SHARE
TWEET

eventlog

sam20e Apr 11th, 2019 22 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Level   Date and Time   Source  Event ID    Task Category
  2. Information 10/4/2019 11:36:58 PM   Microsoft-Windows-Kernel-Power  107 (102)   The system has resumed from sleep.
  3. Information 10/4/2019 11:36:54 PM   Microsoft-Windows-Kernel-Power  42  (64)    "The system is entering sleep.
  4.  
  5. Sleep Reason: Application API"
  6. Information 10/4/2019 11:36:51 PM   Microsoft-Windows-Kernel-Power  187 (243)   User-mode process attempted to change the system state by calling SetSuspendState or SetSystemPowerState APIs.
  7. Information 10/4/2019 11:36:51 PM   Win32k  267 None    Touch/Touchpad Hardware Quality Assurance verification succeeded.
  8. Information 10/4/2019 11:36:50 PM   Microsoft-Windows-Winlogon  7002    (1102)  User Logoff Notification for Customer Experience Improvement Program
  9. Information 10/4/2019 11:36:48 PM   User32  1074    None    "The process C:\Windows\System32\RuntimeBroker.exe (DESKTOP-HJ3E6N4) has initiated the power off of computer DESKTOP-HJ3E6N4 on behalf of user DESKTOP-HJ3E6N4\sampr for the following reason: Other (Unplanned)
  10.  Reason Code: 0x0
  11.  Shutdown Type: power off
  12.  Comment: "
  13. Information 10/4/2019 11:36:33 PM   Service Control Manager 7040    None    The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
  14. Information 10/4/2019 10:24:23 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages.
  15. Information 10/4/2019 10:24:19 PM   Service Control Manager 7040    None    The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
  16. Information 10/4/2019 10:21:05 PM   Service Control Manager 7040    None    The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
  17. Information 10/4/2019 10:18:00 PM   Service Control Manager 7040    None    The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
  18. Information 10/4/2019 10:17:22 PM   Microsoft-Windows-Kernel-Power  105 (100)   Power source change.
  19. Error   10/4/2019 10:15:59 PM   Microsoft-Windows-DistributedCOM    10016   None    "The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
  20. Windows.SecurityCenter.SecurityAppBroker
  21.  and APPID
  22. Unavailable
  23.  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."
  24. Error   10/4/2019 10:15:59 PM   Microsoft-Windows-DistributedCOM    10016   None    "The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
  25. Windows.SecurityCenter.WscBrokerManager
  26.  and APPID
  27. Unavailable
  28.  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."
  29. Error   10/4/2019 10:15:05 PM   Microsoft-Windows-DistributedCOM    10016   None    "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  30. {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
  31.  and APPID
  32. {15C20B67-12E7-4BB6-92BB-7AFF07997402}
  33.  to the user DESKTOP-HJ3E6N4\sampr SID (S-1-5-21-1224730652-1865282460-2047001690-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."
  34. Error   10/4/2019 10:15:03 PM   Microsoft-Windows-DistributedCOM    10016   None    "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  35. {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
  36.  and APPID
  37. {15C20B67-12E7-4BB6-92BB-7AFF07997402}
  38.  to the user DESKTOP-HJ3E6N4\sampr SID (S-1-5-21-1224730652-1865282460-2047001690-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."
  39. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 5 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  40. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  41. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  42. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  43. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  44. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  45. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  46. Warning 10/4/2019 10:14:56 PM   Microsoft-Windows-Kernel-Processor-Power    37  (7) The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
  47. Information 10/4/2019 10:14:43 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'wcnfs' (10.0, ‎2006‎-‎11‎-‎24T15:13:01.000000000Z) has successfully loaded and registered with Filter Manager.
  48. Information 10/4/2019 10:14:42 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\Users\sampr\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 15 keys and creating 2 modified pages.
  49. Information 10/4/2019 10:14:39 PM   Microsoft-Windows-WindowsUpdateClient   19  Windows Update Agent    Installation Successful: Windows successfully installed the following update: 2019-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4493509)
  50. Information 10/4/2019 10:14:29 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat was cleared updating 110 keys and creating 41 modified pages.
