Question Random Reboots, been happening when gaming for a while now, also static screen after sleep

Dec 9, 2019
1
0
10
0
So for the last few months I've been having Random reboots whilst gaming, mainly during wow though oddly and it's definitely not the most intensive game I play

I fully passed a mem test
I've just updated all my chipset AND my bios and it's still done it twice since
Graphics Drivers are all up to date

Also as of updating my chipset drivers and stuff I have found that when I let my computer sleep when it comes out of it, it just goes to static and I have yet to find a fix for that.
This is the event log from around the last shut down incase in helps

Log Name: System
Source: Service Control Manager
Date: 09/12/2019 08:39:35
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Andrew-PC
Description:
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:39:35.687945500Z" />
<EventRecordID>11444</EventRecordID>
<Correlation />
<Execution ProcessID="684" ThreadID="12096" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 09/12/2019 08:39:28
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: Andrew-PC\Andrew
Computer: Andrew-PC
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Andrew-PC\Andrew SID (S-1-5-21-3888375051-3659802967-3983593736-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:39:28.014460300Z" />
<EventRecordID>11443</EventRecordID>
<Correlation />
<Execution ProcessID="76" ThreadID="6016" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-21-3888375051-3659802967-3983593736-1000" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6">Andrew-PC</Data>
<Data Name="param7">Andrew</Data>
<Data Name="param8">S-1-5-21-3888375051-3659802967-3983593736-1000</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 09/12/2019 08:39:23
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: Andrew-PC\Andrew
Computer: Andrew-PC
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Andrew-PC\Andrew SID (S-1-5-21-3888375051-3659802967-3983593736-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:39:23.502518800Z" />
<EventRecordID>11442</EventRecordID>
<Correlation />
<Execution ProcessID="76" ThreadID="8476" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-21-3888375051-3659802967-3983593736-1000" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6">Andrew-PC</Data>
<Data Name="param7">Andrew</Data>
<Data Name="param8">S-1-5-21-3888375051-3659802967-3983593736-1000</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:39:16
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'wcnfs' (10.0, ‎2006‎-‎11‎-‎24T07:13:01.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:39:16.270781000Z" />
<EventRecordID>11441</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="7844" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">wcnfs</Data>
<Data Name="DeviceTime">2006-11-24T07:13:01.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 09/12/2019 08:39:06
Event ID: 7026
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
The following boot-start or system-start driver(s) did not load:
dam
EhStorClass
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7026</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:39:06.914382400Z" />
<EventRecordID>11440</EventRecordID>
<Correlation />
<Execution ProcessID="684" ThreadID="688" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">
dam
EhStorClass</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 09/12/2019 08:38:59
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Andrew-PC
Description:
Volume G: (\Device\HarddiskVolume3) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:59.347578700Z" />
<EventRecordID>11439</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8160" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">G:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume3</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WMPNSS-Service
Date: 09/12/2019 08:38:52
Event ID: 14204
Task Category: None
Level: Information
Keywords:
User: NETWORK SERVICE
Computer: Andrew-PC
Description:
Service 'WMPNetworkSvc' started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMPNSS-Service" Guid="{6a2dc7c1-930a-4fb5-bb44-80b30aebed6c}" />
<EventID>14204</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:52.403090400Z" />
<EventRecordID>11438</EventRecordID>
<Correlation />
<Execution ProcessID="6900" ThreadID="6956" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="ServiceName">WMPNetworkSvc</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WAS
Date: 09/12/2019 08:38:49
Event ID: 5211
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
The Windows Process Activation Service (WAS) started with 'Classic' mode using 'ConfigurationSystem'
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WAS" Guid="{524B5D04-133C-4A62-8362-64E8EDB9CE40}" EventSourceName="WAS" />
<EventID Qualifiers="16384">5211</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:49.622800100Z" />
<EventRecordID>11437</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="RunningMode">Classic</Data>
<Data Name="ConfigurationReader">ConfigurationSystem</Data>
<Binary>
</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 09/12/2019 08:38:49
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
The Origin Web Helper Service service failed to start due to the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:49.216645800Z" />
<EventRecordID>11436</EventRecordID>
<Correlation />
<Execution ProcessID="684" ThreadID="1484" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Origin Web Helper Service</Data>
<Data Name="param2">%%2</Data>
<Binary>4F0072006900670069006E0020005700650062002000480065006C00700065007200200053006500720076006900630065000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 09/12/2019 08:38:49
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
The GoProFusionDeviceDetectionService service failed to start due to the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:49.107296600Z" />
<EventRecordID>11435</EventRecordID>
<Correlation />
<Execution ProcessID="684" ThreadID="1484" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">GoProFusionDeviceDetectionService</Data>
<Data Name="param2">%%2</Data>
<Binary>47006F00500072006F0046007500730069006F006E0044006500760069006300650044006500740065006300740069006F006E0053006500720076006900630065000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 09/12/2019 08:38:48
Event ID: 4000
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
