2-hour hibernate failure [Windows XP Basics]

Prev: modem & AVG
Next: Just-In-Time Debugging

From: William B. Lurie on 10 Apr 2010 08:25

This is a new thread. See old stuff for history.

Okay, John, I'm using Clone2 and have started running your
investigatory programs.

> Service Name,Start Mode
> Alerter,Disabled,
> ALG,Manual,
> AppMgmt,Manual,
> aspnet_state,Manual,
> Ati HotKey Poller,Auto,
> ATI Smart,Auto,
> AudioSrv,Auto,
> Automatic LiveUpdate Scheduler,Disabled,
> BITS,Manual,
> Browser,Auto,
> CiSvc,Manual,
> ClipSrv,Disabled,
> clr_optimization_v2.0.50727_32,Manual,
> COMSysApp,Manual,
> CryptSvc,Auto,
> DcomLaunch,Auto,
> Dhcp,Auto,
> dmadmin,Manual,
> dmserver,Manual,
> Dnscache,Auto,
> ERSvc,Manual,
> Eventlog,Manual,
> EventSystem,Manual,
> FastUserSwitchingCompatibility,Manual,
> Fax,Manual,
> FontCache3.0.0.0,Manual,
> GEARSecurity,Disabled,
> helpsvc,Auto,
> HidServ,Disabled,
> HTTPFilter,Manual,
> IDriverT,Manual,
> idsvc,Manual,
> Imapi Helper,Manual,
> ImapiService,Manual,
> lanmanserver,Auto,
> lanmanworkstation,Auto,
> LexBceS,Auto,
> LiveUpdate,Manual,
> LmHosts,Auto,
> lxct_device,Auto,
> MBAMService,Manual,
> MDM,Auto,
> Messenger,Disabled,
> mnmsrvc,Manual,
> MSIServer,Manual,
> NetDDE,Disabled,
> NetDDEdsdm,Disabled,
> Netlogon,Manual,
> Netman,Manual,
> NetTcpPortSharing,Disabled,
> Nla,Manual,
> Norton AntiVirus,Auto,
> Norton Save and Restore,Auto,
> NProtectService,Auto,
> NtLmSsp,Manual,
> NtmsSvc,Manual,
> ose,Manual,
> PlugPlay,Auto,
> PolicyAgent,Manual,
> ProtectedStorage,Auto,
> psqlWGE,Auto,
> RasAuto,Disabled,
> RasMan,Manual,
> RDSessMgr,Manual,
> RemoteAccess,Disabled,
> RpcLocator,Manual,
> RpcSs,Auto,
> RSVP,Manual,
> SamSs,Auto,
> SCardSvr,Manual,
> Schedule,Auto,
> seclogon,Auto,
> SENS,Auto,
> SharedAccess,Auto,
> ShellHWDetection,Auto,
> Speed Disk service,Auto,
> Spooler,Auto,
> srservice,Auto,
> SSDPSRV,Manual,
> stisvc,Auto,
> SwPrv,Manual,
> Symantec RemoteAssist,Manual,
> SysmonLog,Manual,
> TapiSrv,Manual,
> TermService,Auto,
> Themes,Auto,
> TrkWks,Auto,
> upnphost,Manual,
> UPS,Manual,
> Viewpoint Manager Service,Auto,
> VSS,Manual,
> W32Time,Auto,
> WebClient,Auto,
> winmgmt,Auto,
> WmdmPmSN,Manual,
> WmiApSrv,Manual,
> WMPNetworkSvc,Manual,
> wscsvc,Disabled,
> wuauserv,Auto,
> WudfSvc,Manual,
> WZCSVC,Auto,
> xmlprov,Manual,

That's one.

