diff --git a/EventFinder.sln b/EventFinder.sln
new file mode 100644
index 0000000..8a81e5a
--- /dev/null
+++ b/EventFinder.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.28307.329
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EventFinder", "EventFinder\EventFinder.csproj", "{36E134C0-5B86-418D-B42D-65B6C38DE1ED}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{36E134C0-5B86-418D-B42D-65B6C38DE1ED}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{36E134C0-5B86-418D-B42D-65B6C38DE1ED}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{36E134C0-5B86-418D-B42D-65B6C38DE1ED}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{36E134C0-5B86-418D-B42D-65B6C38DE1ED}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {E9386A7E-FD13-4BBD-A686-1721B28B9736}
+	EndGlobalSection
+EndGlobal
diff --git a/EventFinder/App.config b/EventFinder/App.config
new file mode 100644
index 0000000..8cd6e46
--- /dev/null
+++ b/EventFinder/App.config
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
+    </startup>
+  <runtime>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/EventFinder/EventFinder.csproj b/EventFinder/EventFinder.csproj
new file mode 100644
index 0000000..c33b43a
--- /dev/null
+++ b/EventFinder/EventFinder.csproj
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.props')" />
+  <Import Project="..\packages\ILMerge.3.0.21\build\ILMerge.props" Condition="Exists('..\packages\ILMerge.3.0.21\build\ILMerge.props')" />
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{36E134C0-5B86-418D-B42D-65B6C38DE1ED}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <RootNamespace>EventFinder</RootNamespace>
+    <AssemblyName>EventFinder</AssemblyName>
+    <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+    <PublishUrl>publish\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <ApplicationRevision>0</ApplicationRevision>
+    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+    <NuGetPackageImportStamp>
+    </NuGetPackageImportStamp>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="CsvHelper, Version=12.0.0.0, Culture=neutral, PublicKeyToken=8c4959082be5c823, processorArchitecture=MSIL">
+      <HintPath>..\packages\CsvHelper.12.1.1\lib\net45\CsvHelper.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.ValueTuple, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.ValueTuple.4.5.0\lib\net461\System.ValueTuple.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Deployment" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Windows.Forms" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Form1.cs" />
+    <Compile Include="Form1.Designer.cs">
+      <DependentUpon>Form1.cs</DependentUpon>
+    </Compile>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <EmbeddedResource Include="Form1.resx">
+      <DependentUpon>Form1.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Properties\Resources.resx">
+      <Generator>ResXFileCodeGenerator</Generator>
+      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <Compile Include="Properties\Resources.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DependentUpon>Resources.resx</DependentUpon>
+    </Compile>
+    <None Include="ILMerge.props" />
+    <None Include="packages.config" />
+    <None Include="Properties\Settings.settings">
+      <Generator>SettingsSingleFileGenerator</Generator>
+      <LastGenOutput>Settings.Designer.cs</LastGenOutput>
+    </None>
+    <Compile Include="Properties\Settings.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DependentUpon>Settings.settings</DependentUpon>
+      <DesignTimeSharedInput>True</DesignTimeSharedInput>
+    </Compile>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.6.1">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.6.1 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="ILMergeOrder.txt" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('..\packages\ILMerge.3.0.21\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\ILMerge.3.0.21\build\ILMerge.props'))" />
+    <Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.props'))" />
+    <Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.targets'))" />
+  </Target>
