Log Name: Microsoft-Windows-Kernel-Power/Thermal-Operational Source: Microsoft-Windows-Kernel-Power Date: 15/11/2011 18:27:22 Event ID: 82 Task Category: (79) Level: Information Keywords: (32) User: SYSTEM Computer: Evert-PC Description: ACPI thermal zone ACPI\ThermalZone\THRM has engaged passive cooling. EventTime = ‎2011‎-‎11‎-‎15T18:27:22.048915300Z _PSV = 368K _TMP = 370K _TC1 = 2 _TC2 = 3 _TSP = 3000ms Delta P = 100 _PSL - see event data. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> <EventID>82</EventID> <Version>0</Version> <Level>4</Level> <Task>79</Task> <Opcode>0</Opcode> <Keywords>0x1000000000000020</Keywords> <TimeCreated SystemTime="2011-11-15T17:27:22.048915300Z" /> <EventRecordID>90</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="44" /> <Channel>Microsoft-Windows-Kernel-Power/Thermal-Operational</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="ThermalZoneDeviceInstanceLength">21</Data> <Data Name="ThermalZoneDeviceInstance">ACPI\ThermalZone\THRM</Data> <Data Name="EventTime">2011-11-15T18:27:22.048915300Z</Data> <Data Name="PassiveCoolingStateLength">7</Data> <Data Name="PassiveCoolingState">engaged</Data> <Data Name="AffinityCount">1</Data> <Data Name="_PSV">368</Data> <Data Name="_TMP">370</Data> <Data Name="_TC1">2</Data> <Data Name="_TC2">3</Data> <Data Name="_TSP">3000</Data> <Data Name="DeltaP">100</Data> <ComplexData Name="_PSL">0300000000000000</ComplexData> </EventData> </Event> Log Name: Microsoft-Windows-Bits-Client/Operational Source: Microsoft-Windows-Bits-Client Date: 15/11/2011 18:27:21 Event ID: 4 Task Category: None Level: Information Keywords: User: SYSTEM Computer: Evert-PC Description: The transfer job is complete. User: NT AUTHORITY\SYSTEM Transfer job: WU Client Download Job ID: {9560E714-B62C-40EF-AE46-B3C052EE62D8} Owner: NT AUTHORITY\SYSTEM File count: 1 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Bits-Client" Guid="{EF1CC15B-46C1-414E-BB95-E76B077BD51E}" /> <EventID>4</EventID> <Version>1</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:27:21.253314300Z" /> <EventRecordID>1462</EventRecordID> <Correlation /> <Execution ProcessID="868" ThreadID="980" /> <Channel>Microsoft-Windows-Bits-Client/Operational</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="User">NT AUTHORITY\SYSTEM</Data> <Data Name="jobTitle">WU Client Download</Data> <Data Name="jobId">{9560E714-B62C-40EF-AE46-B3C052EE62D8}</Data> <Data Name="jobOwner">NT AUTHORITY\SYSTEM</Data> <Data Name="fileCount">1</Data> <Data Name="bytesTransferred">15280</Data> <Data Name="bytesTransferredFromPeer">0</Data> </EventData> </Event> Log Name: Microsoft-Windows-Bits-Client/Operational Source: Microsoft-Windows-Bits-Client Date: 15/11/2011 18:27:18 Event ID: 60 Task Category: None Level: Information Keywords: User: SYSTEM Computer: Evert-PC Description: BITS stopped transferring the WU Client Download transfer job that is associated with the http://au.download.windowsupdate.com/msdownload/update/software/secu/2011/07/windows6.1-kb2556532-x64_40c9765a9a636f57b64f62c6d598b34f81f588dc.psf URL. The status code is 0x40008. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Bits-Client" Guid="{EF1CC15B-46C1-414E-BB95-E76B077BD51E}" /> <EventID>60</EventID> <Version>1</Version> <Level>4</Level> <Task>0</Task> <Opcode>2</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:27:18.273710400Z" /> <EventRecordID>1461</EventRecordID> <Correlation ActivityID="{F59637DA-65C4-4647-9331-AFEE813DEF5D}" /> <Execution ProcessID="868" ThreadID="668" /> <Channel>Microsoft-Windows-Bits-Client/Operational</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="transferId">{F59637DA-65C4-4647-9331-AFEE813DEF5D}</Data> <Data Name="name">WU Client Download</Data> <Data Name="Id">{6086CADD-93A0-4696-9314-639E9BA23D8B}</Data> <Data Name="url">http://au.download.windowsupdate.com/msdownload/update/software/secu/2011/07/windows6.1-kb2556532-x64_40c9765a9a636f57b64f62c6d598b34f81f588dc.psf</Data> <Data