>
> HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
> rdpclip
> rdpclip
> RDP Clip Monitor
> Microsoft Corporation
> 5.1.2600.2180
> c:\windows\system32\rdpclip.exe
> ab978e64b3cb5b78842bc2bdae19d0cd (MD5)
> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1)
>
> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
> C:\WINDOWS\system32\userinit.exe
> C:\WINDOWS\system32\userinit.exe
> Userinit Logon Application
> Microsoft Corporation
> 5.1.2600.2180
> c:\windows\system32\userinit.exe
> 39b1ffb03c2296323832acbae50d2aff (MD5)
> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1)
>
> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
> Explorer.exe
> Explorer.exe
> Windows Explorer
> Microsoft Corporation
> 6.0.2900.3156
> c:\windows\explorer.exe
> 97bd6515465659ff8f3b7be375b2ea87 (MD5)
> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1)
>
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> Recguard
> C:\WINDOWS\SMINST\RECGUARD.EXE
> Recguard Application
> 6.0.54.0
> c:\windows\sminst\recguard.exe
> f3eaea279f09a7779c18793c87640794 (MD5)
> 142d5cc0e87bcbfd8d23ef12956a3ecef0208006 (SHA-1)
> LXSUPMON
> C:\WINDOWS\system32\LXSUPMON.EXE RUN
> Supplies Monitor
> Lexmark International Inc.
> 3.0.105.1
> c:\windows\system32\lxsupmon.exe
> bdbd516e37761ed51e602a54873d24cd (MD5)
> 648754b111c8d14ad6b028020534836286800796 (SHA-1)
> HPBootOp
> "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
> HP Boot Optimizer
> Hewlett-Packard Company
> 3.0.0.0
> c:\program files\hewlett-packard\hp boot optimizer\hpbootop.exe
> a789b145f17fa5c2326907f4872fe173 (MD5)
> f04982c1c82b75b38e5da0ef838b6b2e753b3e6c (SHA-1)
> NSWosCheck
> "C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe"
> osCheck
> Symantec Corporation
> 12.0.0.52
> c:\program files\norton systemworks premier edition\oscheck.exe
> b9d7e074e0ee39ca1b6101ce0d7d8cc0 (MD5)
> c38060885884970d123d9aac58633309c91f5289 (SHA-1)
> TkBellExe
> "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
> RealNetworks Scheduler
> RealNetworks, Inc.
> 0.1.0.4043
> c:\program files\common files\real\update_ob\realsched.exe
> 28525d80ea1d33cf60b8ac318a5f1c82 (MD5)
> d66a9b76f6982d905029492310a3b3b6f111f2cb (SHA-1)
> SMSI Loader
> C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe /PRNDRV
> SMSI Loader
> Smith Micro Software, Inc.
> 1.4.0.0
> c:\program files\common files\smith micro shared\fax\smloader.exe
> e8187ccc1ea4575584cd22b2ae0b29fa (MD5)
> 3f1d727057f1978fe0e65444ce0edfa3e70da45d (SHA-1)
> NswUiTray
> C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
> Norton SystemWorks System Tray Module
> Symantec Corporation
> 12.0.0.52
> c:\program files\norton systemworks premier edition\nswuitray.exe
> 342b0d08fdf4ddaa5ac01aec50f95d77 (MD5)
> 330e1c7495aa61e65d606acb8d7f00c87e582225 (SHA-1)
> Norton Save and Restore 2.0
> "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
> Tray Application
> Symantec Corporation
> 2.0.7.29210
> c:\program files\norton save and restore\agent\vprotray.exe
> 3ccbdad4dbc7f1feda9454a4f5f32526 (MD5)
> 5e9b559597c300ed28a4157e267fafbe3e546fb2 (SHA-1)
> KernelFaultCheck
> %systemroot%\system32\dumprep 0 -k
> Windows Error Reporting Dump Reporting Tool
> Microsoft Corporation
> 5.1.2600.2180
> c:\windows\system32\dumprep.exe
> 13922eb54890c77005268882629a31fe (MD5)
> 0504e67f338bfe08a1a694dea598fecc603e6695 (SHA-1)
> MSConfig
> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
> System Configuration Utility
> Microsoft Corporation
> 5.1.2600.2764
> c:\windows\pchealth\helpctr\binaries\msconfig.exe
> 3c60aefa68efa2c4d13ab6b68fe82b81 (MD5)
> abdb5d622a86473732671f5d5d2d7ba458af656e (SHA-1)
> lxctmon.exe
> "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
> Device Monitor
> 0.1.25.0
> c:\program files\lexmark 5400 series\lxctmon.exe
> 623f89715522b2f4e14a1a21d4fc272a (MD5)
> 83caaed7b3c6c9698bdb8964eda44acbfbc48b4e (SHA-1)
> Lexmark 5400 Series Fax Server
> "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
> Fax Man Server
> 0.1.4.1
> c:\program files\lexmark 5400 series\fm3032.exe
> 6c9fb7a576813630c7f0ac9244c5b5d6 (MD5)
> 7fd7485f93cd0bfc0904dbb5f260f3c54b1cbc63 (SHA-1)
> EzPrint
> "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
> Lexmark Fast Pics Application
> Lexmark International Inc.
> 2.0.40.0
> c:\program files\lexmark 5400 series\ezprint.exe
> 404f68eaa178e29d2a96121a5184bc70 (MD5)
> b8a6345ce3672c988d93700e235d8d6965f36072 (SHA-1)
> LXCTCATS
> rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16
> Lexmark Connect Timer DLL
> Lexmark International Inc.
> 1.20.0.0
> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll
> e9b2e1938b478881a0ce79b6bb9ac31c (MD5)
> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1)
> Adobe Reader Speed Launcher
> "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
> Adobe Acrobat SpeedLauncher
> Adobe Systems Incorporated
> 9.3.0.148
> c:\program files\adobe\reader 9.0\reader\reader_sl.exe
> 466ce40eaa865752f4930a472563e4e1 (MD5)
> e2f61f354d97b75638da96efa73309cf837e8b7a (SHA-1)
> Adobe ARM
> "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
> Adobe Reader and Acrobat Manager
> Adobe Systems Incorporated
> 1.1.5.0
> c:\program files\common files\adobe\arm\1.0\adobearm.exe
> 73bb442a717b9bb0097c243374c14a3e (MD5)
> a8624bdf847a13ff5eaf9fea5302ca5f181ae9dc (SHA-1)
> RTHDCPL
> RTHDCPL.EXE
> Realtek HD Audio Control Panel
> Realtek Semiconductor Corp.
> 2.2.6.2
> c:\windows\rthdcpl.exe
> b5dbe74457d015ec8d4f2cd43d52906d (MD5)
> f949ae47a20745d705cfc697e99cf2943ba87fae (SHA-1)
> Alcmtr
> ALCMTR.EXE
> Realtek Azalia Audio - Event Monitor
> Realtek Semiconductor Corp.
> 1.6.0.3
> c:\windows\alcmtr.exe
> ea31039e691c6f8f5469649526eea5fb (MD5)
> 529f2e778b0a17377e93c19caa05f8a87138ffcd (SHA-1)
> ISUSPM Startup
> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> InstallShield Update Service Update Manager
> InstallShield Software Corporation
> 3.10.100.1155
> c:\program files\common files\installshield\updateservice\isuspm.exe
> fb9e5c251cf6c37749f296bacb34a69b (MD5)
> 726df7171d5f28f922d6a258cdb6b0c18a257c91 (SHA-1)
> QuickTime Task
> "C:\Program Files\QuickTime\QTTask.exe" -atboottime
> QuickTime Task
> Apple Inc.
> 7.6.5.0
> c:\program files\quicktime\qttask.exe
> 55d7a219ad8d0db8980528944152a6fd (MD5)
> 8d1ac5c5424b24a2f79f91fb67aa4107ed766444 (SHA-1)
>
> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
> ctfmon.exe
> C:\windows\system32\ctfmon.exe
> CTF Loader
> Microsoft Corporation
> 5.1.2600.2180
> c:\windows\system32\ctfmon.exe
> 24232996a38c0b0cf151c2140ae29fc8 (MD5)
> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1)
> Gadwin PrintScreen
> C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
> Gadwin PrintScreen
> Gadwin Systems, Inc
> 4.3.0.0
> c:\program files\gadwin systems\printscreen\printscreen.exe
> 270a7537f750ee66ee41be987cbc0146 (MD5)
> 5ce9246b7a4808cde629318d46e70e4829b67e00 (SHA-1)