  51. Information 10/4/2019 10:14:28 PM   Microsoft-Windows-Winlogon  7001    (1101)  User Logon Notification for Customer Experience Improvement Program
  52. Information 10/4/2019 10:14:28 PM   Service Control Manager 7040    None    The start type of the Windows Modules Installer service was changed from auto start to demand start.
  53. Information 10/4/2019 10:14:16 PM   Microsoft-Windows-HttpEvent 15007   None    Reservation for namespace identified by URL prefix http://+:3387/rdp/ was successfully added.
  54. Information 10/4/2019 10:14:16 PM   Microsoft-Windows-HttpEvent 15007   None    Reservation for namespace identified by URL prefix https://+:3392/rdp/ was successfully added.
  55. Information 10/4/2019 10:14:09 PM   Service Control Manager 7040    None    The start type of the Symantec Real Time Storage Protection x64 service was changed from system start to demand start.
  56. Information 10/4/2019 10:14:06 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\WINDOWS\system32\config\elam was cleared updating 2 keys and creating 1 modified pages.
  57. Information 10/4/2019 10:14:03 PM   Microsoft-Windows-TPM-WMI   1025    None    The TPM was successfully provisioned and is now ready for use.
  58. Information 10/4/2019 10:14:02 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared updating 8 keys and creating 4 modified pages.
  59. Information 10/4/2019 10:14:02 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-20-04102019221402047-ntuser.dat was cleared updating 0 keys and creating 0 modified pages.
  60. Information 10/4/2019 10:14:01 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-19-04102019221401953-ntuser.dat was cleared updating 0 keys and creating 0 modified pages.
  61. Information 10/4/2019 10:14:01 PM   Microsoft-Windows-TPM-WMI   1025    None    The TPM was successfully provisioned and is now ready for use.
  62. Information 10/4/2019 10:14:01 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-18-04102019221401889-ntuser.dat was cleared updating 0 keys and creating 0 modified pages.
  63. Information 10/4/2019 10:14:01 PM   Microsoft-Windows-HttpEvent 15008   None    Reservation for namespace identified by URL prefix http://+:3387/rdp/ was successfully deleted.
  64. Information 10/4/2019 10:14:01 PM   Microsoft-Windows-HttpEvent 15008   None    Reservation for namespace identified by URL prefix https://+:3392/rdp/ was successfully deleted.
  65. Information 10/4/2019 10:14:01 PM   Service Control Manager 7045    None    "A service was installed in the system.
  66.  
  67. Service Name:  MBAMSwissArmy
  68. Service File Name:  \SystemRoot\system32\DRIVERS\mbamswissarmy.sys
  69. Service Type:  kernel mode driver
  70. Service Start Type:  demand start
  71. Service Account:  "
  72. Information 10/4/2019 10:13:58 PM   TPM 18  None    This event triggers the Trusted Platform Module (TPM) provisioning/status check to run.
  73. Information 10/4/2019 10:13:58 PM   Service Control Manager 7026    None    "The following boot-start or system-start driver(s) did not load:
  74. dam"
  75. Information 10/4/2019 10:13:58 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve was cleared updating 1961 keys and creating 703 modified pages.
  76. Information 10/4/2019 10:13:56 PM   Win32k  267 None    Touch/Touchpad Hardware Quality Assurance verification succeeded.
  77. Information 10/4/2019 10:13:56 PM   IntelHaxm   4   None    HAXM is loaded successfully
  78. Error   10/4/2019 10:13:56 PM   Service Control Manager 7000    None    "The WsDrvInst service failed to start due to the following error:
  79. The system cannot find the file specified."
  80. Information 10/4/2019 10:13:56 PM   Microsoft-Windows-WLAN-AutoConfig   4000    None    "WLAN AutoConfig service has successfully started.