Name="peer"> </Data> <Data Name="hr">262152</Data> <Data Name="fileTime">2011-07-20T01:21:53.000000000Z</Data> <Data Name="fileLength">143719792</Data> <Data Name="bytesTotal">2189759</Data> <Data Name="bytesTransferred">786655</Data> <Data Name="proxy"> </Data> <Data Name="peerProtocolFlags">0</Data> <Data Name="bytesTransferredFromPeer">0</Data> <Data Name="AdditionalInfoHr">0</Data> <Data Name="PeerContextInfo">0</Data> <Data Name="bandwidthLimit">18446744073709551615</Data> <Data Name="ignoreBandwidthLimitsOnLan">false</Data> </EventData> </Event> Log Name: Microsoft-Windows-Kernel-Power/Thermal-Operational Source: Microsoft-Windows-Kernel-Power Date: 15/11/2011 18:27:18 Event ID: 82 Task Category: (79) Level: Information Keywords: (32) User: SYSTEM Computer: Evert-PC Description: ACPI thermal zone ACPI\ThermalZone\THRM has disengaged passive cooling. EventTime = ‎2011‎-‎11‎-‎15T18:27:18.195710300Z _PSV = 368K _TMP = 365K _TC1 = 2 _TC2 = 3 _TSP = 3000ms Delta P = 0 _PSL - see event data. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> <EventID>82</EventID> <Version>0</Version> <Level>4</Level> <Task>79</Task> <Opcode>0</Opcode> <Keywords>0x1000000000000020</Keywords> <TimeCreated SystemTime="2011-11-15T17:27:18.195710300Z" /> <EventRecordID>89</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="52" /> <Channel>Microsoft-Windows-Kernel-Power/Thermal-Operational</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="ThermalZoneDeviceInstanceLength">21</Data> <Data Name="ThermalZoneDeviceInstance">ACPI\ThermalZone\THRM</Data> <Data Name="EventTime">2011-11-15T18:27:18.195710300Z</Data> <Data Name="PassiveCoolingStateLength">10</Data> <Data Name="PassiveCoolingState">disengaged</Data> <Data Name="AffinityCount">1</Data> <Data Name="_PSV">368</Data> <Data Name="_TMP">365</Data> <Data Name="_TC1">2</Data> <Data Name="_TC2">3</Data> <Data Name="_TSP">3000</Data> <Data Name="DeltaP">0</Data> <ComplexData Name="_PSL">0300000000000000</ComplexData> </EventData> </Event> Log Name: Microsoft-Windows-Windows Defender/WHC Source: Microsoft-Windows-Windows Defender Date: 15/11/2011 18:26:35 Event ID: 101 Task Category: None Level: Information Keywords: User: SYSTEM Computer: Evert-PC Description: Windows Defender state updated to 10. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" /> <EventID>101</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:35.042053200Z" /> <EventRecordID>15</EventRecordID> <Correlation /> <Execution ProcessID="3064" ThreadID="2456" /> <Channel>Microsoft-Windows-Windows Defender/WHC</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="hc_stateid">10</Data> </EventData> </Event> Log Name: Microsoft-Windows-Bits-Client/Operational Source: Microsoft-Windows-Bits-Client Date: 15/11/2011 18:26:33 Event ID: 59 Task Category: None Level: Information Keywords: User: SYSTEM Computer: Evert-PC Description: BITS started the WU Client Download transfer job that is associated with the http://au.download.windowsupdate.com/msdownload/update/software/secu/2011/07/windows6.1-kb2556532-x64_40c9765a9a636f57b64f62c6d598b34f81f588dc.psf URL. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Bits-Client" Guid="{EF1CC15B-46C1-414E-BB95-E76B077BD51E}" /> <EventID>59</EventID> <Version>1</Version> <Level>4</Level> <Task>0</Task> <Opcode>1</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:33.684851400Z" /> <EventRecordID>1460</EventRecordID> <Correlation ActivityID="{F59637DA-65C4-4647-9331-AFEE813DEF5D}" /> <Execution ProcessID="868" ThreadID="2552" /> <Channel>Microsoft-Windows-Bits-Client/Operational</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="transferId">{F59637DA-65C4-4647-9331-AFEE813DEF5D}</Data> <Data Name="name">WU Client Download</Data> <Data Name="Id">{6086CADD-93A0-4696-9314-639E9BA23D8B}</Data> <Data Name="url">http://au.download.windowsupdate.com/msdownload/update/software/secu/2011/07/windows6.1-kb2556532-x64_40c9765a9a636f57b64f62c6d598b34f81f588dc.psf</Data> <Data Name="peer"> </Data> <Data Name="fileTime">2011-07-20T01:21:53.000000000Z</Data> <Data Name="fileLength">143719792</Data> <Data Name="bytesTotal">2189759</Data> <Data Name="bytesTransferred">0</Data> <Data Name="bytesTransferredFromPeer">0</Data> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 15/11/2011 18:26:33 Event ID: 902 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Evert-PC Description: The Software Protection service has started. 