And there's the other. I'm running the Clone now as a fully operational
system, online, with AV protection. If and when you ask me to make
any changes and tests that might be affected, I can pull the phone plug.

From: John John - MVP on 10 Apr 2010 09:30

William B. Lurie wrote:
> This is a new thread. See old stuff for history.
>
> Okay, John, I'm using Clone2 and have started running your
> investigatory programs.
>
>> Service Name,Start Mode
>> Alerter,Disabled,
>> ALG,Manual,
>> AppMgmt,Manual,
>> aspnet_state,Manual,
>> Ati HotKey Poller,Auto,
>> ATI Smart,Auto,
>> AudioSrv,Auto,
>> Automatic LiveUpdate Scheduler,Disabled,
>> BITS,Manual,
>> Browser,Auto,
>> CiSvc,Manual,
>> ClipSrv,Disabled,
>> clr_optimization_v2.0.50727_32,Manual,
>> COMSysApp,Manual,
>> CryptSvc,Auto,
>> DcomLaunch,Auto,
>> Dhcp,Auto,
>> dmadmin,Manual,
>> dmserver,Manual,
>> Dnscache,Auto,
>> ERSvc,Manual,
>> Eventlog,Manual,
>> EventSystem,Manual,
>> FastUserSwitchingCompatibility,Manual,
>> Fax,Manual,
>> FontCache3.0.0.0,Manual,
>> GEARSecurity,Disabled,
>> helpsvc,Auto,
>> HidServ,Disabled,
>> HTTPFilter,Manual,
>> IDriverT,Manual,
>> idsvc,Manual,
>> Imapi Helper,Manual,
>> ImapiService,Manual,
>> lanmanserver,Auto,
>> lanmanworkstation,Auto,
>> LexBceS,Auto,
>> LiveUpdate,Manual,
>> LmHosts,Auto,
>> lxct_device,Auto,
>> MBAMService,Manual,
>> MDM,Auto,
>> Messenger,Disabled,
>> mnmsrvc,Manual,
>> MSIServer,Manual,
>> NetDDE,Disabled,
>> NetDDEdsdm,Disabled,
>> Netlogon,Manual,
>> Netman,Manual,
>> NetTcpPortSharing,Disabled,
>> Nla,Manual,
>> Norton AntiVirus,Auto,
>> Norton Save and Restore,Auto,
>> NProtectService,Auto,
>> NtLmSsp,Manual,
>> NtmsSvc,Manual,
>> ose,Manual,
>> PlugPlay,Auto,
>> PolicyAgent,Manual,
>> ProtectedStorage,Auto,
>> psqlWGE,Auto,
>> RasAuto,Disabled,
>> RasMan,Manual,
>> RDSessMgr,Manual,
>> RemoteAccess,Disabled,
>> RpcLocator,Manual,
>> RpcSs,Auto,
>> RSVP,Manual,
>> SamSs,Auto,
>> SCardSvr,Manual,
>> Schedule,Auto,
>> seclogon,Auto,
>> SENS,Auto,
>> SharedAccess,Auto,
>> ShellHWDetection,Auto,
>> Speed Disk service,Auto,
>> Spooler,Auto,
>> srservice,Auto,
>> SSDPSRV,Manual,
>> stisvc,Auto,
>> SwPrv,Manual,
>> Symantec RemoteAssist,Manual,
>> SysmonLog,Manual,
>> TapiSrv,Manual,
>> TermService,Auto,
>> Themes,Auto,
>> TrkWks,Auto,
>> upnphost,Manual,
>> UPS,Manual,
>> Viewpoint Manager Service,Auto,
>> VSS,Manual,
>> W32Time,Auto,
>> WebClient,Auto,
>> winmgmt,Auto,
>> WmdmPmSN,Manual,
>> WmiApSrv,Manual,
>> WMPNetworkSvc,Manual,
>> wscsvc,Disabled,
>> wuauserv,Auto,
>> WudfSvc,Manual,
>> WZCSVC,Auto,
>> xmlprov,Manual,
>
> That's one.
>
>>
>> HKLM\System\CurrentControlSet\Control\Terminal
>> Server\Wds\rdpwd\StartupPrograms
>> rdpclip
>> rdpclip
>> RDP Clip Monitor
>> Microsoft Corporation
>> 5.1.2600.2180
>> c:\windows\system32\rdpclip.exe
>> ab978e64b3cb5b78842bc2bdae19d0cd (MD5)
>> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1)
>>
>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
>> C:\WINDOWS\system32\userinit.exe
>> C:\WINDOWS\system32\userinit.exe
>> Userinit Logon Application
>> Microsoft Corporation
>> 5.1.2600.2180
>> c:\windows\system32\userinit.exe
>> 39b1ffb03c2296323832acbae50d2aff (MD5)
>> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1)
>>
>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
>> Explorer.exe
>> Explorer.exe
>> Windows Explorer
>> Microsoft Corporation
>> 6.0.2900.3156
>> c:\windows\explorer.exe
>> 97bd6515465659ff8f3b7be375b2ea87 (MD5)
>> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1)
>>
>> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> Recguard
>> C:\WINDOWS\SMINST\RECGUARD.EXE
>> Recguard Application
>> 6.0.54.0
>> c:\windows\sminst\recguard.exe
>> f3eaea279f09a7779c18793c87640794 (MD5)
>> 142d5cc0e87bcbfd8d23ef12956a3ecef0208006 (SHA-1)
>> LXSUPMON
>> C:\WINDOWS\system32\LXSUPMON.EXE RUN
>> Supplies Monitor
>> Lexmark International Inc.
>> 3.0.105.1
>> c:\windows\system32\lxsupmon.exe
>> bdbd516e37761ed51e602a54873d24cd (MD5)
>> 648754b111c8d14ad6b028020534836286800796 (SHA-1)
>> HPBootOp
>> "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
>> /run
>> HP Boot Optimizer
>> Hewlett-Packard Company
>> 3.0.0.0
>> c:\program files\hewlett-packard\hp boot optimizer\hpbootop.exe
>> a789b145f17fa5c2326907f4872fe173 (MD5)
>> f04982c1c82b75b38e5da0ef838b6b2e753b3e6c (SHA-1)
>> NSWosCheck
>> "C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe"
>> osCheck
>> Symantec Corporation
>> 12.0.0.52
>> c:\program files\norton systemworks premier edition\oscheck.exe
>> b9d7e074e0ee39ca1b6101ce0d7d8cc0 (MD5)
>> c38060885884970d123d9aac58633309c91f5289 (SHA-1)
>> TkBellExe
>> "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
>> -osboot
>> RealNetworks Scheduler
>> RealNetworks, Inc.
>> 0.1.0.4043
>> c:\program files\common files\real\update_ob\realsched.exe
>> 28525d80ea1d33cf60b8ac318a5f1c82 (MD5)
>> d66a9b76f6982d905029492310a3b3b6f111f2cb (SHA-1)
>> SMSI Loader
