Logs 1

Log Name: System
Source: Service Control Manager

Date: 10/6/2018 8:27:59 PM
Event ID: 7045
Task Category: None
Level: Information
Keywords: Classic
User: MSI\Marshall
Computer: MSI
Description:
A service was installed in the system.
Service Name: WINIO

Service File Name: C:\Program Files (x86)\MSI\Dragon Center\winio64.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-
26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7045</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-10-07T00:27:59.738749000Z" />
<EventRecordID>4937</EventRecordID>
<Correlation />
<Execution ProcessID="856" ThreadID="3800" />
<Channel>System</Channel>
<Computer>MSI</Computer>
<Security UserID="S-1-5-21-2706783470-391557580-4278440124-1001" />
</System>
<EventData>
<Data Name="ServiceName">WINIO</Data>
<Data Name="ImagePath">C:\Program Files (x86)\MSI\Dragon
Center\winio64.sys</Data>
<Data Name="ServiceType">kernel mode driver</Data>
<Data Name="StartType">demand start</Data>
<Data Name="AccountName">
</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-DistributedCOM
Date: 10/6/2018 8:27:56 PM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: MSI\Marshall
Computer: MSI
Description:
The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MSI\Marshall SID (S-1-5-21-2706783470-391557580-4278440124-1001) from
address LocalHost (Using LRPC) running in the application container Unavailable SID
(Unavailable). This security permission can be modified using the Component
Services administrative tool.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-
BADC-B6F3A001407E}" EventSourceName="DCOM" />
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">MSI</Data>
<Data Name="param7">Marshall</Data>
<Data Name="param8">S-1-5-21-2706783470-391557580-4278440124-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-TPM-WMI
Date: 10/6/2018 8:27:53 PM
Event ID: 1025
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
The TPM was successfully provisioned and is now ready for use.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-TPM-WMI" Guid="{7D5387B0-CBE0-11DA-A94D-
0800200C9A66}" />
<EventID>1025</EventID>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-TPM-WMI
Date: 10/6/2018 8:27:51 PM
Event ID: 1025
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
The TPM was successfully provisioned and is now ready for use.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-TPM-WMI" Guid="{7D5387B0-CBE0-11DA-A94D-
0800200C9A66}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: TPM
Date: 10/6/2018 8:27:49 PM
Event ID: 18
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
This event triggers the Trusted Platform Module (TPM) provisioning/status check to
run.
Event Xml:
<System>
<Provider Name="TPM" Guid="{1B6B0772-251B-4D42-917D-FACA166BC059}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="locationCode">0x140000d8</Data>
<Data Name="Data">0</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:49 PM
Event ID: 7026
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
The following boot-start or system-start driver(s) did not load:
dam
Event Xml:
<System>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
<Security />
</System>
<EventData>
<Data Name="param1">
dam</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:43 PM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: LOCAL SERVICE
Computer: MSI
Description:
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost
(Using LRPC) running in the application container Unavailable SID (Unavailable).
This security permission can be modified using the Component Services
administrative tool.
Event Xml:
<System>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:43 PM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: LOCAL SERVICE
Computer: MSI
Description:
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost
(Using LRPC) running in the application container Unavailable SID (Unavailable).
This security permission can be modified using the Component Services
administrative tool.
Event Xml:
<System>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param7">LOCAL SERVICE</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Winlogon
Date: 10/6/2018 8:27:43 PM
Event ID: 7001
Task Category: (1101)
Level: Information
Keywords: (35184372088832)
User: SYSTEM
Computer: MSI
Description:
User Logon Notification for Customer Experience Improvement Program
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-
A3CB16A3B538}" />
<Level>4</Level>
<Task>1101</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="TSId">1</Data>
<Data Name="UserSid">S-1-5-21-2706783470-391557580-4278440124-1001</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:42 PM
Event ID: 7045
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: MSI
Description:
Service Name: NTIOLib_ACTIVE_X