WLAN AutoConfig service has successfully started.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>4000</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:48.516445300Z" />
<EventRecordID>11434</EventRecordID>
<Correlation />
<Execution ProcessID="3448" ThreadID="3488" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Winlogon
Date: 09/12/2019 08:38:48
Event ID: 7001
Task Category: (1101)
Level: Information
Keywords: (35184372088832)
User: SYSTEM
Computer: Andrew-PC
Description:
User Log-on Notification for Customer Experience Improvement Program
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}" />
<EventID>7001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1101</Task>
<Opcode>0</Opcode>
<Keywords>0x2000200000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:48.067397800Z" />
<EventRecordID>11433</EventRecordID>
<Correlation />
<Execution ProcessID="804" ThreadID="716" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="TSId">1</Data>
<Data Name="UserSid">S-1-5-21-3888375051-3659802967-3983593736-1000</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DHCPv6-Client
Date: 09/12/2019 08:38:47
Event ID: 51046
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Andrew-PC
Description:
DHCPv6 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DHCPv6-Client" Guid="{6a1f2b00-6a90-4c38-95a5-5cab3b056778}" />
<EventID>51046</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>62</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:47.437129600Z" />
<EventRecordID>11432</EventRecordID>
<Correlation />
<Execution ProcessID="2692" ThreadID="2828" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 09/12/2019 08:38:47
Event ID: 50103
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Andrew-PC
Description:
DHCPv4 client registered for shutdown notification
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50103</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>129</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:47.418791700Z" />
<EventRecordID>11431</EventRecordID>
<Correlation />
<Execution ProcessID="2692" ThreadID="2792" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 09/12/2019 08:38:47
Event ID: 50036
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Andrew-PC
Description:
DHCPv4 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>68</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:47.418331000Z" />
<EventRecordID>11430</EventRecordID>
<Correlation />
<Execution ProcessID="2692" ThreadID="2792" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: avgntflt
Date: 09/12/2019 08:38:45
Event ID: 17
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
avgntflt.sys successfully loaded
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="avgntflt" />
<EventID Qualifiers="16391">17</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.795571300Z" />
<EventRecordID>11429</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>avgntflt.sys successfully loaded</Data>
<Binary>00000000020030000000000011000740000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:45
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'avgntflt' (10.0, ‎2019‎-‎11‎-‎25T16:34:09.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.799142100Z" />
<EventRecordID>11428</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="396" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">avgntflt</Data>
<Data Name="DeviceTime">2019-11-25T16:34:09.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:45
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'storqosflt' (10.0, ‎1992‎-‎02‎-‎07T08:10:35.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.793230200Z" />
<EventRecordID>11427</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="328" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">10</Data>
<Data Name="DeviceName">storqosflt</Data>
<Data Name="DeviceTime">1992-02-07T08:10:35.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:45
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'CldFlt' (10.0, ‎2098‎-‎06‎-‎25T04:24:31.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.788075100Z" />
<EventRecordID>11426</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="328" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2098-06-25T04:24:31.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:45
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'CldFlt' (Version 10.0, ‎2098‎-‎06‎-‎25T04:24:31.000000000Z) unloaded successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.787948100Z" />
<EventRecordID>11425</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="328" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2098-06-25T04:24:31.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:45
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'CldFlt' (10.0, ‎2098‎-‎06‎-‎25T04:24:31.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.787940700Z" />
<EventRecordID>11424</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="328" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2098-06-25T04:24:31.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:45
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'luafv' (10.0, ‎2022‎-‎11‎-‎24T10:03:32.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.778156600Z" />
<EventRecordID>11423</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="340" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">luafv</Data>
<Data Name="DeviceTime">2022-11-24T10:03:32.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:45
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'wcifs' (10.0, ‎1988‎-‎07‎-‎09T02:58:49.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.760751100Z" />
<EventRecordID>11422</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="280" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">wcifs</Data>
<Data Name="DeviceTime">1988-07-09T02:58:49.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 09/12/2019 08:38:45
Event ID: 16962
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16962</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.296575400Z" />
<EventRecordID>11421</EventRecordID>
<Correlation ActivityID="{0991300e-ae6c-0003-4f30-91096caed501}" />
<Execution ProcessID="692" ThreadID="696" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_RESTRICT_REMOTE_SAM_DEFAULT_SD">
<Data Name="Default SD String:">O:SYG:SYD:(A;;RC;;;BA)</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 09/12/2019 08:38:45
Event ID: 14
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