>> C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
>> /PRNDRV
>> SMSI Loader
>> Smith Micro Software, Inc.
>> 1.4.0.0
>> c:\program files\common files\smith micro shared\fax\smloader.exe
>> e8187ccc1ea4575584cd22b2ae0b29fa (MD5)
>> 3f1d727057f1978fe0e65444ce0edfa3e70da45d (SHA-1)
>> NswUiTray
>> C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
>> Norton SystemWorks System Tray Module
>> Symantec Corporation
>> 12.0.0.52
>> c:\program files\norton systemworks premier edition\nswuitray.exe
>> 342b0d08fdf4ddaa5ac01aec50f95d77 (MD5)
>> 330e1c7495aa61e65d606acb8d7f00c87e582225 (SHA-1)
>> Norton Save and Restore 2.0
>> "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
>> Tray Application
>> Symantec Corporation
>> 2.0.7.29210
>> c:\program files\norton save and restore\agent\vprotray.exe
>> 3ccbdad4dbc7f1feda9454a4f5f32526 (MD5)
>> 5e9b559597c300ed28a4157e267fafbe3e546fb2 (SHA-1)
>> KernelFaultCheck
>> %systemroot%\system32\dumprep 0 -k
>> Windows Error Reporting Dump Reporting Tool
>> Microsoft Corporation
>> 5.1.2600.2180
>> c:\windows\system32\dumprep.exe
>> 13922eb54890c77005268882629a31fe (MD5)
>> 0504e67f338bfe08a1a694dea598fecc603e6695 (SHA-1)
>> MSConfig
>> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
>> System Configuration Utility
>> Microsoft Corporation
>> 5.1.2600.2764
>> c:\windows\pchealth\helpctr\binaries\msconfig.exe
>> 3c60aefa68efa2c4d13ab6b68fe82b81 (MD5)
>> abdb5d622a86473732671f5d5d2d7ba458af656e (SHA-1)
>> lxctmon.exe
>> "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
>> Device Monitor
>> 0.1.25.0
>> c:\program files\lexmark 5400 series\lxctmon.exe
>> 623f89715522b2f4e14a1a21d4fc272a (MD5)
>> 83caaed7b3c6c9698bdb8964eda44acbfbc48b4e (SHA-1)
>> Lexmark 5400 Series Fax Server
>> "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
>> Fax Man Server
>> 0.1.4.1
>> c:\program files\lexmark 5400 series\fm3032.exe
>> 6c9fb7a576813630c7f0ac9244c5b5d6 (MD5)
>> 7fd7485f93cd0bfc0904dbb5f260f3c54b1cbc63 (SHA-1)
>> EzPrint
>> "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
>> Lexmark Fast Pics Application
>> Lexmark International Inc.
>> 2.0.40.0
>> c:\program files\lexmark 5400 series\ezprint.exe
>> 404f68eaa178e29d2a96121a5184bc70 (MD5)
>> b8a6345ce3672c988d93700e235d8d6965f36072 (SHA-1)
>> LXCTCATS
>> rundll32
>> C:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16
>> Lexmark Connect Timer DLL
>> Lexmark International Inc.
>> 1.20.0.0
>> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll
>> e9b2e1938b478881a0ce79b6bb9ac31c (MD5)
>> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1)
>> Adobe Reader Speed Launcher
>> "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
>> Adobe Acrobat SpeedLauncher
>> Adobe Systems Incorporated
>> 9.3.0.148
>> c:\program files\adobe\reader 9.0\reader\reader_sl.exe
>> 466ce40eaa865752f4930a472563e4e1 (MD5)
>> e2f61f354d97b75638da96efa73309cf837e8b7a (SHA-1)
>> Adobe ARM
>> "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
>> Adobe Reader and Acrobat Manager
>> Adobe Systems Incorporated
>> 1.1.5.0
>> c:\program files\common files\adobe\arm\1.0\adobearm.exe
>> 73bb442a717b9bb0097c243374c14a3e (MD5)
>> a8624bdf847a13ff5eaf9fea5302ca5f181ae9dc (SHA-1)
>> RTHDCPL
>> RTHDCPL.EXE
>> Realtek HD Audio Control Panel
>> Realtek Semiconductor Corp.
>> 2.2.6.2
>> c:\windows\rthdcpl.exe
>> b5dbe74457d015ec8d4f2cd43d52906d (MD5)
>> f949ae47a20745d705cfc697e99cf2943ba87fae (SHA-1)
>> Alcmtr
>> ALCMTR.EXE
>> Realtek Azalia Audio - Event Monitor
>> Realtek Semiconductor Corp.
>> 1.6.0.3
>> c:\windows\alcmtr.exe
>> ea31039e691c6f8f5469649526eea5fb (MD5)
>> 529f2e778b0a17377e93c19caa05f8a87138ffcd (SHA-1)
>> ISUSPM Startup
>> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
>> InstallShield Update Service Update Manager
>> InstallShield Software Corporation
>> 3.10.100.1155
>> c:\program files\common files\installshield\updateservice\isuspm.exe
>> fb9e5c251cf6c37749f296bacb34a69b (MD5)
>> 726df7171d5f28f922d6a258cdb6b0c18a257c91 (SHA-1)
>> QuickTime Task
>> "C:\Program Files\QuickTime\QTTask.exe" -atboottime
>> QuickTime Task
>> Apple Inc.
>> 7.6.5.0
>> c:\program files\quicktime\qttask.exe
>> 55d7a219ad8d0db8980528944152a6fd (MD5)
>> 8d1ac5c5424b24a2f79f91fb67aa4107ed766444 (SHA-1)
>>
>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>> ctfmon.exe
>> C:\windows\system32\ctfmon.exe
>> CTF Loader
>> Microsoft Corporation
>> 5.1.2600.2180
>> c:\windows\system32\ctfmon.exe
>> 24232996a38c0b0cf151c2140ae29fc8 (MD5)
>> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1)
>> Gadwin PrintScreen
>> C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
>> /nosplash
>> Gadwin PrintScreen
>> Gadwin Systems, Inc
>> 4.3.0.0
>> c:\program files\gadwin systems\printscreen\printscreen.exe
>> 270a7537f750ee66ee41be987cbc0146 (MD5)
>> 5ce9246b7a4808cde629318d46e70e4829b67e00 (SHA-1)
>
> And there's the other. I'm running the Clone now as a fully operational
> system, online, with AV protection.