+  <Import Project="..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.0.5\build\MSBuild.ILMerge.Task.targets')" />
+</Project>
\ No newline at end of file
diff --git a/EventFinder/Form1.Designer.cs b/EventFinder/Form1.Designer.cs
new file mode 100644
index 0000000..06db3a1
--- /dev/null
+++ b/EventFinder/Form1.Designer.cs
@@ -0,0 +1,149 @@
+namespace EventFinder
+{
+    partial class FindEvents
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.StartButton = new System.Windows.Forms.Button();
+            this.EndButton = new System.Windows.Forms.Button();
+            this.StartInput = new System.Windows.Forms.TextBox();
+            this.EndInput = new System.Windows.Forms.TextBox();
+            this.FindEventsButton = new System.Windows.Forms.Button();
+            this.StatusOutput = new System.Windows.Forms.Label();
+            this.EventRangeBox = new System.Windows.Forms.GroupBox();
+            this.Status = new System.Windows.Forms.GroupBox();
+            this.EventRangeBox.SuspendLayout();
+            this.Status.SuspendLayout();
+            this.SuspendLayout();
+            // 
+            // StartButton
+            // 
+            this.StartButton.Location = new System.Drawing.Point(6, 37);
+            this.StartButton.Name = "StartButton";
+            this.StartButton.Size = new System.Drawing.Size(123, 52);
+            this.StartButton.TabIndex = 0;
+            this.StartButton.Text = "Start Time";
+            this.StartButton.UseVisualStyleBackColor = true;
+            this.StartButton.Click += new System.EventHandler(this.StartButton_Click);
+            // 
+            // EndButton
+            // 
+            this.EndButton.Location = new System.Drawing.Point(6, 95);
+            this.EndButton.Name = "EndButton";
+            this.EndButton.Size = new System.Drawing.Size(123, 53);
+            this.EndButton.TabIndex = 1;
+            this.EndButton.Text = "End Time";
+            this.EndButton.UseVisualStyleBackColor = true;
+            this.EndButton.Click += new System.EventHandler(this.EndButton_Click);
+            // 
+            // StartInput
+            // 
+            this.StartInput.Location = new System.Drawing.Point(153, 48);
+            this.StartInput.Name = "StartInput";
+            this.StartInput.Size = new System.Drawing.Size(256, 29);
+            this.StartInput.TabIndex = 2;
+            // 
+            // EndInput
+            // 
+            this.EndInput.Location = new System.Drawing.Point(153, 106);
+            this.EndInput.Name = "EndInput";
+            this.EndInput.Size = new System.Drawing.Size(256, 29);
+            this.EndInput.TabIndex = 3;
+            // 
+            // FindEventsButton
+            // 
+            this.FindEventsButton.Location = new System.Drawing.Point(142, 198);
+            this.FindEventsButton.Name = "FindEventsButton";
+            this.FindEventsButton.Size = new System.Drawing.Size(147, 51);
+            this.FindEventsButton.TabIndex = 4;
+            this.FindEventsButton.Text = "Find Events";
+            this.FindEventsButton.UseVisualStyleBackColor = true;
+            this.FindEventsButton.Click += new System.EventHandler(this.FindEventsButton_Click);
+            // 
+            // StatusOutput
+            // 
+            this.StatusOutput.AutoSize = true;
+            this.StatusOutput.Location = new System.Drawing.Point(16, 35);
+            this.StatusOutput.Name = "StatusOutput";
+            this.StatusOutput.Text = "Checking for administrator rights...";
+            this.StatusOutput.Size = new System.Drawing.Size(0, 25);
+            this.StatusOutput.TabIndex = 5;
+            // 
+            // EventRangeBox
+            // 
+            this.EventRangeBox.Controls.Add(this.StartButton);
+            this.EventRangeBox.Controls.Add(this.EndButton);
+            this.EventRangeBox.Controls.Add(this.StartInput);
+            this.EventRangeBox.Controls.Add(this.EndInput);
+            this.EventRangeBox.Location = new System.Drawing.Point(12, 13);
+            this.EventRangeBox.Name = "EventRangeBox";
+            this.EventRangeBox.Size = new System.Drawing.Size(423, 168);