  81. "
  82. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-DHCPv6-Client 51046   Service State Event DHCPv6 client service is started
  83. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-Dhcp-Client   50103   Service State Event DHCPv4 client registered for shutdown notification
  84. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-Dhcp-Client   50036   Service State Event DHCPv4 client service is started
  85. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'virtual_file' (6.3, ‎2017‎-‎11‎-‎21T22:06:06.000000000Z) has successfully loaded and registered with Filter Manager.
  86. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'MBAMChameleon' (10.0, ‎2018‎-‎11‎-‎16T02:11:24.000000000Z) has successfully loaded and registered with Filter Manager.
  87. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'storqosflt' (10.0, ‎1992‎-‎02‎-‎07T16:10:35.000000000Z) has successfully loaded and registered with Filter Manager.
  88. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'file_protector' (6.3, ‎2017‎-‎12‎-‎12T19:08:30.000000000Z) has successfully loaded and registered with Filter Manager.
  89. Information 10/4/2019 10:13:54 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \SystemRoot\System32\Config\bbimigrate\BBI was cleared updating 1 keys and creating 1 modified pages.
  90. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'CldFlt' (10.0, ‎2098‎-‎06‎-‎25T12:24:31.000000000Z) has successfully loaded and registered with Filter Manager.
  91. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-FilterManager 1   None    File System Filter 'CldFlt' (Version 10.0, ‎2098‎-‎06‎-‎25T12:24:31.000000000Z) unloaded successfully.
  92. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'CldFlt' (10.0, ‎2098‎-‎06‎-‎25T12:24:31.000000000Z) has successfully loaded and registered with Filter Manager.
  93. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'luafv' (10.0, ‎2022‎-‎11‎-‎24T18:03:32.000000000Z) has successfully loaded and registered with Filter Manager.
  94. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'wcifs' (10.0, ‎1988‎-‎07‎-‎09T10:58:49.000000000Z) has successfully loaded and registered with Filter Manager.
  95. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 344 keys and creating 83 modified pages.
  96. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 144 keys and creating 23 modified pages.
  97. Information 10/4/2019 10:13:53 PM   Win32k  267 None    Touch/Touchpad Hardware Quality Assurance verification succeeded.
  98. Information 10/4/2019 10:13:53 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 101 keys and creating 19 modified pages.
  99. Information 10/4/2019 10:13:52 PM   Microsoft-Windows-Directory-Services-SAM    16962   None    "Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
  100. For more information please see http://go.microsoft.com/fwlink/?LinkId=787651."
  101. Information 10/4/2019 10:13:52 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 70 keys and creating 8 modified pages.
  102. Information 10/4/2019 10:13:52 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 87 keys and creating 5 modified pages.
  103. Information 10/4/2019 10:13:52 PM   Microsoft-Windows-Wininit   14  None    Credential Guard configuration: 0x0, 0
  104. Information 10/4/2019 10:13:51 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 615 keys and creating 86 modified pages.
  105. Information 10/4/2019 10:13:49 PM   Microsoft-Windows-Kernel-General    15  None    Hive \SystemRoot\System32\Config\SOFTWARE was reorganized with a starting size of 100773888 bytes and an ending size of 100777984 bytes.
  106. Information 10/4/2019 10:13:46 PM   Microsoft-Windows-Ntfs  98  None    Volume \\?\Volume{0337f223-5980-47d6-a36e-f02ac1bd6187} (\Device\HarddiskVolume5) is healthy.  No action is needed.
  107. Information 10/4/2019 10:13:46 PM   Microsoft-Windows-Ntfs  98  None    Volume \\?\Volume{8a1f177b-97ff-4885-9790-b1757e26d856} (\Device\HarddiskVolume4) is healthy.  No action is needed.
  108. Information 10/4/2019 10:13:46 PM   MEIx64  2   None    Intel(R) Management Engine Interface driver has started successfully.
  109. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Power  521 (220)   Active battery count change.
  110. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Power  521 (220)   Active battery count change.
  111. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 7 in group 0 exposes the following power management capabilities:
  112.  
  113. Idle state type: ACPI Idle (C) States (3 state(s))
  114.  