Is Norton providing firewall protection?

Also, please provide the results of the "net start" and "tasklist /svc"
commands.

John

From: William B. Lurie on 10 Apr 2010 10:20

John John - MVP wrote:
> William B. Lurie wrote:
>> This is a new thread. See old stuff for history.
>>
>> Okay, John, I'm using Clone2 and have started running your
>> investigatory programs.
>>
>>> Service Name,Start Mode
>>> Alerter,Disabled,
>>> ALG,Manual,
>>> AppMgmt,Manual,
>>> aspnet_state,Manual,
>>> Ati HotKey Poller,Auto,
>>> ATI Smart,Auto,
>>> AudioSrv,Auto,
>>> Automatic LiveUpdate Scheduler,Disabled,
>>> BITS,Manual,
>>> Browser,Auto,
>>> CiSvc,Manual,
>>> ClipSrv,Disabled,
>>> clr_optimization_v2.0.50727_32,Manual,
>>> COMSysApp,Manual,
>>> CryptSvc,Auto,
>>> DcomLaunch,Auto,
>>> Dhcp,Auto,
>>> dmadmin,Manual,
>>> dmserver,Manual,
>>> Dnscache,Auto,
>>> ERSvc,Manual,
>>> Eventlog,Manual,
>>> EventSystem,Manual,
>>> FastUserSwitchingCompatibility,Manual,
>>> Fax,Manual,
>>> FontCache3.0.0.0,Manual,
>>> GEARSecurity,Disabled,
>>> helpsvc,Auto,
>>> HidServ,Disabled,
>>> HTTPFilter,Manual,
>>> IDriverT,Manual,
>>> idsvc,Manual,
>>> Imapi Helper,Manual,
>>> ImapiService,Manual,
>>> lanmanserver,Auto,
>>> lanmanworkstation,Auto,
>>> LexBceS,Auto,
>>> LiveUpdate,Manual,
>>> LmHosts,Auto,
>>> lxct_device,Auto,
>>> MBAMService,Manual,
>>> MDM,Auto,
>>> Messenger,Disabled,
>>> mnmsrvc,Manual,
>>> MSIServer,Manual,
>>> NetDDE,Disabled,
>>> NetDDEdsdm,Disabled,
>>> Netlogon,Manual,
>>> Netman,Manual,
>>> NetTcpPortSharing,Disabled,
>>> Nla,Manual,
>>> Norton AntiVirus,Auto,
>>> Norton Save and Restore,Auto,
>>> NProtectService,Auto,
>>> NtLmSsp,Manual,
>>> NtmsSvc,Manual,
>>> ose,Manual,
>>> PlugPlay,Auto,
>>> PolicyAgent,Manual,
>>> ProtectedStorage,Auto,
>>> psqlWGE,Auto,
>>> RasAuto,Disabled,
>>> RasMan,Manual,
>>> RDSessMgr,Manual,
>>> RemoteAccess,Disabled,
>>> RpcLocator,Manual,
>>> RpcSs,Auto,
>>> RSVP,Manual,
>>> SamSs,Auto,
>>> SCardSvr,Manual,
>>> Schedule,Auto,
>>> seclogon,Auto,
>>> SENS,Auto,
>>> SharedAccess,Auto,
>>> ShellHWDetection,Auto,
>>> Speed Disk service,Auto,
>>> Spooler,Auto,
>>> srservice,Auto,
>>> SSDPSRV,Manual,
>>> stisvc,Auto,
>>> SwPrv,Manual,
>>> Symantec RemoteAssist,Manual,
>>> SysmonLog,Manual,
>>> TapiSrv,Manual,
>>> TermService,Auto,
>>> Themes,Auto,
>>> TrkWks,Auto,
>>> upnphost,Manual,
>>> UPS,Manual,
>>> Viewpoint Manager Service,Auto,
>>> VSS,Manual,
>>> W32Time,Auto,
>>> WebClient,Auto,
>>> winmgmt,Auto,
>>> WmdmPmSN,Manual,
>>> WmiApSrv,Manual,
>>> WMPNetworkSvc,Manual,
>>> wscsvc,Disabled,
>>> wuauserv,Auto,
>>> WudfSvc,Manual,
>>> WZCSVC,Auto,
>>> xmlprov,Manual,
>>
>> That's one.
>>
>>>
>>> HKLM\System\CurrentControlSet\Control\Terminal
>>> Server\Wds\rdpwd\StartupPrograms
>>> rdpclip
>>> rdpclip
>>> RDP Clip Monitor
>>> Microsoft Corporation
>>> 5.1.2600.2180
>>> c:\windows\system32\rdpclip.exe
>>> ab978e64b3cb5b78842bc2bdae19d0cd (MD5)
>>> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1)
>>>
>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
>>> C:\WINDOWS\system32\userinit.exe
>>> C:\WINDOWS\system32\userinit.exe
>>> Userinit Logon Application
>>> Microsoft Corporation
>>> 5.1.2600.2180
>>> c:\windows\system32\userinit.exe
>>> 39b1ffb03c2296323832acbae50d2aff (MD5)
>>> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1)
>>>
>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
>>> Explorer.exe
>>> Explorer.exe
>>> Windows Explorer
>>> Microsoft Corporation
>>> 6.0.2900.3156