Service File Name: C:\Program Files (x86)\MSI\Dragon Center\NTIOLib_X64.sys
Service Account:
Event Xml:
<System>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="ServiceName">NTIOLib_ACTIVE_X</Data>
Center\NTIOLib_X64.sys</Data>
</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:42 PM
Event ID: 7045
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: MSI
Description:
Service Name: NTIOLib_ACTIVE_X

Service File Name: C:\Program Files (x86)\MSI\Dragon Center\NTIOLib_X64.sys
Service Account:
Event Xml:
<System>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="ServiceName">NTIOLib_ACTIVE_X</Data>
Center\NTIOLib_X64.sys</Data>
</Data>
</EventData>
</Event>
Log Name: System

Source: Killer Network Service
Date: 10/6/2018 8:27:42 PM
Event ID: 16
Task Category: Service State Event
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
Service Starting
Event Xml:
<System>
<Provider Name="Killer Network Service" />
<Level>0</Level>
<Task>1</Task>
<Security />
</System>
<EventData>
<Data>Service Starting</Data>
</EventData>
</Event>
Log Name: System

Source: Killer Network Service
Date: 10/6/2018 8:27:42 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
Service started/resumed
Event Xml:
<System>
<Provider Name="Killer Network Service" />
<Level>4</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Data>Service started/resumed</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig
Date: 10/6/2018 8:27:41 PM
Event ID: 4000
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
WLAN AutoConfig service has successfully started.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580D7DD-0379-4658-
9870-D5BE7D52D6DE}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-DHCPv6-Client
Date: 10/6/2018 8:27:41 PM
Event ID: 51046
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: MSI
Description:
DHCPv6 client service is started
Event Xml:
<System>
<Provider Name="Microsoft-Windows-DHCPv6-Client" Guid="{6A1F2B00-6A90-4C38-
95A5-5CAB3B056778}" />
<Level>4</Level>
<Task>4</Task>
<Opcode>62</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Dhcp-Client
Date: 10/6/2018 8:27:41 PM
Event ID: 50103
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: MSI
Description:
DHCPv4 client registered for shutdown notification
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-
F98A4D666AED}" />
<Level>4</Level>
<Task>4</Task>
<Opcode>129</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Dhcp-Client
Date: 10/6/2018 8:27:41 PM
Event ID: 50036
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: MSI
Description:
DHCPv4 client service is started
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-
F98A4D666AED}" />
<Level>4</Level>
<Task>4</Task>
<Opcode>68</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-FilterManager
Date: 10/6/2018 8:27:41 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'storqosflt' (10.0, ?2011?-?01?-?05T13:54:03.000000000Z) has
successfully loaded and registered with Filter Manager.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{F3C5E28E-63F6-49C7-
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">10</Data>
<Data Name="DeviceName">storqosflt</Data>
<Data Name="DeviceTime">2011-01-05T13:54:03.000000000Z</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:41 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'CldFlt' (10.0, ?2046?-?11?-?06T11:33:22.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">CldFlt</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:41 PM
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'CldFlt' (Version 10.0, ?2046?-?11?-?06T11:33:22.000000000Z)
unloaded successfully.
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:41 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'CldFlt' (10.0, ?2046?-?11?-?06T11:33:22.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:41 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'luafv' (10.0, ?2043?-?06?-?20T15:30:28.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">luafv</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:41 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'wcifs' (10.0, ?2024?-?12?-?16T21:40:30.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">wcifs</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Directory-Services-SAM
Date: 10/6/2018 8:27:40 PM
Event ID: 16962
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
Remote calls to the SAM database are being restricted using the default security
descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0D4FDC09-8C27-
494A-BDA0-505E4FD8ADAE}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation ActivityID="{89CE816F-5DD4-0003-C181-CE89D45DD401}" />
</System>
<EventData Name="SAMMSG_RESTRICT_REMOTE_SAM_DEFAULT_SD">
<Data Name="Default SD String:">O:SYG:SYD:(A;;RC;;;BA)</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Wininit
Date: 10/6/2018 8:27:39 PM
Event ID: 14
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
Credential Guard (LsaIso.exe) configuration: 0x0, 0
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-
989F03C8B84B}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="Config">0</Data>
<Data Name="IsTestConfig">0</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Ntfs
Date: 10/6/2018 8:27:37 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume H: (\Device\HarddiskVolume11) is healthy. No action is needed.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3FF37A1C-A68D-4D6E-8C9B-
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">H:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume11</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>
Log Name: System