+            this.EventRangeBox.TabIndex = 6;
+            this.EventRangeBox.TabStop = false;
+            this.EventRangeBox.Text = "Event Range";
+            // 
+            // Status
+            // 
+            this.Status.Controls.Add(this.StatusOutput);
+            this.Status.Location = new System.Drawing.Point(18, 268);
+            this.Status.Name = "Status";
+            this.Status.Size = new System.Drawing.Size(403, 147);
+            this.Status.TabIndex = 7;
+            this.Status.TabStop = false;
+            this.Status.Text = "Status";
+            // 
+            // FindEvents
+            // 
+            this.AutoScaleDimensions = new System.Drawing.SizeF(11F, 24F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(447, 427);
+            this.Controls.Add(this.FindEventsButton);
+            this.Controls.Add(this.EventRangeBox);
+            this.Controls.Add(this.Status);
+            this.Name = "FindEvents";
+            this.Text = "FindEvents";
+            this.EventRangeBox.ResumeLayout(false);
+            this.EventRangeBox.PerformLayout();
+            this.Status.ResumeLayout(false);
+            this.Status.PerformLayout();
+            this.ResumeLayout(false);
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Button StartButton;
+        private System.Windows.Forms.Button EndButton;
+        private System.Windows.Forms.TextBox StartInput;
+        private System.Windows.Forms.TextBox EndInput;
+        private System.Windows.Forms.Button FindEventsButton;
+        private System.Windows.Forms.Label StatusOutput;
+        private System.Windows.Forms.GroupBox EventRangeBox;
+        private System.Windows.Forms.GroupBox Status;
+    }
+}
+
diff --git a/EventFinder/Form1.cs b/EventFinder/Form1.cs
new file mode 100644
index 0000000..b20f3b3
--- /dev/null
+++ b/EventFinder/Form1.cs
@@ -0,0 +1,181 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Diagnostics.Eventing.Reader; // I think this will be needed?
+using System.Diagnostics;
+using System.Xml;
+using System.Xml.Linq;
+using System.Text.RegularExpressions;
+using System.Windows.Forms;
+using System.IO;
+using CsvHelper;
+
+public class Record
+{
+    public string Message { get; set; }
+    public string SystemTime { get; set; }
+    public string Id { get; set; }
+    public string Version { get; set; }
+    public string Qualifiers { get; set; }
+    public string Level { get; set; }
+    public string Task { get; set; }
+    public string Opcode { get; set; }
+    public string Keywords { get; set; }
+    public string RecordId { get; set; }
+    public string ProviderName { get; set; }
+    public string ProviderID { get; set; }
+    public string LogName { get; set; }
+    public string ProcessId { get; set; }
+    public string ThreadId { get; set; }
+    public string MachineName { get; set; }
+    public string UserID { get; set; }
+    public string TimeCreated { get; set; }
+    public string ActivityId { get; set; }
+    public string RelatedActivityId { get; set; }
+    public string Hashcode { get; set; }
+    public string MatchedQueryIds { get; set; }
+    public string LevelDisplayName { get; set; }
+    public string OpcodeDisplayName { get; set; }
+    public string TaskDisplayName { get; set; }
+
+}
+
+
+namespace EventFinder
+{
+    public partial class FindEvents : Form
+    {
+        public FindEvents()
+        {
+            InitializeComponent();
+
+
+
+        EventLogSession session = new EventLogSession();
+            var providers = session.GetProviderNames().ToList();
+            Regex rgx = new Regex(@"^Security$");
+            bool AdminFlag = false;
+
+            foreach (string provider in providers)
+            {
+                if (rgx.IsMatch(provider))
+                {
+                    AdminFlag = true;
+                }
+            }
+
+            if (AdminFlag)
+            {
+                StatusOutput.Text = "Security log found!\nYou are likely administrator";
+                StatusOutput.ForeColor = System.Drawing.Color.Green;
+            } else
+            {
+                StatusOutput.Text = "Unable to read Security log.\nAre you administrator?";