>>> c:\windows\explorer.exe
>>> 97bd6515465659ff8f3b7be375b2ea87 (MD5)
>>> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1)
>>>
>>> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>>> Recguard
>>> C:\WINDOWS\SMINST\RECGUARD.EXE
>>> Recguard Application
>>> 6.0.54.0
>>> c:\windows\sminst\recguard.exe
>>> f3eaea279f09a7779c18793c87640794 (MD5)
>>> 142d5cc0e87bcbfd8d23ef12956a3ecef0208006 (SHA-1)
>>> LXSUPMON
>>> C:\WINDOWS\system32\LXSUPMON.EXE RUN
>>> Supplies Monitor
>>> Lexmark International Inc.
>>> 3.0.105.1
>>> c:\windows\system32\lxsupmon.exe
>>> bdbd516e37761ed51e602a54873d24cd (MD5)
>>> 648754b111c8d14ad6b028020534836286800796 (SHA-1)
>>> HPBootOp
>>> "C:\Program Files\Hewlett-Packard\HP Boot
>>> Optimizer\HPBootOp.exe" /run
>>> HP Boot Optimizer
>>> Hewlett-Packard Company
>>> 3.0.0.0
>>> c:\program files\hewlett-packard\hp boot optimizer\hpbootop.exe
>>> a789b145f17fa5c2326907f4872fe173 (MD5)
>>> f04982c1c82b75b38e5da0ef838b6b2e753b3e6c (SHA-1)
>>> NSWosCheck
>>> "C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe"
>>> osCheck
>>> Symantec Corporation
>>> 12.0.0.52
>>> c:\program files\norton systemworks premier edition\oscheck.exe
>>> b9d7e074e0ee39ca1b6101ce0d7d8cc0 (MD5)
>>> c38060885884970d123d9aac58633309c91f5289 (SHA-1)
>>> TkBellExe
>>> "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
>>> -osboot
>>> RealNetworks Scheduler
>>> RealNetworks, Inc.
>>> 0.1.0.4043
>>> c:\program files\common files\real\update_ob\realsched.exe
>>> 28525d80ea1d33cf60b8ac318a5f1c82 (MD5)
>>> d66a9b76f6982d905029492310a3b3b6f111f2cb (SHA-1)
>>> SMSI Loader
>>> C:\Program Files\Common Files\Smith Micro
>>> Shared\Fax\SMLoader.exe /PRNDRV
>>> SMSI Loader
>>> Smith Micro Software, Inc.
>>> 1.4.0.0
>>> c:\program files\common files\smith micro shared\fax\smloader.exe
>>> e8187ccc1ea4575584cd22b2ae0b29fa (MD5)
>>> 3f1d727057f1978fe0e65444ce0edfa3e70da45d (SHA-1)
>>> NswUiTray
>>> C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
>>> Norton SystemWorks System Tray Module
>>> Symantec Corporation
>>> 12.0.0.52
>>> c:\program files\norton systemworks premier edition\nswuitray.exe
>>> 342b0d08fdf4ddaa5ac01aec50f95d77 (MD5)
>>> 330e1c7495aa61e65d606acb8d7f00c87e582225 (SHA-1)
>>> Norton Save and Restore 2.0
>>> "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
>>> Tray Application
>>> Symantec Corporation
>>> 2.0.7.29210
>>> c:\program files\norton save and restore\agent\vprotray.exe
>>> 3ccbdad4dbc7f1feda9454a4f5f32526 (MD5)
>>> 5e9b559597c300ed28a4157e267fafbe3e546fb2 (SHA-1)
>>> KernelFaultCheck
>>> %systemroot%\system32\dumprep 0 -k
>>> Windows Error Reporting Dump Reporting Tool
>>> Microsoft Corporation
>>> 5.1.2600.2180
>>> c:\windows\system32\dumprep.exe
>>> 13922eb54890c77005268882629a31fe (MD5)
>>> 0504e67f338bfe08a1a694dea598fecc603e6695 (SHA-1)
>>> MSConfig
>>> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
>>> System Configuration Utility
>>> Microsoft Corporation
>>> 5.1.2600.2764
>>> c:\windows\pchealth\helpctr\binaries\msconfig.exe
>>> 3c60aefa68efa2c4d13ab6b68fe82b81 (MD5)
>>> abdb5d622a86473732671f5d5d2d7ba458af656e (SHA-1)
>>> lxctmon.exe
>>> "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
>>> Device Monitor
>>> 0.1.25.0
>>> c:\program files\lexmark 5400 series\lxctmon.exe
>>> 623f89715522b2f4e14a1a21d4fc272a (MD5)
>>> 83caaed7b3c6c9698bdb8964eda44acbfbc48b4e (SHA-1)
>>> Lexmark 5400 Series Fax Server
>>> "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
>>> Fax Man Server
>>> 0.1.4.1