6.1.7600.16385 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">902</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:33.000000000Z" /> <EventRecordID>1042</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Evert-PC</Computer> <Security /> </System> <EventData> <Data>6.1.7600.16385</Data> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 15/11/2011 18:26:33 Event ID: 1003 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Evert-PC Description: The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 2: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 3: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 )(1 )(2 [0x00000000, 0, 1], [(?)( 5 0x00000000 30 38820)( 1 0x00000000 0 0 msft:rm/algorithm/flags/1.0 0x00000000 0)(?)(?)(?)])] 4: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 5: cfb3e52c-d707-4861-af51-11b27ee6169c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 7: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">1003</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:33.000000000Z" /> <EventRecordID>1041</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Evert-PC</Computer> <Security /> </System> <EventData> <Data>55c92734-d682-4d71-983e-d6ec3f16059f</Data> <Data> 1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 2: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 3: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 )(1 )(2 [0x00000000, 0, 1], [(?)( 5 0x00000000 30 38820)( 1 0x00000000 0 0 msft:rm/algorithm/flags/1.0 0x00000000 0)(?)(?)(?)])] 4: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 5: cfb3e52c-d707-4861-af51-11b27ee6169c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] 7: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )] </Data> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 15/11/2011 18:26:33 Event ID: 1033 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Evert-PC Description: These policies are being excluded since they are only defined with override-only attribute. Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter) (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled) (nfs-clientcmdtools-enabled) (nfs-clientcore-enabled) (sua-EnableSUA) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=a0cde89c-3304-4157-b61c-c8ad785d1fad Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">1033</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:33.000000000Z" /> <EventRecordID>1040</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Evert-PC</Computer> <Security /> </System> <EventData> <Data>(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter) (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled) (nfs-clientcmdtools-enabled) (nfs-clientcore-enabled) (sua-EnableSUA) </Data> <Data>55c92734-d682-4d71-983e-d6ec3f16059f</Data> <Data>a0cde89c-3304-4157-b61c-c8ad785d1fad</Data> </EventData> </Event> Log Name: System Source: Service Control Manager Date: 15/11/2011 18:26:30 Event ID: 7036 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Evert-PC Description: The Windows Update service entered the running state. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="16384">7036</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:30.892447800Z" /> <EventRecordID>1971</EventRecordID> <Correlation /> <Execution ProcessID="460" ThreadID="1688" /> <Channel>System</Channel> <Computer>Evert-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">Windows Update</Data> <Data Name="param2">running</Data> <Binary>770075006100750073006500720076002F0034000000</Binary> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 15/11/2011 18:26:29 Event ID: 1066 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Evert-PC Description: Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">1066</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:29.000000000Z" /> <EventRecordID>1039</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Evert-PC</Computer> <Security /> </System> <EventData> <Data>C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000 </Data> </EventData> </Event> Log Name: Microsoft-Windows-Windows Defender/WHC Source: Microsoft-Windows-Windows Defender Date: 15/11/2011 18:26:27 Event ID: 101 Task Category: None Level: Information Keywords: User: SYSTEM Computer: Evert-PC Description: Windows Defender state updated to 10. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" /> <EventID>101</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:27.522843300Z" /> <EventRecordID>14</EventRecordID> <Correlation /> <Execution ProcessID="3064" ThreadID="2456" /> <Channel>Microsoft-Windows-Windows Defender/WHC</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="hc_stateid">10</Data> </EventData> </Event> Log Name: System Source: Service Control Manager Date: 15/11/2011 18:26:27 Event ID: 7036 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Evert-PC Description: The Security Center service entered the running state. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="16384">7036</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:27.164042800Z" /> <EventRecordID>1970</EventRecordID> <Correlation /> <Execution ProcessID="460" ThreadID="680" /> <Channel>System</Channel> <Computer>Evert-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">Security Center</Data> <Data Name="param2">running</Data> <Binary>7700730063007300760063002F0034000000</Binary> </EventData> </Event> Log Name: Microsoft-Windows-Kernel-Power/Thermal-Operational Source: Microsoft-Windows-Kernel-Power Date: 15/11/2011 18:26:27 Event ID: 82 Task Category: (79) Level: Information Keywords: (32) User: SYSTEM Computer: Evert-PC Description: ACPI thermal zone ACPI\ThermalZone\THRM has engaged passive cooling. EventTime = ‎2011‎-‎11‎-‎15T18:26:27.008042600Z _PSV = 368K _TMP = 368K _TC1 = 2 _TC2 = 3 _TSP = 3000ms Delta P = 0 _PSL - see event data. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> <EventID>82</EventID> <Version>0</Version> <Level>4</Level> <Task>79</Task> <Opcode>0</Opcode> <Keywords>0x1000000000000020</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:27.008042600Z" /> <EventRecordID>88</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="44" /> <Channel>Microsoft-Windows-Kernel-Power/Thermal-Operational</Channel> <Computer>Evert-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="ThermalZoneDeviceInstanceLength">21</Data> <Data Name="ThermalZoneDeviceInstance">ACPI\ThermalZone\THRM</Data> <Data Name="EventTime">2011-11-15T18:26:27.008042600Z</Data> <Data Name="PassiveCoolingStateLength">7</Data> <Data Name="PassiveCoolingState">engaged</Data> <Data Name="AffinityCount">1</Data> <Data Name="_PSV">368</Data> <Data Name="_TMP">368</Data> <Data Name="_TC1">2</Data> <Data Name="_TC2">3</Data> <Data Name="_TSP">3000</Data> <Data Name="DeltaP">0</Data> <ComplexData Name="_PSL">0300000000000000</ComplexData> </EventData> </Event> Log Name: Application Source: SecurityCenter Date: 15/11/2011 18:26:27 Event ID: 1 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Evert-PC Description: The Windows Security Center Service has started. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="SecurityCenter" /> <EventID Qualifiers="0">1</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-11-15T17:26:27.000000000Z" /> <EventRecordID>1038</EventRecordID> <Channel>Application</Channel> <Computer>Evert-PC</Computer> <Security /> </System> <EventData> </EventData> </Event>