  115. Performance state type: ACPI Performance (P) / Throttle (T) States
  116. Nominal Frequency (MHz): 2601
  117. Maximum performance percentage: 100
  118. Minimum performance percentage: 30
  119. Minimum throttle percentage: 3"
  120. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 5 in group 0 exposes the following power management capabilities:
  121.  
  122. Idle state type: ACPI Idle (C) States (3 state(s))
  123.  
  124. Performance state type: ACPI Performance (P) / Throttle (T) States
  125. Nominal Frequency (MHz): 2601
  126. Maximum performance percentage: 100
  127. Minimum performance percentage: 30
  128. Minimum throttle percentage: 3"
  129. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 3 in group 0 exposes the following power management capabilities:
  130.  
  131. Idle state type: ACPI Idle (C) States (3 state(s))
  132.  
  133. Performance state type: ACPI Performance (P) / Throttle (T) States
  134. Nominal Frequency (MHz): 2601
  135. Maximum performance percentage: 100
  136. Minimum performance percentage: 30
  137. Minimum throttle percentage: 3"
  138. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 1 in group 0 exposes the following power management capabilities:
  139.  
  140. Idle state type: ACPI Idle (C) States (3 state(s))
  141.  
  142. Performance state type: ACPI Performance (P) / Throttle (T) States
  143. Nominal Frequency (MHz): 2601
  144. Maximum performance percentage: 100
  145. Minimum performance percentage: 30
  146. Minimum throttle percentage: 3"
  147. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 6 in group 0 exposes the following power management capabilities:
  148.  
  149. Idle state type: ACPI Idle (C) States (3 state(s))
  150.  
  151. Performance state type: ACPI Performance (P) / Throttle (T) States
  152. Nominal Frequency (MHz): 2601
  153. Maximum performance percentage: 100
  154. Minimum performance percentage: 30
  155. Minimum throttle percentage: 3"
  156. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 4 in group 0 exposes the following power management capabilities:
  157.  
  158. Idle state type: ACPI Idle (C) States (3 state(s))
  159.  
  160. Performance state type: ACPI Performance (P) / Throttle (T) States
  161. Nominal Frequency (MHz): 2601
  162. Maximum performance percentage: 100
  163. Minimum performance percentage: 30
  164. Minimum throttle percentage: 3"
  165. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 2 in group 0 exposes the following power management capabilities:
  166.  
  167. Idle state type: ACPI Idle (C) States (3 state(s))
  168.  
  169. Performance state type: ACPI Performance (P) / Throttle (T) States
  170. Nominal Frequency (MHz): 2601
  171. Maximum performance percentage: 100
  172. Minimum performance percentage: 30
  173. Minimum throttle percentage: 3"
  174. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Processor-Power    55  (47)    "Processor 0 in group 0 exposes the following power management capabilities:
  175.  
  176. Idle state type: ACPI Idle (C) States (3 state(s))
  177.  
  178. Performance state type: ACPI Performance (P) / Throttle (T) States
  179. Nominal Frequency (MHz): 2601
  180. Maximum performance percentage: 100
  181. Minimum performance percentage: 30
  182. Minimum throttle percentage: 3"
  183. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Ntfs  98  None    Volume D: (\Device\HarddiskVolume6) is healthy.  No action is needed.
  184. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-Kernel-Power  172 (203)   Connectivity state in standby: Disconnected, Reason: NIC compliance
  185. Information 10/4/2019 10:13:45 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'BHDrvx64' (6.1, ‎2019‎-‎01‎-‎29T10:34:54.000000000Z) has successfully loaded and registered with Filter Manager.
  186. Information 10/4/2019 10:13:44 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'eeCtrl' (6.1, ‎2018‎-‎11‎-‎07T10:08:34.000000000Z) has successfully loaded and registered with Filter Manager.
  187. Information 10/4/2019 10:13:44 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'npsvctrig' (10.0, ‎2037‎-‎02‎-‎23T14:11:04.000000000Z) has successfully loaded and registered with Filter Manager.
  188. Information 10/4/2019 10:13:44 PM   SRTSP   2003    None    Symantec Antivirus minifilter successfully loaded.
  189. Information 10/4/2019 10:13:43 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'SRTSP' (10.0, ‎2019‎-‎02‎-‎20T03:31:01.000000000Z) has successfully loaded and registered with Filter Manager.