>>> c:\program files\lexmark 5400 series\fm3032.exe
>>> 6c9fb7a576813630c7f0ac9244c5b5d6 (MD5)
>>> 7fd7485f93cd0bfc0904dbb5f260f3c54b1cbc63 (SHA-1)
>>> EzPrint
>>> "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
>>> Lexmark Fast Pics Application
>>> Lexmark International Inc.
>>> 2.0.40.0
>>> c:\program files\lexmark 5400 series\ezprint.exe
>>> 404f68eaa178e29d2a96121a5184bc70 (MD5)
>>> b8a6345ce3672c988d93700e235d8d6965f36072 (SHA-1)
>>> LXCTCATS
>>> rundll32
>>> C:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16
>>> Lexmark Connect Timer DLL
>>> Lexmark International Inc.
>>> 1.20.0.0
>>> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll
>>> e9b2e1938b478881a0ce79b6bb9ac31c (MD5)
>>> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1)
>>> Adobe Reader Speed Launcher
>>> "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
>>> Adobe Acrobat SpeedLauncher
>>> Adobe Systems Incorporated
>>> 9.3.0.148
>>> c:\program files\adobe\reader 9.0\reader\reader_sl.exe
>>> 466ce40eaa865752f4930a472563e4e1 (MD5)
>>> e2f61f354d97b75638da96efa73309cf837e8b7a (SHA-1)
>>> Adobe ARM
>>> "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
>>> Adobe Reader and Acrobat Manager
>>> Adobe Systems Incorporated
>>> 1.1.5.0
>>> c:\program files\common files\adobe\arm\1.0\adobearm.exe
>>> 73bb442a717b9bb0097c243374c14a3e (MD5)
>>> a8624bdf847a13ff5eaf9fea5302ca5f181ae9dc (SHA-1)
>>> RTHDCPL
>>> RTHDCPL.EXE
>>> Realtek HD Audio Control Panel
>>> Realtek Semiconductor Corp.
>>> 2.2.6.2
>>> c:\windows\rthdcpl.exe
>>> b5dbe74457d015ec8d4f2cd43d52906d (MD5)
>>> f949ae47a20745d705cfc697e99cf2943ba87fae (SHA-1)
>>> Alcmtr
>>> ALCMTR.EXE
>>> Realtek Azalia Audio - Event Monitor
>>> Realtek Semiconductor Corp.
>>> 1.6.0.3
>>> c:\windows\alcmtr.exe
>>> ea31039e691c6f8f5469649526eea5fb (MD5)
>>> 529f2e778b0a17377e93c19caa05f8a87138ffcd (SHA-1)
>>> ISUSPM Startup
>>> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
>>> InstallShield Update Service Update Manager
>>> InstallShield Software Corporation
>>> 3.10.100.1155
>>> c:\program files\common
>>> files\installshield\updateservice\isuspm.exe
>>> fb9e5c251cf6c37749f296bacb34a69b (MD5)
>>> 726df7171d5f28f922d6a258cdb6b0c18a257c91 (SHA-1)
>>> QuickTime Task
>>> "C:\Program Files\QuickTime\QTTask.exe" -atboottime
>>> QuickTime Task
>>> Apple Inc.
>>> 7.6.5.0
>>> c:\program files\quicktime\qttask.exe
>>> 55d7a219ad8d0db8980528944152a6fd (MD5)
>>> 8d1ac5c5424b24a2f79f91fb67aa4107ed766444 (SHA-1)
>>>
>>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>>> ctfmon.exe
>>> C:\windows\system32\ctfmon.exe
>>> CTF Loader
>>> Microsoft Corporation
>>> 5.1.2600.2180
>>> c:\windows\system32\ctfmon.exe
>>> 24232996a38c0b0cf151c2140ae29fc8 (MD5)
>>> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1)
>>> Gadwin PrintScreen
>>> C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
>>> /nosplash
>>> Gadwin PrintScreen
>>> Gadwin Systems, Inc
>>> 4.3.0.0
>>> c:\program files\gadwin systems\printscreen\printscreen.exe
>>> 270a7537f750ee66ee41be987cbc0146 (MD5)
>>> 5ce9246b7a4808cde629318d46e70e4829b67e00 (SHA-1)
>>
>> And there's the other. I'm running the Clone now as a fully
>> operational system, online, with AV protection.
>
> Is Norton providing firewall protection?
>
> Also, please provide the results of the "net start" and "tasklist /svc"
> commands.
>
> John
Norton firewall? I really don't know, John. I know I
have Windows Firewall on..... I'll check and advise.
Now you asked for:

