1

Level Date and Time Source Event ID Task Category
Information 10/15/2024 11:41:44 PM Microsoft-Windows-Directory-Services-SAM 16983

None "The security account manager is now logging periodic summary events
for remote clients that call legacy password change or set RPC methods.
For more information please see https://go.microsoft.com/fwlink/?linkid=2150956.

"
None "The domain is configured with the following minimum password length-
related settings.
MinimumPasswordLength: 0
RelaxMinimumPasswordLengthLimits: 0
MinimumPasswordLengthAudit: -1
For more information see https://go.microsoft.com/fwlink/?LinkId=2097191.

"
None "Remote calls to the SAM database are being restricted using the
default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651."
Information 10/15/2024 11:41:44 PM Microsoft-Windows-Wininit 14 None
Credential Guard configuration: 0x0, 0
Warning 10/15/2024 11:41:44 PM rt640x64 1 None Realtek PCIe FE Family
Controller is disconnected from network.
Information 10/15/2024 11:41:42 PM Microsoft-Windows-Kernel-General 24 (11)
The time zone information was refreshed with exit reason 0. Current time zone
bias is -420.
Information 10/15/2024 11:41:41 PM Microsoft-Windows-Ntfs 98 None Volume \\?\
Volume{d3d8e1ad-0000-0000-0000-d05235000000} (\Device\HarddiskVolume3) is healthy.
No action is needed.
Information 10/15/2024 11:41:41 PM Microsoft-Windows-Ntfs 98 None Volume E: (\
Device\HarddiskVolume5) is healthy. No action is needed.
Information 10/15/2024 11:41:41 PM Microsoft-Windows-Kernel-Power 521 (220)
Active battery count change.
Power source change.
Active battery count change.
Information 10/15/2024 11:41:40 PM Microsoft-Windows-Kernel-Processor-Power 55
(47) "Processor 3 in group 0 exposes the following power management
capabilities:
Idle state type: ACPI Idle (C) States (3 state(s))
Performance state type: ACPI Performance (P) / Throttle (T) States

Nominal Frequency (MHz): 2400
Maximum performance percentage: 100
Minimum performance percentage: 33
Minimum throttle percentage: 33"
capabilities:

capabilities:

capabilities:

Information 10/15/2024 11:41:40 PM Microsoft-Windows-Ntfs 98 None Volume D: (\
Connectivity state in standby: Disconnected, Reason: NIC compliance
Information 10/15/2024 11:41:40 PM Microsoft-Windows-Ntfs 98 None Volume \\?\
Volume{d3d8e1ad-0000-0000-0000-100000000000} (\Device\HarddiskVolume1) is healthy.
No action is needed.
Information 10/15/2024 11:41:39 PM Microsoft-Windows-FilterManager 6 None
File System Filter 'npsvctrig' (10.0, 2025-01-06T09:41:12.000000000Z) has
successfully loaded and registered with Filter Manager.
File System Filter 'UCPD' (10.0, 1985-02-14T06:46:35.000000000Z) has
File System Filter 'atc' (10.0, 1984-06-28T00:55:25.000000000Z) has
File System Filter 'Gemma' (10.0, 2024-05-15T18:40:33.000000000Z) has
File System Filter 'FileCrypt' (10.0, 2002-03-01T18:12:42.000000000Z) has
Information 10/15/2024 11:41:39 PM Microsoft-Windows-Ntfs 98 None Volume C: (\
File System Filter 'vlflt' (10.0, 2024-06-27T23:12:04.000000000Z) has
File System Filter 'Wof' (10.0, 2090-03-17T01:56:17.000000000Z) has
File System Filter 'FileInfo' (10.0, 2062-12-23T12:21:06.000000000Z) has
Information 10/15/2024 11:41:37 PM Microsoft-Windows-HAL 16 None The iommu
fault reporting has been initialized.
"The leap second configuration has been updated.
Reason: Leap second data initialized from registry during boot
Leap seconds enabled: true
New leap second count: 0
Old leap second count: 0"
Information 10/15/2024 11:41:37 PM Microsoft-Windows-Kernel-Boot 32 (58) The
bootmgr spent 0 ms waiting for user input.
Information 10/15/2024 11:41:37 PM Microsoft-Windows-Kernel-Boot 18 (57) There
are 0x1 boot options on this system.
boot type was 0x0.
boot menu policy was 0x1.
last shutdown's success status was true. The last boot's success status was true.
Information 10/15/2024 11:41:37 PM Microsoft-Windows-Kernel-Boot 153 (62)
Virtualization-based security (policies: 0) is disabled.
The operating system started at system time 2024-10-15T16:41:37.500000000Z.
The operating system is shutting down at system time 2024-10-
15T16:41:25.954933000Z.
"The kernel power manager has initiated a shutdown transition.
Shutdown Reason: Kernel API"