Credential Guard configuration: 0x0, 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" />
<EventID>14</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.134803700Z" />
<EventRecordID>11420</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="616" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Config">0</Data>
<Data Name="IsTestConfig">0</Data>
</EventData>
</Event>

Log Name: System
Source: MEIx64
Date: 09/12/2019 08:38:44
Event ID: 2
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
Intel(R) Management Engine Interface driver has started successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MEIx64" />
<EventID Qualifiers="16391">2</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:44.037395400Z" />
<EventRecordID>11419</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000000010000000000000002000740000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: e1dexpress
Date: 09/12/2019 08:38:37
Event ID: 32
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
Intel(R) Ethernet Connection (2) I219-V
Network link has been established at 1Gbps full duplex.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="e1dexpress" />
<EventID Qualifiers="24580">32</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:37.014901800Z" />
<EventRecordID>11418</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>Intel(R) Ethernet Connection (2) I219-V</Data>
<Binary>0000040002003000000000002000046000000000000000000000000000000000000000000000000020000460</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 09/12/2019 08:38:34
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
Processor 3 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 3700
Maximum performance percentage: 100
Minimum performance percentage: 21
Minimum throttle percentage: 21
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:34.028736300Z" />
<EventRecordID>11417</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">3</Data>
<Data Name="IdleStateCount">3</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">3700</Data>
<Data Name="MaximumPerformancePercent">100</Data>
<Data Name="MinimumPerformancePercent">21</Data>
<Data Name="MinimumThrottlePercent">21</Data>
<Data Name="PerformanceImplementation">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 09/12/2019 08:38:34
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
Processor 1 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 3700
Maximum performance percentage: 100
Minimum performance percentage: 21
Minimum throttle percentage: 21
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:34.027980900Z" />
<EventRecordID>11416</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">1</Data>
<Data Name="IdleStateCount">3</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">3700</Data>
<Data Name="MaximumPerformancePercent">100</Data>
<Data Name="MinimumPerformancePercent">21</Data>
<Data Name="MinimumThrottlePercent">21</Data>
<Data Name="PerformanceImplementation">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 09/12/2019 08:38:34
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
Processor 2 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 3700
Maximum performance percentage: 100
Minimum performance percentage: 21
Minimum throttle percentage: 21
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:34.027305100Z" />
<EventRecordID>11415</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">2</Data>
<Data Name="IdleStateCount">3</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">3700</Data>
<Data Name="MaximumPerformancePercent">100</Data>
<Data Name="MinimumPerformancePercent">21</Data>
<Data Name="MinimumThrottlePercent">21</Data>
<Data Name="PerformanceImplementation">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 09/12/2019 08:38:34
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
Processor 0 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 3700
Maximum performance percentage: 100
Minimum performance percentage: 21
Minimum throttle percentage: 21
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:34.021973400Z" />
<EventRecordID>11414</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">0</Data>
<Data Name="IdleStateCount">3</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">3700</Data>
<Data Name="MaximumPerformancePercent">100</Data>
<Data Name="MinimumPerformancePercent">21</Data>
<Data Name="MinimumThrottlePercent">21</Data>
<Data Name="PerformanceImplementation">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 09/12/2019 08:38:33
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Andrew-PC
Description:
Volume \\?\Volume{ee5da4b6-0000-0000-0000-e01a3a000000} (\Device\HarddiskVolume2) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.716319100Z" />
<EventRecordID>11413</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="204" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{ee5da4b6-0000-0000-0000-e01a3a000000}</Data>
<Data Name="DeviceName">\Device\HarddiskVolume2</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 09/12/2019 08:38:33
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
The driver \Driver\WUDFRd failed to load for the device ROOT\WindowsHelloFaceSoftwareDriver\0000.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9c205a39-1250-487d-abd7-e831c6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.443308500Z" />
<EventRecordID>11412</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">40</Data>
<Data Name="DriverName">ROOT\WindowsHelloFaceSoftwareDriver\0000</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DriverFrameworks-UserMode
Date: 09/12/2019 08:38:33
Event ID: 10118
Task Category: Startup of the UMDF reflector
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
UMDF reflector is unable to connect to service control manager (SCM). This is expected during boot, when SCM has not started yet. Will retry when it starts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DriverFrameworks-UserMode" Guid="{2e35aaeb-857f-4beb-a418-2e6c0e54d988}" />
<EventID>10118</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.443164200Z" />
<EventRecordID>11411</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 09/12/2019 08:38:33
Event ID: 172
Task Category: (203)
Level: Information
Keywords: (1024),(4)
User: SYSTEM
Computer: Andrew-PC
Description:
Connectivity state in standby: Disconnected, Reason: NIC compliance
