the running state.,winevtx,-
@@ -2039,8 +2039,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-27T15:14:17.0688277+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13067 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-03-27T15:20:08.3402827+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13068 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-27T15:20:08.3402827+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13068 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-27T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1013198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13069 Event Level: 4,winevtx,-
-2012-03-27T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1013198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13069 Event Level: 4,winevtx,-
+2012-03-27T16:00:37.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1013198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13069 Event Level: 4,winevtx,-
+2012-03-27T16:00:37.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1013198'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13069 Event Level: 4,winevtx,-
 2012-03-27T20:13:49.4170000+00:00,Content Modification Time,EVT,WinEVTX,[1 / 0x0001] Provider identifier: {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} Source Name: Microsoft-Windows-Kernel-General Strings: ['2012-03-27T20:13:49.417000000Z'  '2012-03-27T20:11:25.066011500Z'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13070 Event Level: 4,winevtx,-
 2012-03-27T20:13:49.4170000+00:00,Creation Time,EVT,WinEVTX,[1 / 0x0001] Provider identifier: {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} Source Name: Microsoft-Windows-Kernel-General Strings: ['2012-03-27T20:13:49.417000000Z'  '2012-03-27T20:11:25.066011500Z'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13070 Event Level: 4,winevtx,-
 2012-03-27T20:17:13.0080000+00:00,Content Modification Time,EVT,WinEVTX,[1 / 0x0001] Provider identifier: {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} Source Name: Microsoft-Windows-Kernel-General Strings: ['2012-03-27T20:17:13.008000000Z'  '2012-03-27T20:14:01.457038500Z'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13071 Event Level: 4,winevtx,-
@@ -2095,8 +2095,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-28T09:08:07.4103562+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13095 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-03-28T09:14:17.2609277+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13096 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-28T09:14:17.2609277+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13096 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-28T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1098023'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13097 Event Level: 4,winevtx,-
-2012-03-28T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1098023'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13097 Event Level: 4,winevtx,-
+2012-03-28T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1098023'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13097 Event Level: 4,winevtx,-
+2012-03-28T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1098023'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13097 Event Level: 4,winevtx,-
 2012-03-29T00:49:44.8171433+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13098 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-29T00:49:44.8171433+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13098 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-29T01:06:14.8190543+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13099 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -2129,8 +2129,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-29T05:21:40.9454602+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13112 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-03-29T05:27:46.0889967+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13113 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-29T05:27:46.0889967+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13113 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-29T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1184423'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13114 Event Level: 4,winevtx,-
-2012-03-29T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1184423'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13114 Event Level: 4,winevtx,-
+2012-03-29T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1184423'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13114 Event Level: 4,winevtx,-
+2012-03-29T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1184423'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13114 Event Level: 4,winevtx,-
 2012-03-30T00:49:42.0854122+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13115 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-30T00:49:42.0854122+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13115 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-30T01:06:12.1068452+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13116 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -2167,8 +2167,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-30T04:38:28.8494888+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13131 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-30T04:54:58.9920198+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13132 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-03-30T04:54:58.9920198+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13132 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-03-30T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1270823'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13133 Event Level: 4,winevtx,-
-2012-03-30T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1270823'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13133 Event Level: 4,winevtx,-
+2012-03-30T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1270823'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13133 Event Level: 4,winevtx,-
+2012-03-30T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1270823'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13133 Event Level: 4,winevtx,-
 2012-03-30T21:40:28.2548002+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13134 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-30T21:40:28.2548002+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13134 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-30T21:40:37.2108547+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'running'  '540072007500730074006500640049006E007300740061006C006C00650072002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13135 Event Level: 4 Message string: The Windows Modules Installer service entered the running state.,winevtx,-