File System Filter 'bdprivmon' (Version 10.0, 2023-08-09T16:46:10.000000000Z)
unloaded successfully.
Information 10/15/2024 11:41:21 PM Microsoft-Windows-WLAN-AutoConfig 4001 None
"WLAN AutoConfig service has successfully stopped.
"
Information 10/15/2024 11:41:46 PM EventLog 6013 None The system uptime is 8
seconds.
Information 10/15/2024 11:41:46 PM EventLog 6005 None The Event log service
was started.
Information 10/15/2024 11:41:46 PM EventLog 6009 None Microsoft (R) Windows
(R) 10.00. 19045 Multiprocessor Free.
Information 10/15/2024 11:41:19 PM Microsoft-Windows-Dhcp-Client 50037 Service
State Event DHCPv4 client service is stopped. ShutDown Flag value is 1
State Event DHCPv4 is waiting on DHCPv6 service to stop
Information 10/15/2024 11:41:19 PM Microsoft-Windows-DHCPv6-Client 51057
Service State Event DHCPv6 client service stop is almost done.DHCP
Context Ref count is 1
Information 10/15/2024 11:41:19 PM Microsoft-Windows-DHCPv6-Client 51047
Service State Event DHCPv6 client service is stopped. ShutDown Flag value
is 1
State Event DHCPv4 client ProcessDHCPRequestForever received TERMINATE_EVENT
State Event DHCPv4 client received shutdown notification
Information 10/15/2024 11:41:19 PM Microsoft-Windows-Kernel-General 16 None
The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared
updating 40 keys and creating 6 modified pages.
Information 10/15/2024 11:41:19 PM EventLog 6006 None The Event log service
was stopped.
Information 10/15/2024 11:40:29 PM Microsoft-Windows-Winlogon 7002 (1102)
User Logoff Notification for Customer Experience Improvement Program
Error 10/15/2024 11:40:26 PM Microsoft-Windows-DistributedCOM 10010 None The
server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the
required timeout.
Information 10/15/2024 11:37:48 PM Microsoft-Windows-WindowsUpdateClient 19
Windows Update Agent Installation Successful: Windows successfully
installed the following update: 2024-10 Update for Windows 10 Version 22H2 for x64-
based Systems (KB5001716)
Windows Update Agent Installation Started: Windows has started installing
the following update: 2024-10 Update for Windows 10 Version 22H2 for x64-based
Systems (KB5001716)
Windows Update Agent Windows Update started downloading an update.
Warning 10/15/2024 11:33:14 PM Microsoft-Windows-Kernel-Processor-Power 37
(7) The speed of processor 2 in group 0 is being limited by system
firmware. The processor has been in this reduced performance state for 5 seconds
since the last report.
Information 10/15/2024 11:33:11 PM Service Control Manager 7040 None The start
type of the Background Intelligent Transfer Service service was changed from demand
start to auto start.
Information 10/15/2024 11:32:34 PM Microsoft-Windows-Ntfs 98 None Volume ?? (\
Device\HarddiskVolumeShadowCopy3) is healthy. No action is needed.
Warning 10/15/2024 11:32:24 PM Microsoft-Windows-DistributedCOM 10016 None
"The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-7PCVC1E\bsm SID (S-1-5-21-4106344820-2019696155-1906157102-
1001) from address LocalHost (Using LRPC) running in the application container
Unavailable SID (Unavailable). This security permission can be modified using the
Component Services administrative tool."
type of the Windows Modules Installer service was changed from demand start to auto
start.
Windows Update Agent Installation Started: Windows has started installing
the following update: 2024-10 Cumulative Update for .NET Framework 3.5, 4.8 and
4.8.1 for Windows 10 Version 22H2 for x64 (KB5044091)
Information 10/15/2024 11:31:30 PM Service Control Manager 7045 None "A service
was installed in the system.
Service Name: GoogleUpdater InternalService 130.0.6679.3