Source: BTHUSB
Date: 10/6/2018 8:27:36 PM
Event ID: 18
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
Windows cannot store Bluetooth authentication codes (link keys) on the local
adapter. Bluetooth keyboards might not work in the system BIOS during startup.
Event Xml:
<System>
<Provider Name="BTHUSB" />
<Level>4</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>000008000100000000000000120005400000000000000000000000000000000000000000000
00000E000000000000000</Binary>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Kernel-Power
Date: 10/6/2018 8:27:35 PM
Event ID: 521
Level: Information
Keywords: (1024),(4)
User: SYSTEM
Computer: MSI
Description:
Active battery count change.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-
77220C37D6B4}" />
<Level>4</Level>
<Task>220</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="ValidBatteryCount">1</Data>
<Data Name="ErrorBatteryCount">0</Data>
<Data Name="AbandonedBatteryCount">0</Data>
</EventData>
</Event>
Log Name: System

Source: MEIx64
Date: 10/6/2018 8:27:35 PM
Event ID: 2
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
Intel(R) Management Engine Interface driver has started successfully.
Event Xml:
<System>
<Provider Name="MEIx64" />
<Level>4</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>000000000100000000000000020007400000000000000000000000000000000000000000000
00000</Binary>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Kernel-Processor-Power
Date: 10/6/2018 8:27:35 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
Processor 7 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (3 state(s))
Performance state type: ACPI Performance (P) / Throttle (T) States

Nominal Frequency (MHz): 2701
Maximum performance percentage: 100
Minimum performance percentage: 29
Minimum throttle percentage: 29
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0F67E49F-FE51-
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">7</Data>
<Data Name="IdleStateCount">3</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">2701</Data>
<Data Name="MaximumPerformancePercent">100</Data>
<Data Name="MinimumPerformancePercent">29</Data>
<Data Name="MinimumThrottlePercent">29</Data>
<Data Name="PerformanceImplementation">1</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:35 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume \\?\Volume{953cd5a1-92fb-4604-b492-584313241813} (\Device\HarddiskVolume10)
is healthy. No action is needed.
Event Xml:
<System>
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{953cd5a1-92fb-4604-b492-584313241813}</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume \\?\Volume{47bea2f2-016a-4cbe-b3cd-124a01232061} (\Device\HarddiskVolume7)
Event Xml:
<System>
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{47bea2f2-016a-4cbe-b3cd-124a01232061}</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume \\?\Volume{60702985-8ff4-4e9c-b6cb-8d15bf1d772f} (\Device\HarddiskVolume8)
Event Xml:
<System>
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{60702985-8ff4-4e9c-b6cb-8d15bf1d772f}</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume F: (\Device\HarddiskVolume9) is healthy. No action is needed.
Event Xml:
<System>
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">F:</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:

Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:

Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:

Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:

Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:

Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System
Date: 10/6/2018 8:27:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:

Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:

Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Kernel-PnP
Date: 10/6/2018 8:27:34 PM
Event ID: 219
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
The driver \Driver\WUDFRd failed to load for the device ACPI\ENE0110\5&2b7f4e85&0.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-
E831C6290539}" />
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriverNameLength">25</Data>
<Data Name="DriverName">ACPI\ENE0110\5&2b7f4e85&0</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-DriverFrameworks-UserMode
Date: 10/6/2018 8:27:34 PM
Event ID: 10118
Task Category: Startup of the UMDF reflector
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
UMDF reflector is unable to connect to service control manager (SCM). This is
expected during boot, when SCM has not started yet. Will retry when it starts.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-DriverFrameworks-UserMode" Guid="{2E35AAEB-
857F-4BEB-A418-2E6C0E54D988}" />
<Level>4</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System
Date: 10/6/2018 8:27:34 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume E: (\Device\HarddiskVolume3) is healthy. No action is needed.
Event Xml:
<System>
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">E:</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 172
Level: Information
Keywords: (1024),(4)
User: SYSTEM
Computer: MSI
Description:
Connectivity state in standby: Disconnected, Reason: NIC compliance
Event Xml:
<System>
77220C37D6B4}" />
<Level>4</Level>
<Task>203</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="State">2</Data>
<Data Name="Reason">6</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: MSI
Description:
The system has rebooted without cleanly shutting down first. This error could be
caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<System>
77220C37D6B4}" />
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="BugcheckCode">278</Data>
<Data Name="BugcheckParameter1">0xffff998ec3705010</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">0</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">true</Data>
<Data Name="CheckpointStatus">0</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'npsvctrig' (10.0, ?2094?-?02?-?20T06:14:30.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">npsvctrig</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:34 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'FileCrypt' (10.0, ?2070?-?12?-?15T19:13:56.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">FileCrypt</Data>
</EventData>
</Event>
Log Name: System

Source: volmgr
Date: 10/6/2018 8:27:34 PM
Event ID: 161
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MSI
Description:
Dump file creation failed due to error during dump creation.
Event Xml:
<System>
<Provider Name="volmgr" />
<Level>2</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Data>\Device\HarddiskVolume6</Data>
<Binary>000000000100000000000000A10004C081000200010000C0000000000000000000000000000
00000</Binary>
</EventData>
</Event>
Log Name: System
Date: 10/6/2018 8:27:34 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume D: (\Device\HarddiskVolume1) is healthy. No action is needed.
Event Xml:
<System>
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">D:</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:33 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: MSI
Description:
Volume C: (\Device\HarddiskVolume6) is healthy. No action is needed.
Event Xml:
<System>
F79E8B16C482}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DriveName">C:</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'WdFilter' (10.0, ?2046?-?12?-?04T23:55:53.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">WdFilter</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'Wof' (10.0, ?2036?-?09?-?29T09:47:10.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">Wof</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
File System Filter 'FileInfo' (10.0, ?2083?-?04?-?08T11:57:41.000000000Z) has
Event Xml:
<System>
A204-E48A1BC4B09D}" />
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="DeviceName">FileInfo</Data>
</EventData>
</Event>
Log Name: System

Source: EventLog
Date: 10/6/2018 8:27:41 PM
Event ID: 6013
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
The system uptime is 8 seconds.
Event Xml:
<System>
<Provider Name="EventLog" />
<Level>4</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>8</Data>
<Data>60</Data>
<Data>300 Eastern Standard Time</Data>
<Binary>31002E003100000030000000570069006E0064006F0077007300200031003000200048006F0
06D0065000000310030002E0030002E003100370031003300340020004200750069006C006400200031
0037003100330034002000200000004D0075006C0074006900700072006F0063006500730073006F007
200200046007200650065000000310037003100330034002E007200730034005F00720065006C006500
6100730065002E003100380030003400310030002D00310038003000340000003500620036006600310
039006600310000004E006F007400200041007600610069006C00610062006C00650000004E006F0074
00200041007600610069006C00610062006C00650000003900000038000000310036003300340032000
00034003000390000004D005300490000000000</Binary>
</EventData>
</Event>
Log Name: System

Source: EventLog
Date: 10/6/2018 8:27:41 PM
Event ID: 6005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
The Event log service was started.
Event Xml:
<System>
<Level>4</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Binary>E2070A000000070000001B00290015000000000000000000</Binary>
</EventData>
</Event>
Log Name: System