  190. Information 10/4/2019 10:13:43 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'FileCrypt' (10.0, ‎2034‎-‎08‎-‎13T22:30:12.000000000Z) has successfully loaded and registered with Filter Manager.
  191. Information 10/4/2019 10:13:43 PM   Microsoft-Windows-Ntfs  98  None    Volume C: (\Device\HarddiskVolume3) is healthy.  No action is needed.
  192. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'SymEFASI' (10.0, ‎2019‎-‎02‎-‎07T07:47:02.000000000Z) has successfully loaded and registered with Filter Manager.
  193. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'file_tracker' (6.3, ‎2017‎-‎08‎-‎12T01:22:17.000000000Z) has successfully loaded and registered with Filter Manager.
  194. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'Wof' (10.0, ‎1988‎-‎11‎-‎15T07:36:29.000000000Z) has successfully loaded and registered with Filter Manager.
  195. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-FilterManager 6   None    File System Filter 'FileInfo' (10.0, ‎2041‎-‎01‎-‎31T15:18:31.000000000Z) has successfully loaded and registered with Filter Manager.
  196. Error   10/4/2019 10:13:42 PM   Application Popup   56  None    "The description for Event ID 56 from source Application Popup cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  197.  
  198. If the event originated on another computer, the display information had to be saved with the event.
  199.  
  200. The following information was included with the event:
  201.  
  202. ACPI
  203. 5
  204.  
  205. The message resource is present but the message was not found in the message table
  206. "
  207. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-General    20  (6) "The leap second configuration has been updated.
  208. Reason: Leap second data initialized from registry during boot
  209. Leap seconds enabled: true
  210. New leap second count: 0
  211. Old leap second count: 0"
  212. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-Boot   30  (21)    The firmware reported boot metrics.
  213. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-Boot   27  (33)    The boot type was 0x0.
  214. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-Boot   25  (32)    The boot menu policy was 0x1.
  215. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-Boot   20  (31)    The last shutdown's success status was true. The last boot's success status was true.
  216. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-Boot   32  (58)    The bootmgr spent 0 ms waiting for user input.
  217. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-Boot   18  (57)    There are 0x1 boot options on this system.
  218. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-Boot   153 (62)    Virtualization-based security (policies: 0) is disabled.
  219. Information 10/4/2019 10:13:42 PM   Microsoft-Windows-Kernel-General    12  (1) The operating system started at system time ‎2019‎-‎04‎-‎10T14:13:41.500000000Z.
  220. Information 10/4/2019 10:13:32 PM   Microsoft-Windows-Kernel-General    13  (2) The operating system is shutting down at system time ‎2019‎-‎04‎-‎10T14:13:32.645949300Z.
  221. Information 10/4/2019 10:13:31 PM   Microsoft-Windows-Kernel-Power  109 (103)   "The kernel power manager has initiated a shutdown transition.
  222.  
  223. Shutdown Reason: Kernel API"
  224. Information 10/4/2019 10:13:54 PM   EventLog    6013    None    The system uptime is 12 seconds.
  225. Information 10/4/2019 10:13:54 PM   EventLog    6005    None    The Event log service was started.
  226. Information 10/4/2019 10:13:54 PM   EventLog    6009    None    Microsoft (R) Windows (R) 10.00. 17763  Multiprocessor Free.
  227. Information 10/4/2019 10:13:26 PM   Microsoft-Windows-Dhcp-Client   50106   Service State Event DHCPv4 is waiting on DHCPv6 service to stop
  228. Information 10/4/2019 10:13:26 PM   Microsoft-Windows-DHCPv6-Client 51047   Service State Event DHCPv6 client service is stopped. ShutDown Flag value is 1
  229. Information 10/4/2019 10:13:26 PM   Microsoft-Windows-Dhcp-Client   50105   Service State Event DHCPv4 client ProcessDHCPRequestForever received TERMINATE_EVENT
  230. Information 10/4/2019 10:13:26 PM   Microsoft-Windows-Dhcp-Client   50104   Service State Event DHCPv4 client received shutdown notification
  231. Information 10/4/2019 10:13:26 PM   EventLog    6006    None    The Event log service was stopped.
  232. Information 10/4/2019 10:13:22 PM   Microsoft-Windows-Kernel-General    16  None    The access history in hive \??\C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\migration.dat was cleared updating 1 keys and creating 1 modified pages.