@@ -2193,8 +2193,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-03-31T04:03:04.1190012+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Volume Shadow Copy'  'stopped'  '5600530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13144 Event Level: 4 Message string: The Volume Shadow Copy service entered the stopped state.,winevtx,-
 2012-03-31T04:06:04.1248532+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Microsoft Software Shadow Copy Provider'  'stopped'  '730077007000720076002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13145 Event Level: 4 Message string: The Microsoft Software Shadow Copy Provider service entered the stopped state.,winevtx,-
 2012-03-31T04:06:04.1248532+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Microsoft Software Shadow Copy Provider'  'stopped'  '730077007000720076002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13145 Event Level: 4 Message string: The Microsoft Software Shadow Copy Provider service entered the stopped state.,winevtx,-
-2012-03-31T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1357223'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13146 Event Level: 4,winevtx,-
-2012-03-31T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1357223'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13146 Event Level: 4,winevtx,-
+2012-03-31T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1357223'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13146 Event Level: 4,winevtx,-
+2012-03-31T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1357223'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13146 Event Level: 4,winevtx,-
 2012-03-31T17:57:23.0753466+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13147 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-31T17:57:23.0753466+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13147 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-03-31T17:57:30.7345261+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'running'  '540072007500730074006500640049006E007300740061006C006C00650072002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13148 Event Level: 4 Message string: The Windows Modules Installer service entered the running state.,winevtx,-
@@ -2255,8 +2255,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-01T14:52:32.9294647+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13175 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-04-01T14:58:37.0700897+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13176 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-04-01T14:58:37.0700897+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13176 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-04-01T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1443623'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13177 Event Level: 4,winevtx,-
-2012-04-01T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1443623'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13177 Event Level: 4,winevtx,-
+2012-04-01T16:00:05.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1443623'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13177 Event Level: 4,winevtx,-
+2012-04-01T16:00:05.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1443623'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13177 Event Level: 4,winevtx,-
 2012-04-02T00:49:48.7085947+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13178 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-04-02T00:49:48.7085947+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13178 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-04-02T01:06:18.7085947+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13179 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -2287,8 +2287,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-02T21:51:27.0927466+00:00,Creation Time,EVT,WinEVTX,[1 / 0x0001] Provider identifier: {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} Source Name: Microsoft-Windows-Kernel-General Strings: ['2012-04-02T21:51:25.421000000Z'  '2012-04-02T15:59:22.380592500Z'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13191 Event Level: 4,winevtx,-
 2012-04-02T21:52:01.4983260+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['FResponse Service'  'stopped'  '460052006500730070006F006E0073006500200053006500720076006900630065002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13192 Event Level: 4 Message string: The FResponse Service service entered the stopped state.,winevtx,-
 2012-04-02T21:52:01.4983260+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['FResponse Service'  'stopped'  '460052006500730070006F006E0073006500200053006500720076006900630065002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13192 Event Level: 4 Message string: The FResponse Service service entered the stopped state.,winevtx,-
-2012-04-02T21:52:03.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1529963'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13193 Event Level: 4,winevtx,-
-2012-04-02T21:52:03.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1529963'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13193 Event Level: 4,winevtx,-
+2012-04-02T21:52:03.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1529963'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13193 Event Level: 4,winevtx,-
+2012-04-02T21:52:03.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1529963'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13193 Event Level: 4,winevtx,-
 2012-04-02T21:53:53.2905222+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13194 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-04-02T21:53:53.2905222+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13194 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-04-02T22:10:23.2554346+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13195 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
@@ -2331,8 +2331,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-03T10:13:02.3810328+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13213 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-04-03T13:35:10.0932304+00:00,Content Modification Time,EVT,WinEVTX,[1 / 0x0001] Provider identifier: {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} Source Name: Microsoft-Windows-Kernel-General Strings: ['2012-04-03T13:35:08.562000000Z'  '2012-04-03T13:34:02.447352400Z'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13214 Event Level: 4,winevtx,-