Source: EventLog
Date: 10/6/2018 8:27:41 PM
Event ID: 6009
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MSI
Description:
Microsoft (R) Windows (R) 10.00. 17134 Multiprocessor Free.
Event Xml:
<System>
<Level>4</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Data>10.00.</Data>
<Data>17134</Data>
<Data>
</Data>
<Data>Multiprocessor Free</Data>
<Data>0</Data>
</EventData>
</Event>
Log Name: System

Source: EventLog
Date: 10/6/2018 8:27:41 PM
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MSI
Description:
The previous system shutdown at 8:21:39 PM on ?10/?6/?2018 was unexpected.
Event Xml:
<System>
<Level>2</Level>
<Task>0</Task>
<Security />
</System>
<EventData>
<Data>8:21:39 PM</Data>
<Data>?10/?6/?2018</Data>
<Data>
</Data>
<Data>
</Data>
<Data>9</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E2070A00060006001400150027001300E2070A000000070000001500270013003C0000003C0
00000000000000000000000000000000000000100000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 10/6/2018 8:27:32 PM
Event ID: 30
Task Category: (21)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
The firmware reported boot metrics.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-
0998955E531E}" />
<Level>4</Level>
<Task>21</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="ResetEndStart">0</Data>
<Data Name="LoadOSImageStart">10268</Data>
<Data Name="StartOSImageStart">10303</Data>
<Data Name="ExitBootServicesEntry">11796</Data>
<Data Name="ExitBootServicesExit">11799</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:32 PM
Event ID: 25
Task Category: (32)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
The boot menu policy was 0x1.
Event Xml:
<System>
0998955E531E}" />
<Level>4</Level>
<Task>32</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="BootMenuPolicy">1</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:32 PM
Event ID: 27
Task Category: (33)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
The boot type was 0x0.
Event Xml:
<System>
0998955E531E}" />
<Level>4</Level>
<Task>33</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="BootType">0</Data>
<Data Name="LoadOptions"> NOEXECUTE=OPTIN NOVGA</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:32 PM
Event ID: 20
Task Category: (31)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
The last shutdown's success status was false. The last boot's success status was
true.
Event Xml:
<System>
0998955E531E}" />
<Level>4</Level>
<Task>31</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="LastShutdownGood">false</Data>
<Data Name="LastBootGood">true</Data>
<Data Name="LastBootId">15</Data>
<Data Name="BootStatusPolicy">2</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:32 PM
Event ID: 32
Task Category: (58)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
The bootmgr spent 0 ms waiting for user input.
Event Xml:
<System>
0998955E531E}" />
<Level>4</Level>
<Task>58</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="BitlockerUserInputTime">0</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:32 PM
Event ID: 18
Task Category: (57)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
There are 0x1 boot options on this system.
Event Xml:
<System>
0998955E531E}" />
<Level>4</Level>
<Task>57</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="EntryCount">1</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:27:32 PM
Event ID: 153
Task Category: (62)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
Virtualization-based security (policies: 0) is disabled.
Event Xml:
<System>
0998955E531E}" />
<Level>4</Level>
<Task>62</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="Status">0</Data>
<Data Name="EnableDisableReason">0</Data>
<Data Name="VsmPolicy">0</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-Kernel-General
Date: 10/6/2018 8:27:32 PM
Event ID: 12
Task Category: (1)
Level: Information
Keywords: (128)
User: SYSTEM
Computer: MSI
Description:
The operating system started at system time ?2018?-?10?-?07T00:27:32.493104700Z.
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-
A698-07E2DE0F1F5D}" />
<Level>4</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="MajorVersion">10</Data>
<Data Name="MinorVersion">0</Data>
<Data Name="BuildVersion">17134</Data>
<Data Name="QfeVersion">285</Data>
<Data Name="ServiceVersion">0</Data>
<Data Name="BootMode">0</Data>
<Data Name="StartTime">2018-10-07T00:27:32.493104700Z</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:23:48 PM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: MSI
Description:
The application-specific permission settings do not grant Local Launch permission
for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC)
running in the application container Unavailable SID (Unavailable). This security
permission can be modified using the Component Services administrative tool.
Event Xml:
<System>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="param3">Launch</Data>
<Data Name="param4">Windows.SecurityCenter.WscBrokerManager</Data>
<Data Name="param7">SYSTEM</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:23:48 PM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: MSI
Description:
The application-specific permission settings do not grant Local Launch permission
for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC)
running in the application container Unavailable SID (Unavailable). This security
permission can be modified using the Component Services administrative tool.
Event Xml:
<System>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="param3">Launch</Data>
<Data Name="param4">Windows.SecurityCenter.WscDataProtection</Data>
<Data Name="param7">SYSTEM</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
The speed of processor 4 in group 0 is being limited by system firmware. The
processor has been in this reduced performance state for 71 seconds since the last
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="CapDurationInSeconds">71</Data>
<Data Name="PpcChanges">1</Data>
<Data Name="TpcChanges">0</Data>
<Data Name="PccChanges">0</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:43 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: MSI
Description:
report.
Event Xml:
<System>
4E9F-B490-6F2948CC6027}" />
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-UserModePowerService
Date: 10/6/2018 8:22:18 PM
Event ID: 12
Task Category: (10)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
Process C:\Windows\System32\powercfg.exe (process ID:7028) reset policy scheme from
{8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C}
Event Xml:
<System>
<Provider Name="Microsoft-Windows-UserModePowerService" Guid="{CE8DEE0B-D539-
4000-B0F8-77BED049C590}" />
<Level>4</Level>
<Task>10</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="ProcessPath">C:\Windows\System32\powercfg.exe</Data>
<Data Name="ProcessPid">7028</Data>
<Data Name="OldSchemeGuid">{8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C}</Data>
<Data Name="NewSchemeGuid">{8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C}</Data>
</EventData>
</Event>
Log Name: System