(GoogleUpdaterInternalService130.0.6679.3)
Service File Name: ""C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.3\
updater.exe"" --system --windows-service --service=update-internal
Service Type: user mode service
Service Start Type: auto start
Service Account: LocalSystem"
type of the Windows Modules Installer service was changed from auto start to demand
start.
The access history in hive \??\C:\Windows\System32\SMI\Store\Machine\
SCHEMA.DAT was cleared updating 15938 keys and creating 2712 modified pages.
type of the Windows Modules Installer service was changed from demand start to auto
start.
"The machine-default permission settings do not grant Local Activation
{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
and APPID
{0868DC9B-D9A2-4F64-9362-133CEA201299}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost
(Using LRPC) running in the application container Unavailable SID (Unavailable).
This security permission can be modified using the Component Services
administrative tool."
"The machine-default permission settings do not grant Local Activation
{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
and APPID
{0868DC9B-D9A2-4F64-9362-133CEA201299}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost
(Using LRPC) running in the application container Unavailable SID (Unavailable).
This security permission can be modified using the Component Services
administrative tool."
The access history in hive \??\C:\Users\bsm\AppData\Local\Packages\
Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat was
cleared updating 3 keys and creating 1 modified pages.
Information 10/15/2024 11:29:40 PM Microsoft-Windows-Winlogon 7001 (1101)
User Logon Notification for Customer Experience Improvement Program
Information 10/15/2024 11:29:38 PM Microsoft-Windows-Power-Troubleshooter 1
None "The system has returned from a low power state.
Sleep Time: 2024-10-14T17:46:05.001012400Z

Wake Time: 2024-10-15T16:29:36.516314200Z
Wake Source: Unknown"

bootmgr spent 0 ms waiting for user input.
Information 10/15/2024 11:29:36 PM Microsoft-Windows-Kernel-Boot 18 (57) There
are 0x1 boot options on this system.
boot type was 0x1.
boot menu policy was 0x1.
"The system time has changed to 2024-10-15T16:29:35.500000000Z from 2024-10-
14T17:46:13.924346000Z.
Change Reason: System time synchronized with the hardware clock.

Process: '' (PID 4)."
Information 10/15/2024 12:46:13 AM Microsoft-Windows-Kernel-Power 107 (102)
The system has resumed from sleep.
Information 10/15/2024 11:29:36 PM EventLog 6013 None The system uptime is
85566 seconds.
Error 10/15/2024 12:46:11 AM Microsoft-Windows-DistributedCOM 10010 None The
server {07CA83F0-DF06-4E67-89DD-E80924A49512} did not register with DCOM within the
required timeout.
"The system is entering sleep.
Sleep Reason: Application API"

User-mode process attempted to change the system state by calling
SetSuspendState or SetSystemPowerState APIs.
Information 10/15/2024 12:46:04 AM Microsoft-Windows-Winlogon 7002 (1102)
User Logoff Notification for Customer Experience Improvement Program
server {49EBD8BE-1A92-4A86-A651-70AC565E0FEB} did not register with DCOM within the
required timeout.
required timeout.
required timeout.
server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the
required timeout.
server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!
Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountP
rovider did not register with DCOM within the required timeout.
required timeout.
required timeout.

1

Uploaded by

Copyright:

Available Formats

1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1

Uploaded by

Copyright:

Available Formats

Level Date and Time Source Event ID Task Category

Information 10/15/2024 11:41:44 PM Microsoft-Windows-Directory-Services-SAM 16983

For more information please see https://go.microsoft.com/fwlink/?linkid=2150956.

For more information see https://go.microsoft.com/fwlink/?LinkId=2097191.

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Idle state type: ACPI Idle (C) States (3 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States

Shutdown Reason: Kernel API"

Service Name: GoogleUpdater InternalService 130.0.6679.3

Sleep Time: 2024-10-14T17:46:05.001012400Z

Wake Source: Unknown"

Change Reason: System time synchronized with the hardware clock.

Sleep Reason: Application API"

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.