 2012-04-03T13:35:10.0932304+00:00,Creation Time,EVT,WinEVTX,[1 / 0x0001] Provider identifier: {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} Source Name: Microsoft-Windows-Kernel-General Strings: ['2012-04-03T13:35:08.562000000Z'  '2012-04-03T13:34:02.447352400Z'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13214 Event Level: 4,winevtx,-
-2012-04-03T16:00:53.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1595204'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13215 Event Level: 4,winevtx,-
-2012-04-03T16:00:53.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1595204'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13215 Event Level: 4,winevtx,-
+2012-04-03T16:00:53.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1595204'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13215 Event Level: 4,winevtx,-
+2012-04-03T16:00:53.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1595204'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13215 Event Level: 4,winevtx,-
 2012-04-03T20:27:09.7738870+00:00,Content Modification Time,EVT,WinEVTX,[7001 / 0x1b59] Provider identifier: {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} Source Name: Microsoft-Windows-Winlogon Strings: ['3'  'S-1-5-21-2036804247-3058324640-2116585241-1114'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13216 Event Level: 4 Message string: User Logon Notification for Customer Experience Improvement Program,winevtx,-
 2012-04-03T20:27:09.7738870+00:00,Creation Time,EVT,WinEVTX,[7001 / 0x1b59] Provider identifier: {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} Source Name: Microsoft-Windows-Winlogon Strings: ['3'  'S-1-5-21-2036804247-3058324640-2116585241-1114'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13216 Event Level: 4 Message string: User Logon Notification for Customer Experience Improvement Program,winevtx,-
 2012-04-03T20:27:19.6240636+00:00,Content Modification Time,EVT,WinEVTX,[1503 / 0x05df] Provider identifier: {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9} Source Name: Microsoft-Windows-GroupPolicy Strings: ['1'  '3163'  '1'  '2390'  '\\\\Controller.shieldbase.local'  '2'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13217 Event Level: 4 Message string: The Group Policy settings for the user were processed successfully. New settings from 2 Group Policy objects were detected and applied.,winevtx,-
@@ -2437,8 +2437,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-04T12:36:45.2081593+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'stopped'  '4D004D004300530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13266 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the stopped state.,winevtx,-
 2012-04-04T12:41:45.0099058+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'stopped'  '410065004C006F006F006B00750070005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13267 Event Level: 4 Message string: The Application Experience service entered the stopped state.,winevtx,-
 2012-04-04T12:41:45.0099058+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'stopped'  '410065004C006F006F006B00750070005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13267 Event Level: 4 Message string: The Application Experience service entered the stopped state.,winevtx,-
-2012-04-04T16:00:16.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1681452'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13268 Event Level: 4,winevtx,-
-2012-04-04T16:00:16.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1681452'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13268 Event Level: 4,winevtx,-
+2012-04-04T16:00:16.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1681452'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13268 Event Level: 4,winevtx,-
+2012-04-04T16:00:16.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1681452'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13268 Event Level: 4,winevtx,-
 2012-04-04T20:01:01.9633864+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'running'  '410065004C006F006F006B00750070005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13269 Event Level: 4 Message string: The Application Experience service entered the running state.,winevtx,-
 2012-04-04T20:01:01.9633864+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'running'  '410065004C006F006F006B00750070005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13269 Event Level: 4 Message string: The Application Experience service entered the running state.,winevtx,-
 2012-04-04T20:01:05.9194409+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Volume Shadow Copy'  'running'  '5600530053002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13270 Event Level: 4 Message string: The Volume Shadow Copy service entered the running state.,winevtx,-
@@ -2503,8 +2503,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-05T15:51:26.3272716+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'running'  '410065004C006F006F006B00750070005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13299 Event Level: 4 Message string: The Application Experience service entered the running state.,winevtx,-
 2012-04-05T15:56:00.4210216+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'stopped'  '4D004D004300530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13300 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the stopped state.,winevtx,-
 2012-04-05T15:56:00.4210216+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'stopped'  '4D004D004300530053002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13300 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the stopped state.,winevtx,-
-2012-04-05T16:00:16.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1767852'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13301 Event Level: 4,winevtx,-
-2012-04-05T16:00:16.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '1767852'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13301 Event Level: 4,winevtx,-
+2012-04-05T16:00:16.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1767852'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13301 Event Level: 4,winevtx,-
+2012-04-05T16:00:16.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '1767852'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13301 Event Level: 4,winevtx,-
 2012-04-05T16:01:26.3272716+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'stopped'  '410065004C006F006F006B00750070005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13302 Event Level: 4 Message string: The Application Experience service entered the stopped state.,winevtx,-
 2012-04-05T16:01:26.3272716+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'stopped'  '410065004C006F006F006B00750070005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13302 Event Level: 4 Message string: The Application Experience service entered the stopped state.,winevtx,-