  233. Information 10/4/2019 10:12:49 PM   Microsoft-Windows-Kernel-General    15  None    Hive \SystemRoot\System32\SMI\Store\Machine\schema.dat was reorganized with a starting size of 11685888 bytes and an ending size of 11685888 bytes.
  234. Information 10/4/2019 10:12:43 PM   Microsoft-Windows-Kernel-General    15  None    Hive \??\C:\WINDOWS\System32\config\COMPONENTS was reorganized with a starting size of 47595520 bytes and an ending size of 47607808 bytes.
  235. Error   10/4/2019 10:12:41 PM   Service Control Manager 7023    None    "The Update Orchestrator Service service terminated with the following error:
  236. This operation returned because the timeout period expired."
  237. Information 10/4/2019 10:12:35 PM   Microsoft-Windows-Winlogon  7002    (1102)  User Logoff Notification for Customer Experience Improvement Program
  238. Error   10/4/2019 10:12:34 PM   Microsoft-Windows-DistributedCOM    10010   None    The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
  239. Error   10/4/2019 10:12:34 PM   Microsoft-Windows-DistributedCOM    10010   None    The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
  240. Information 10/4/2019 10:12:29 PM   Application Popup   26  None    "Application popup: Acrobat.exe - Application Error : The instruction at 0x00000000662F9584 referenced memory at 0x00000000662F9584. The memory could not be written.
  241.  
  242. Click on OK to terminate the program"
  243. Information 10/4/2019 10:12:27 PM   Microsoft-Windows-Power-Troubleshooter  1   None    "The system has returned from a low power state.
  244.  
  245. Sleep Time: ‎2019‎-‎04‎-‎10T14:10:39.751411500Z
  246. Wake Time: ‎2019‎-‎04‎-‎10T14:12:26.851032700Z
  247.  
  248. Wake Source: Timer - Windows will execute 'NT TASK\Microsoft\Windows\UpdateOrchestrator\Reboot' scheduled task that requested waking the computer."
  249. Warning 10/4/2019 10:12:26 PM   Microsoft-Windows-Time-Service  134 None    NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
  250. Information 10/4/2019 10:12:26 PM   Microsoft-Windows-Kernel-Boot   27  (33)    The boot type was 0x2.
  251. Information 10/4/2019 10:12:26 PM   Microsoft-Windows-Kernel-Boot   25  (32)    The boot menu policy was 0x375FE000.
  252. Information 10/4/2019 10:12:26 PM   Microsoft-Windows-Kernel-Boot   32  (58)    The bootmgr spent 0 ms waiting for user input.
  253. Information 10/4/2019 10:12:26 PM   Microsoft-Windows-Kernel-Boot   18  (57)    There are 0x1 boot options on this system.
  254. Information 10/4/2019 10:12:26 PM   Microsoft-Windows-Kernel-Boot   30  (21)    The firmware reported boot metrics.
  255. Information 10/4/2019 10:12:25 PM   Microsoft-Windows-Kernel-General    1   (5) "The system time has changed to ‎2019‎-‎04‎-‎10T14:12:25.500000000Z from ‎2019‎-‎04‎-‎10T14:10:44.777296100Z.
  256.  
  257. Change Reason: System time synchronized with the hardware clock.
  258. Process: '' (PID 4)."
  259. Information 10/4/2019 10:10:44 PM   Microsoft-Windows-Kernel-Power  107 (102)   The system has resumed from sleep.
  260. Information 10/4/2019 10:10:40 PM   Microsoft-Windows-Kernel-Power  42  (64)    "The system is entering sleep.
  261.  
  262. Sleep Reason: System Idle"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top