These Windows services are started:

Application Layer Gateway Service
Ati HotKey Poller
Automatic Updates
Background Intelligent Transfer Service
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Event Log
Fast User Switching Compatibility
Help and Support
LexBce Server
lxct_device
Machine Debug Manager
Network Connections
Network Location Awareness (NLA)
Norton AntiVirus
Norton Save and Restore
Norton UnErase Protection
Pervasive PSQL Workgroup Engine
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
Speed Disk service
SSDP Discovery Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Viewpoint Manager Service
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation

The command completed successfully.

Image Name PID Services

========================= ======
=============================================
System Idle Process 0 N/A

System 4 N/A

smss.exe 1200 N/A

csrss.exe 1280 N/A

winlogon.exe 1312 N/A

services.exe 1356 Eventlog, PlugPlay

lsass.exe 1368 ProtectedStorage, SamSs

ati2evxx.exe 1528 Ati HotKey Poller

svchost.exe 1548 DcomLaunch, TermService

svchost.exe 1672 RpcSs

svchost.exe 1840 AudioSrv, BITS, CryptSvc, Dhcp,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc,
lanmanserver, lanmanworkstation,
Netman,
Nla, RasMan, Schedule, seclogon, SENS,

SharedAccess, ShellHWDetection,
TapiSrv,
Themes, TrkWks, W32Time, winmgmt,
wuauserv,
WZCSVC

svchost.exe 1916 Dnscache

ati2evxx.exe 204 N/A

svchost.exe 240 LmHosts, SSDPSRV

explorer.exe 696 N/A

LEXBCES.EXE 772 LexBceS

spoolsv.exe 824 Spooler

LEXPPS.EXE 860 N/A

svchost.exe 1068 WebClient

lxctcoms.exe 1216 lxct_device

LXSUPMON.EXE 1444 N/A

MDM.EXE 1576 MDM

realsched.exe 1824 N/A

SMLoader.exe 1832 N/A

NswUiTray.exe 1864 N/A

VProTray.exe 1892 N/A

lxctmon.exe 1972 N/A

ccSvcHst.exe 1980 Norton AntiVirus

ezprint.exe 2024 N/A

RTHDCPL.EXE 156 N/A

VProSvc.exe 292 Norton Save and Restore

ctfmon.exe 596 N/A

PrintScreen.exe 584 N/A

NPROTECT.EXE 1640 NProtectService

w3dbsmgr.exe 1936 psqlWGE

NOPDB.exe 2352 Speed Disk service

svchost.exe 2392 stisvc

ViewpointService.exe 2492 Viewpoint Manager Service

ccSvcHst.exe 3464 N/A

alg.exe 3952 ALG

hpsysdrv.exe 1332 N/A

issch.exe 992 N/A

thunderbird.exe 3680 N/A

cmd.exe 448 N/A

tasklist.exe 540 N/A

wmiprvse.exe 728 N/A

From: William B. Lurie on 10 Apr 2010 10:27

John John - MVP wrote:
(snip)>
> Is Norton providing firewall protection?

The answer is *no*, John. They say they don't have
one so that each user can use a Firewall of his choice.
>
Bill

From: John John - MVP on 11 Apr 2010 09:13

William B. Lurie wrote:

>> Okay, John, I installed and ran Starter but of the 20-odd items, half
>> are mystery items, system items (ctfmon. etcetera) that I don't dare
>> touch. I'll study it some more and x-out a bunch, but I have no
>> confidence that it will affect the hibernate problem at all. Think
>> about it when you can spare the time.
>> Bill
> After some hours on and off of using Starter very minimally, I find
> that it has done something very disturbing to the way the system boots.
> I get the black screen with Windows logo, and then the first blue
> screen, and it never gets to the blue Welcome screen or desktop by
> itself.

| Next | Last
Pages: 1 2 3 4 5 6 7 8 9 10
Prev: modem & AVG
Next: Just-In-Time Debugging