 2012-04-05T17:01:02.1170616+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'running'  '410065004C006F006F006B00750070005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13303 Event Level: 4 Message string: The Application Experience service entered the running state.,winevtx,-
@@ -2697,12 +2697,12 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-06T14:07:43.2656250+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Remote Procedure Call (RPC)'  'running'  '520070006300530073002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13400 Event Level: 4 Message string: The Remote Procedure Call (RPC) service entered the running state.,winevtx,-
 2012-04-06T14:07:44.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6005 / 0x1775] Source Name: EventLog Strings: ['DC070400050006000E0007002C007D000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13390 Event Level: 4,winevtx,-
 2012-04-06T14:07:44.0000000+00:00,Creation Time,EVT,WinEVTX,[6005 / 0x1775] Source Name: EventLog Strings: ['DC070400050006000E0007002C007D000000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13390 Event Level: 4,winevtx,-
-2012-04-06T14:07:44.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['9:59:13 AM'  '\u200e4/\u200e6/\u200e2012'  ''  ''  '1846932'  ''  ''  'DC0704000500060009003B000D001D00DC070400050006000D003B000D001D00600900003C000000010000006009000000000000B004000001000000BF590000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13388 Event Level: 2,winevtx,-
-2012-04-06T14:07:44.0000000+00:00,Creation Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['9:59:13 AM'  '\u200e4/\u200e6/\u200e2012'  ''  ''  '1846932'  ''  ''  'DC0704000500060009003B000D001D00DC070400050006000D003B000D001D00600900003C000000010000006009000000000000B004000001000000BF590000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13388 Event Level: 2,winevtx,-
+2012-04-06T14:07:44.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['9:59:13 AM'  '\u200e4/\u200e6/\u200e2012'  None  None  '1846932'  None  None  'DC0704000500060009003B000D001D00DC070400050006000D003B000D001D00600900003C000000010000006009000000000000B004000001000000BF590000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13388 Event Level: 2,winevtx,-
+2012-04-06T14:07:44.0000000+00:00,Creation Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['9:59:13 AM'  '\u200e4/\u200e6/\u200e2012'  None  None  '1846932'  None  None  'DC0704000500060009003B000D001D00DC070400050006000D003B000D001D00600900003C000000010000006009000000000000B004000001000000BF590000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13388 Event Level: 2,winevtx,-
 2012-04-06T14:07:44.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13389 Event Level: 4,winevtx,-
 2012-04-06T14:07:44.0000000+00:00,Creation Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13389 Event Level: 4,winevtx,-
-2012-04-06T14:07:44.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13391 Event Level: 4,winevtx,-
-2012-04-06T14:07:44.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13391 Event Level: 4,winevtx,-
+2012-04-06T14:07:44.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13391 Event Level: 4,winevtx,-
+2012-04-06T14:07:44.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13391 Event Level: 4,winevtx,-
 2012-04-06T14:07:44.2656250+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13401 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-04-06T14:07:44.2656250+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13401 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-04-06T14:07:44.4531250+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'running'  '4D004D004300530053002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13402 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the running state.,winevtx,-
@@ -2909,8 +2909,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-06T15:43:39.5269390+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Error Reporting Service'  'stopped'  '5700650072005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13502 Event Level: 4 Message string: The Windows Error Reporting Service service entered the stopped state.,winevtx,-
 2012-04-06T15:59:34.0987812+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'stopped'  '410065004C006F006F006B00750070005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13503 Event Level: 4 Message string: The Application Experience service entered the stopped state.,winevtx,-
 2012-04-06T15:59:34.0987812+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'stopped'  '410065004C006F006F006B00750070005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13503 Event Level: 4 Message string: The Application Experience service entered the stopped state.,winevtx,-
-2012-04-06T16:01:06.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '6862'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13504 Event Level: 4,winevtx,-
-2012-04-06T16:01:06.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '6862'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13504 Event Level: 4,winevtx,-
+2012-04-06T16:01:06.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '6862'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13504 Event Level: 4,winevtx,-
+2012-04-06T16:01:06.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '6862'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13504 Event Level: 4,winevtx,-
 2012-04-06T16:29:44.3150464+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'running'  '410065004C006F006F006B00750070005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13505 Event Level: 4 Message string: The Application Experience service entered the running state.,winevtx,-
 2012-04-06T16:29:44.3150464+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'running'  '410065004C006F006F006B00750070005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13505 Event Level: 4 Message string: The Application Experience service entered the running state.,winevtx,-
 2012-04-06T16:55:43.1343097+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Application Experience'  'stopped'  '410065004C006F006F006B00750070005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13506 Event Level: 4 Message string: The Application Experience service entered the stopped state.,winevtx,-
@@ -2981,12 +2981,12 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-06T19:12:07.5625000+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Remote Procedure Call (RPC)'  'running'  '520070006300530073002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13542 Event Level: 4 Message string: The Remote Procedure Call (RPC) service entered the running state.,winevtx,-