+                StatusOutput.ForeColor = System.Drawing.Color.Red;
+            }
+        }
+
+        private void StartButton_Click(object sender, EventArgs e)
+        {
+            string CurrentTime = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss");
+            StartInput.Text = CurrentTime;
+        }
+
+        private void EndButton_Click(object sender, EventArgs e)
+        {
+            string CurrentTime = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss");
+            EndInput.Text = CurrentTime;
+        }
+
+        private void FindEventsButton_Click(object sender, EventArgs e)
+        {
+            FindEventsButton.Enabled = false;
+
+
+
+            
+
+        // Variables we will need
+        DateTime StartTime = DateTime.ParseExact(StartInput.Text, "MM/dd/yyyy HH:mm:ss", null);
+        DateTime EndTime = DateTime.ParseExact(EndInput.Text, "MM/dd/yyyy HH:mm:ss", null);
+        string RunTime = DateTime.Now.ToString("yyyyMMdd_HHmmss");
+        string DesktopPath = Environment.GetFolderPath(Environment.SpecialFolder.Desktop);
+        EventLogSession Session = new EventLogSession();
+        var Providers = Session.GetProviderNames().ToList();
+
+        var query = string.Format(@"*[System[TimeCreated[@SystemTime >= '{0}']]] and *[System[TimeCreated[@SystemTime <= '{1}']]]", StartTime.ToString("o"), EndTime.ToString("o"));
+
+            List<Record> records = new List<Record> { };
+
+            foreach (var Provider in Providers)
+            {
+                try
+                {
+                    EventLogQuery eventlogQuery = new EventLogQuery(Provider, PathType.LogName, query);
+                    EventLogReader eventlogReader = new EventLogReader(eventlogQuery);
+
+                    for (EventRecord eventRecord = eventlogReader.ReadEvent(); null != eventRecord; eventRecord = eventlogReader.ReadEvent())
+                    {
+                        // Get the SystemTime from the event record XML 
+                        var xml = XDocument.Parse(eventRecord.ToXml());
+                        XNamespace ns = xml.Root.GetDefaultNamespace();
+
+                        // Collect ALL THE THINGS!
+                        string Message = eventRecord.FormatDescription();
+                        string SystemTime = xml.Root.Element(ns + "System").Element(ns + "TimeCreated").Attribute("SystemTime").Value;
+                        string Id = eventRecord.Id.ToString();
+                        string Version = eventRecord.Version.ToString();
+                        string Qualifiers = eventRecord.Qualifiers.ToString();
+                        string Level = eventRecord.Level.ToString();
+                        string Task = eventRecord.Task.ToString();
+                        string Opcode = eventRecord.Opcode.ToString();
+                        string Keywords = eventRecord.Keywords.ToString();
+                        string RecordId = eventRecord.RecordId.ToString();
+                        string ProviderName = eventRecord.ProviderName;
+                        string ProviderID = eventRecord.ProviderId.ToString();
+                        string LogName = eventRecord.LogName;
+                        string ProcessId = eventRecord.ProcessId.ToString();
+                        string ThreadId = eventRecord.ThreadId.ToString();
+                        string MachineName = eventRecord.MachineName;
+                        string UserID = eventRecord.UserId?.ToString();
+                        string TimeCreated = eventRecord.TimeCreated.ToString();
+                        string ActivityId = eventRecord.ActivityId.ToString();
+                        string RelatedActivityId = eventRecord.RelatedActivityId.ToString();
+                        string Hashcode = eventRecord.GetHashCode().ToString();
+                        string LevelDisplayName = eventRecord.LevelDisplayName;
+                        string OpcodeDisplayName = eventRecord.OpcodeDisplayName;
+                        string TaskDisplayName = eventRecord.TaskDisplayName;
+
+                        // Add them to the record. The things equal the things.