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>172</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>203</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000404</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.428127000Z" />
<EventRecordID>11410</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="340" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="State">2</Data>
<Data Name="Reason">6</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 09/12/2019 08:38:33
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: Andrew-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>41</EventID>
<Version>6</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.421443000Z" />
<EventRecordID>11409</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">0</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">false</Data>
<Data Name="CheckpointStatus">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:33
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'npsvctrig' (10.0, ‎2037‎-‎02‎-‎23T06:11:04.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.390903100Z" />
<EventRecordID>11408</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">npsvctrig</Data>
<Data Name="DeviceTime">2037-02-23T06:11:04.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: avipbb
Date: 09/12/2019 08:38:33
Event ID: 17
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
avipbb.sys successfully loaded
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="avipbb" />
<EventID Qualifiers="16391">17</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.375477800Z" />
<EventRecordID>11407</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>avipbb.sys successfully loaded</Data>
<Binary>00000000020030000000000011000740000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: avkmgr
Date: 09/12/2019 08:38:33
Event ID: 17
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
avkmgr.sys successfully loaded
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="avkmgr" />
<EventID Qualifiers="16391">17</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.266127800Z" />
<EventRecordID>11406</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>avkmgr.sys successfully loaded</Data>
<Binary>00000000020030000000000011000740000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:33
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'FileCrypt' (10.0, ‎2034‎-‎08‎-‎13T14:30:12.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.185212700Z" />
<EventRecordID>11405</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">FileCrypt</Data>
<Data Name="DeviceTime">2034-08-13T14:30:12.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 09/12/2019 08:38:33
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Andrew-PC
Description:
Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:33.105318300Z" />
<EventRecordID>11404</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="204" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">C:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume1</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 09/12/2019 08:38:45
Event ID: 6013
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
The system uptime is 14 seconds.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6013</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.904920000Z" />
<EventRecordID>11403</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>14</Data>
<Data>60</Data>
<Data>0 GMT Standard Time</Data>
<Binary>31002E003100000030000000570069006E0064006F00770073002000310030002000500072006F000000310030002E0030002E003100370037003600330020004200750069006C0064002000310037003700360033002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000310037003700360033002E007200730035005F00720065006C0065006100730065002E003100380030003900310034002D00310034003300340000003500630033006500610031003000640000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003400000038003100350030000000380030003900000041006E0064007200650077002D005000430000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 09/12/2019 08:38:45
Event ID: 6005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
The Event log service was started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6005</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.904920000Z" />
<EventRecordID>11402</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Binary>E3070C0001000900080026002D0088030000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 09/12/2019 08:38:45
Event ID: 6009
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
Microsoft (R) Windows (R) 10.00. 17763 Multiprocessor Free.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6009</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.904920000Z" />
<EventRecordID>11401</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>10.00.</Data>
<Data>17763</Data>
<Data>
</Data>
<Data>Multiprocessor Free</Data>
<Data>0</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 09/12/2019 08:38:45
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Andrew-PC
Description:
The previous system shutdown at 8:18:39 AM on ‎12/‎9/‎2019 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:45.904920000Z" />
<EventRecordID>11400</EventRecordID>
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security />
</System>
<EventData>
<Data>8:18:39 AM</Data>
<Data>‎12/‎9/‎2019</Data>
<Data>
</Data>
<Data>
</Data>
<Data>2414</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E3070C00010009000800120027001403E3070C00010009000800120027001403600900003C000000010000006009000001000000B00400000100000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:32
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'Wof' (10.0, ‎2098‎-‎02‎-‎02T17:47:11.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:32.681304600Z" />
<EventRecordID>11399</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">3</Data>
<Data Name="DeviceName">Wof</Data>
<Data Name="DeviceTime">2098-02-02T17:47:11.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 09/12/2019 08:38:32
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
File System Filter 'FileInfo' (10.0, ‎2041‎-‎01‎-‎31T07:18:31.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:32.680869300Z" />
<EventRecordID>11398</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">FileInfo</Data>
<Data Name="DeviceTime">2041-01-31T07:18:31.000000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 09/12/2019 08:38:31
Event ID: 20
Task Category: (6)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Andrew-PC
Description:
The leap second configuration has been updated.