 2012-04-06T19:12:08.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6005 / 0x1775] Source Name: EventLog Strings: ['DC0704000500060013000C000800D8030000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13532 Event Level: 4,winevtx,-
 2012-04-06T19:12:08.0000000+00:00,Creation Time,EVT,WinEVTX,[6005 / 0x1775] Source Name: EventLog Strings: ['DC0704000500060013000C000800D8030000000000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13532 Event Level: 4,winevtx,-
-2012-04-06T19:12:08.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['3:09:23 PM'  '\u200e4/\u200e6/\u200e2012'  ''  ''  '14071'  ''  ''  'DC070400050006000F00090017004B01DC070400050006001300090017004B01600900003C000000010000006009000000000000B004000001000000EF0F0000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13530 Event Level: 2,winevtx,-
-2012-04-06T19:12:08.0000000+00:00,Creation Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['3:09:23 PM'  '\u200e4/\u200e6/\u200e2012'  ''  ''  '14071'  ''  ''  'DC070400050006000F00090017004B01DC070400050006001300090017004B01600900003C000000010000006009000000000000B004000001000000EF0F0000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13530 Event Level: 2,winevtx,-
+2012-04-06T19:12:08.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['3:09:23 PM'  '\u200e4/\u200e6/\u200e2012'  None  None  '14071'  None  None  'DC070400050006000F00090017004B01DC070400050006001300090017004B01600900003C000000010000006009000000000000B004000001000000EF0F0000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13530 Event Level: 2,winevtx,-
+2012-04-06T19:12:08.0000000+00:00,Creation Time,EVT,WinEVTX,[6008 / 0x1778] Source Name: EventLog Strings: ['3:09:23 PM'  '\u200e4/\u200e6/\u200e2012'  None  None  '14071'  None  None  'DC070400050006000F00090017004B01DC070400050006001300090017004B01600900003C000000010000006009000000000000B004000001000000EF0F0000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13530 Event Level: 2,winevtx,-
 2012-04-06T19:12:08.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13531 Event Level: 4,winevtx,-
 2012-04-06T19:12:08.0000000+00:00,Creation Time,EVT,WinEVTX,[6009 / 0x1779] Source Name: EventLog Strings: ['6.01.'  '7601'  'Service Pack 1'  'Multiprocessor Free'  '17514'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13531 Event Level: 4,winevtx,-
-2012-04-06T19:12:09.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13533 Event Level: 4,winevtx,-
-2012-04-06T19:12:09.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13533 Event Level: 4,winevtx,-
+2012-04-06T19:12:09.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13533 Event Level: 4,winevtx,-
+2012-04-06T19:12:09.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '52'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13533 Event Level: 4,winevtx,-
 2012-04-06T19:12:09.1875000+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13543 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-04-06T19:12:09.1875000+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Event Log'  'running'  '6500760065006E0074006C006F0067002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13543 Event Level: 4 Message string: The Windows Event Log service entered the running state.,winevtx,-
 2012-04-06T19:12:09.4531250+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Multimedia Class Scheduler'  'running'  '4D004D004300530053002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13544 Event Level: 4 Message string: The Multimedia Class Scheduler service entered the running state.,winevtx,-
@@ -3183,8 +3183,8 @@ datetime,timestamp_desc,source,source_long,message,parser,tag
 2012-04-07T05:52:07.8409245+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Windows Modules Installer'  'stopped'  '540072007500730074006500640049006E007300740061006C006C00650072002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13639 Event Level: 4 Message string: The Windows Modules Installer service entered the stopped state.,winevtx,-
 2012-04-07T05:54:15.5152508+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13640 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
 2012-04-07T05:54:15.5152508+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'stopped'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0031000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13640 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.,winevtx,-
-2012-04-07T16:00:10.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '74861'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13641 Event Level: 4,winevtx,-
-2012-04-07T16:00:10.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [''  ''  ''  ''  '74861'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13641 Event Level: 4,winevtx,-
+2012-04-07T16:00:10.0000000+00:00,Content Modification Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '74861'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13641 Event Level: 4,winevtx,-
+2012-04-07T16:00:10.0000000+00:00,Creation Time,EVT,WinEVTX,[6013 / 0x177d] Source Name: EventLog Strings: [None  None  None  None  '74861'  '60'  '300 Eastern Standard Time'  '31002E003100000030000000570069006E0064006F007700730020003700200055006C00740069006D00610074006500000036002E0031002E00370036003000310020004200750069006C006400200037003600300031002000530065007200760069006300650020005000610063006B002000310000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000037003600300031002E00770069006E0037007300700031005F006700640072002E003100310031003100310038002D00320033003300300000003400630064006100640032003200310000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003100000032003000340038000000340030003900000057004B0053002D00570049004E0037003600340042004900540042002E0073006800690065006C00640062006100730065002E006C006F00630061006C0000000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13641 Event Level: 4,winevtx,-
 2012-04-08T01:11:43.9108108+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13642 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-04-08T01:11:43.9108108+00:00,Creation Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['WinHTTP Web Proxy Auto-Discovery Service'  'running'  '570069006E0048007400740070004100750074006F00500072006F00780079005300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13642 Event Level: 4 Message string: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.,winevtx,-
 2012-04-08T01:12:00.6766504+00:00,Content Modification Time,EVT,WinEVTX,[7036 / 0x1b7c] Provider identifier: {555908d1-a6d7-4695-8e1e-26931d2012f4} Source Name: Service Control Manager Strings: ['Software Protection'  'running'  '7300700070007300760063002F0034000000'] Computer Name: WKS-WIN764BITB.shieldbase.local Record Number: 13643 Event Level: 4 Message string: The Software Protection service entered the running state.,winevtx,-