Source: Microsoft-Windows-UserModePowerService
Date: 10/6/2018 8:22:16 PM
Event ID: 12
Task Category: (10)
Level: Information
Keywords:
User: SYSTEM
Computer: MSI
Description:
Process C:\Windows\System32\powercfg.exe (process ID:12988) reset policy scheme
from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-
A6E23A8C635C}
Event Xml:
<System>
<Provider Name="Microsoft-Windows-UserModePowerService" Guid="{CE8DEE0B-D539-
4000-B0F8-77BED049C590}" />
<Level>4</Level>
<Task>10</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="ProcessPath">C:\Windows\System32\powercfg.exe</Data>
<Data Name="ProcessPid">12988</Data>
<Data Name="OldSchemeGuid">{8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C}</Data>
<Data Name="NewSchemeGuid">{8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C}</Data>
</EventData>
</Event>
Log Name: System

Date: 10/6/2018 8:22:16 PM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: MSI\Marshall
Computer: MSI
Description:
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MSI\Marshall SID (S-1-5-21-2706783470-391557580-4278440124-1001) from
address LocalHost (Using LRPC) running in the application container Unavailable SID
(Unavailable). This security permission can be modified using the Component
Services administrative tool.
Event Xml:
<System>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Correlation />
</System>
<EventData>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">MSI</Data>
<Data Name="param7">Marshall</Data>
<Data Name="param8">S-1-5-21-2706783470-391557580-4278440124-1001</Data>
</EventData>
</Event>

Logs 1

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Logs 1

Caricato da

Copyright:

Formati disponibili

Log Name: System

Source: Service Control Manager

Service Name: WINIO

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Service Name: NTIOLib_ACTIVE_X

Log Name: System

Service Name: NTIOLib_ACTIVE_X

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Log Name: System

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Log Name: System

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Log Name: System

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Log Name: System

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Log Name: System

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Log Name: System

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Log Name: System

Log Name: System