Reason: Leap second data initialized from registry during boot
Leap seconds enabled: true
New leap second count: 0
Old leap second count: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>6</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.802025200Z" />
<EventRecordID>11397</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="UpdateReason">0</Data>
<Data Name="EnabledNew">true</Data>
<Data Name="CountNew">0</Data>
<Data Name="CountOld">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 09/12/2019 08:38:31
Event ID: 30
Task Category: (21)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
The firmware reported boot metrics.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>21</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.798513800Z" />
<EventRecordID>11396</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ResetEndStart">0</Data>
<Data Name="LoadOSImageStart">0</Data>
<Data Name="StartOSImageStart">20295</Data>
<Data Name="ExitBootServicesEntry">0</Data>
<Data Name="ExitBootServicesExit">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 09/12/2019 08:38:31
Event ID: 32
Task Category: (58)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
The bootmgr spent 0 ms waiting for user input.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>32</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>58</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.798434400Z" />
<EventRecordID>11395</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BitlockerUserInputTime">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 09/12/2019 08:38:31
Event ID: 18
Task Category: (57)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
There are 0x1 boot options on this system.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>57</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.798381500Z" />
<EventRecordID>11394</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EntryCount">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 09/12/2019 08:38:31
Event ID: 27
Task Category: (33)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
The boot type was 0x0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>27</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>33</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.798318900Z" />
<EventRecordID>11393</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootType">0</Data>
<Data Name="LoadOptions"> NOEXECUTE=OPTIN</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 09/12/2019 08:38:31
Event ID: 25
Task Category: (32)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
The boot menu policy was 0x1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>25</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>32</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.798318700Z" />
<EventRecordID>11392</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootMenuPolicy">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 09/12/2019 08:38:31
Event ID: 20
Task Category: (31)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
The last shutdown's success status was false. The last boot's success status was true.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>20</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>31</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.798192200Z" />
<EventRecordID>11391</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="LastShutdownGood">false</Data>
<Data Name="LastBootGood">true</Data>
<Data Name="LastBootId">97</Data>
<Data Name="BootStatusPolicy">2</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 09/12/2019 08:38:31
Event ID: 153
Task Category: (62)
Level: Information
Keywords:
User: SYSTEM
Computer: Andrew-PC
Description:
Virtualization-based security (policies: 0) is disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>153</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>62</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.798038900Z" />
<EventRecordID>11390</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Status">0</Data>
<Data Name="EnableDisableReason">0</Data>
<Data Name="VsmPolicy">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 09/12/2019 08:38:31
Event ID: 12
Task Category: (1)
Level: Information
Keywords: (128)
User: SYSTEM
Computer: Andrew-PC
Description:
The operating system started at system time ‎2019‎-‎12‎-‎09T08:38:31.500000000Z.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000080</Keywords>
<TimeCreated SystemTime="2019-12-09T08:38:31.797952500Z" />
<EventRecordID>11389</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andrew-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="MajorVersion">10</Data>
<Data Name="MinorVersion">0</Data>
<Data Name="BuildVersion">17763</Data>
<Data Name="QfeVersion">864</Data>
<Data Name="ServiceVersion">0</Data>
<Data Name="BootMode">0</Data>
<Data Name="StartTime">2019-12-09T08:38:31.500000000Z</Data>
</EventData>
</Event>
 
Last edited by a moderator:

ASK THE COMMUNITY

TRENDING THREADS