+                        records.Add(new Record() { Message = Message, SystemTime = SystemTime, Id = Id, Version = Version, Qualifiers = Qualifiers, Level = Level, Task = Task, Opcode = Opcode, Keywords = Keywords, RecordId = RecordId, ProviderName = ProviderName, ProviderID = ProviderID, LogName = LogName, ProcessId = ProcessId, ThreadId = ThreadId, MachineName = MachineName, UserID = UserID, TimeCreated = TimeCreated, ActivityId = ActivityId, RelatedActivityId = RelatedActivityId, Hashcode = Hashcode, LevelDisplayName = LevelDisplayName, OpcodeDisplayName = OpcodeDisplayName, TaskDisplayName = TaskDisplayName });
+                    }
+
+                } catch (EventLogNotFoundException)
+                {
+                    // No events found - Nothing to be done
+                } catch (EventLogException)
+                {
+                    // Error Reading Provider - Nothing to be done
+                }
+
+
+            }
+
+            records.OrderBy(x => x.SystemTime);
+
+            using (var writer = new StreamWriter(DesktopPath + "\\Logs_Runtime_" + RunTime + ".csv", append: true))
+            using (var csv = new CsvWriter(writer))
+            {
+                csv.Configuration.ShouldQuote = (field, context) => true;
+                csv.WriteRecords(records);
+            }
+
+            FindEventsButton.Enabled = true;
+        }
+    }
+}
diff --git a/EventFinder/Form1.resx b/EventFinder/Form1.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/EventFinder/Form1.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/EventFinder/ILMerge.props b/EventFinder/ILMerge.props
new file mode 100644
index 0000000..aaadb12
--- /dev/null
+++ b/EventFinder/ILMerge.props
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <!--                                                                                   -->
+    <!-- ILMerge project-specific settings. Almost never need to be set explicitly.       -->
+    <!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
+    <!--                                                                                   -->
+    <!-- *** set this file to Type=None, CopyToOutput=Never ***                            -->
+
+    <!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
+    <ILMergeTransitive>true</ILMergeTransitive>
+
+    <!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
+    <ILMergeLibraryPath></ILMergeLibraryPath>
+
+    <!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
+    <ILMergePackagesPath></ILMergePackagesPath>
+
+    <!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
+    <ILMergeOrderFile></ILMergeOrderFile>
+
+    <!-- The strong key file name if not specified in the project -->
+    <ILMergeKeyFile></ILMergeKeyFile>
+
+    <!-- The assembly version if differs for the version of the main assembly -->
+    <ILMergeAssemblyVersion></ILMergeAssemblyVersion>
+
+    <!-- added in Version 1.0.4 -->
+    <ILMergeFileAlignment></ILMergeFileAlignment>
+
+    <!-- added in Version 1.0.4, default=none -->
+    <ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
+
+    <!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
+    <ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
+
+    <!-- See ILMerge documentation -->
+    <ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
+
+    <!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
+    <ILMergeCopyAttributes></ILMergeCopyAttributes>
+    
+    <!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
+    <ILMergeDebugInfo></ILMergeDebugInfo>
+
+    <!-- Target assembly will be delay signed -->
+    <ILMergeDelaySign></ILMergeDelaySign>
+
+    <!-- Types in assemblies other than the primary assembly have their visibility modified -->
+    <ILMergeInternalize></ILMergeInternalize>
+
+    <!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
+    <ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
+
+    <!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
+    <ILMergeXmlDocumentation></ILMergeXmlDocumentation>
+
+    <!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
+    <ILMergePublicKeyTokens></ILMergePublicKeyTokens>
+
+    <!-- Types with the same name are all merged into a single type in the target assembly -->
+    <ILMergeUnionMerge></ILMergeUnionMerge>
+
+    <!-- The version of the target framework, default 40 (works for 45 too) -->
+    <ILTargetPlatform></ILTargetPlatform>
+  </PropertyGroup>
+</Project>
diff --git a/EventFinder/ILMergeOrder.txt b/EventFinder/ILMergeOrder.txt
new file mode 100644
index 0000000..3fda7f5
--- /dev/null
+++ b/EventFinder/ILMergeOrder.txt
@@ -0,0 +1,4 @@
+# this file contains the partial list of the merged assemblies in the merge order
+# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
+# and finetune merge order to your satisfaction
+
diff --git a/EventFinder/Program.cs b/EventFinder/Program.cs
new file mode 100644
index 0000000..6840118
--- /dev/null
+++ b/EventFinder/Program.cs
@@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace EventFinder
+{
+    static class Program
+    {
+        /// <summary>
+        /// The main entry point for the application.
+        /// </summary>
+        [STAThread]
+        static void Main()
+        {
+            Application.EnableVisualStyles();
+            Application.SetCompatibleTextRenderingDefault(false);
+            Application.Run(new FindEvents());
+        }
+    }
+}
diff --git a/EventFinder/Properties/AssemblyInfo.cs b/EventFinder/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..a341111
--- /dev/null
+++ b/EventFinder/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("EventFinder")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("EventFinder")]
+[assembly: AssemblyCopyright("Copyright ©  2019")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("36e134c0-5b86-418d-b42d-65b6c38de1ed")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/EventFinder/Properties/Resources.Designer.cs b/EventFinder/Properties/Resources.Designer.cs
new file mode 100644
index 0000000..9aa6819
--- /dev/null
+++ b/EventFinder/Properties/Resources.Designer.cs
@@ -0,0 +1,71 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.42000
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace EventFinder.Properties
+{
+
+
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources
+    {
+
+        private static global::System.Resources.ResourceManager resourceMan;
+
+        private static global::System.Globalization.CultureInfo resourceCulture;
+
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources()
+        {
+        }
+
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager
+        {
+            get
+            {
+                if ((resourceMan == null))
+                {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("EventFinder.Properties.Resources", typeof(Resources).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture
+        {
+            get
+            {
+                return resourceCulture;
+            }
+            set
+            {
+                resourceCulture = value;
+            }
+        }
+    }
+}
diff --git a/EventFinder/Properties/Resources.resx b/EventFinder/Properties/Resources.resx
new file mode 100644
index 0000000..af7dbeb
--- /dev/null
+++ b/EventFinder/Properties/Resources.resx
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/EventFinder/Properties/Settings.Designer.cs b/EventFinder/Properties/Settings.Designer.cs
new file mode 100644
index 0000000..b12fadc
--- /dev/null
+++ b/EventFinder/Properties/Settings.Designer.cs
@@ -0,0 +1,30 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.42000
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace EventFinder.Properties
+{
+
+
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
+    internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
+    {
+
+        private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
+
+        public static Settings Default
+        {
+            get
+            {
+                return defaultInstance;
+            }
+        }
+    }
+}
diff --git a/EventFinder/Properties/Settings.settings b/EventFinder/Properties/Settings.settings
new file mode 100644
index 0000000..3964565
--- /dev/null
+++ b/EventFinder/Properties/Settings.settings
@@ -0,0 +1,7 @@
+<?xml version='1.0' encoding='utf-8'?>
+<SettingsFile xmlns="http://schemas.microsoft.com/VisualStudio/2004/01/settings" CurrentProfile="(Default)">
+  <Profiles>
+    <Profile Name="(Default)" />
+  </Profiles>
+  <Settings />
+</SettingsFile>
diff --git a/EventFinder/packages.config b/EventFinder/packages.config
new file mode 100644
index 0000000..9b7a705
--- /dev/null
+++ b/EventFinder/packages.config
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="CsvHelper" version="12.1.1" targetFramework="net461" />
+  <package id="ILMerge" version="3.0.21" targetFramework="net461" />
+  <package id="MSBuild.ILMerge.Task" version="1.0.5" targetFramework="net461" />
+  <package id="System.ValueTuple" version="4.5.0" targetFramework="net461" />
+</packages>
\ No newline at end of file