WIA and hibernation again
in [Windows XP Basics]
|
Prev: Pressing Change Password -button in WIN XP causes reboot
Next: Microsoft caught pirating somebody's patent again!!!
From: William B. Lurie on 30 Mar 2010 11:46 John John - MVP wrote: > William B. Lurie wrote: >> William B. Lurie wrote: >>> Unknown wrote: >>>> Since you have Viewpoint Manager Service started in services, have >>>> you opened it and disabled auto update? >>>> Could be this service is looking for updates for viewpoint products >>>> and thusly not allowing hibernation. >>> >>> (snip) >>> Well, I didn't consciously install it, have never intentionally used >>> it and don't know what it's for, I'll certainly disable it and see >>> what >>> that does for me, good or bad. Thanks. >> >> And now, John, some new evidence elicited from Clean Booth overnight >> run on Clone system, with phone line disconnected: >> >> Note that the first of the questionable Events on System was a >> newbie.... Application Layer Gateway Service started.....From >> then on, it was every hour, another intrusion calol to WIA..... >> Does that tell anything? > > I'm not so sure that your "Clean Boot" is all that clean... I suspect > that Norton plays a role in the ALG request to the Service Control > Manager. The WIA... I suspect your web cam or your Lexmark printer. > From the clone after you boot do the Net Start and the Tasklist /svc > commands and see what is running when you clean boot. > > Also run the AT command, it should return "There are no entries in the > list". > > John Glad to see you again, John. I'll act on your latest suggestions, but first how would you suggest I take Lexmark and Webcam out of the picture?I'd prefer not to uninstall them..... And I'll run the AT command, but I don't recognize it. I'll do as you say as soon as I hear from you, but first, this morning's test: What I have: disabled Viewpoint Mgr and WIA, my phone line was unplugged, Error Reporting and Event Log set to Automatic, and then what I thought was Clean Boot, and ran for 3.5 hours.... during which *no* events of any kind were to be found in the events log. This threw me, but it's what I saw. Now I will have lunch, followed by what you ask (including clarification of 'AT' please).
From: John John - MVP on 30 Mar 2010 12:08 William B. Lurie wrote: > John John - MVP wrote: >> William B. Lurie wrote: >>> William B. Lurie wrote: >>>> Unknown wrote: >>>>> Since you have Viewpoint Manager Service started in services, have >>>>> you opened it and disabled auto update? >>>>> Could be this service is looking for updates for viewpoint products >>>>> and thusly not allowing hibernation. >>>> >>>> (snip) >>>> Well, I didn't consciously install it, have never intentionally used >>>> it and don't know what it's for, I'll certainly disable it and see >>>> what >>>> that does for me, good or bad. Thanks. >>> >>> And now, John, some new evidence elicited from Clean Booth overnight >>> run on Clone system, with phone line disconnected: >>> >>> Note that the first of the questionable Events on System was a >>> newbie.... Application Layer Gateway Service started.....From >>> then on, it was every hour, another intrusion calol to WIA..... >>> Does that tell anything? >> >> I'm not so sure that your "Clean Boot" is all that clean... I suspect >> that Norton plays a role in the ALG request to the Service Control >> Manager. The WIA... I suspect your web cam or your Lexmark printer. >> From the clone after you boot do the Net Start and the Tasklist /svc >> commands and see what is running when you clean boot. >> >> Also run the AT command, it should return "There are no entries in the >> list". >> >> John > Glad to see you again, John. I'll act on your latest suggestions, but > first how would you suggest I take Lexmark and Webcam out of the > picture?I'd prefer not to uninstall them..... > And I'll run the AT command, but I don't recognize it. I'll do as you > say as soon as I hear from you, but first, this morning's test: > > What I have: disabled Viewpoint Mgr and WIA, my phone line was > unplugged, Error Reporting and Event Log set to Automatic, and > then what I thought was Clean Boot, and ran for 3.5 hours.... > during which *no* events of any kind were to be found in the > events log. This threw me, but it's what I saw. Now I will have lunch, > followed by what you ask (including clarification of 'AT' please). AT will simply let you see if you have any Scheduled Tasks. John
From: William B. Lurie on 30 Mar 2010 12:48 John John - MVP wrote: > William B. Lurie wrote: >> John John - MVP wrote: >>> William B. Lurie wrote: >>>> William B. Lurie wrote: >>>>> Unknown wrote: >>>>>> Since you have Viewpoint Manager Service started in services, have >>>>>> you opened it and disabled auto update? >>>>>> Could be this service is looking for updates for viewpoint >>>>>> products and thusly not allowing hibernation. >>>>> >>>>> (snip) >>>>> Well, I didn't consciously install it, have never intentionally used >>>>> it and don't know what it's for, I'll certainly disable it and see >>>>> what >>>>> that does for me, good or bad. Thanks. >>>> >>>> And now, John, some new evidence elicited from Clean Booth overnight >>>> run on Clone system, with phone line disconnected: >>>> >>>> Note that the first of the questionable Events on System was a >>>> newbie.... Application Layer Gateway Service started.....From >>>> then on, it was every hour, another intrusion calol to WIA..... >>>> Does that tell anything? >>> >>> I'm not so sure that your "Clean Boot" is all that clean... I >>> suspect that Norton plays a role in the ALG request to the Service >>> Control Manager. The WIA... I suspect your web cam or your Lexmark >>> printer. From the clone after you boot do the Net Start and the >>> Tasklist /svc commands and see what is running when you clean boot. >>> >>> Also run the AT command, it should return "There are no entries in >>> the list". >>> >>> John >> Glad to see you again, John. I'll act on your latest suggestions, but >> first how would you suggest I take Lexmark and Webcam out of the >> picture?I'd prefer not to uninstall them..... >> And I'll run the AT command, but I don't recognize it. I'll do as you >> say as soon as I hear from you, but first, this morning's test: >> >> What I have: disabled Viewpoint Mgr and WIA, my phone line was >> unplugged, Error Reporting and Event Log set to Automatic, and >> then what I thought was Clean Boot, and ran for 3.5 hours.... >> during which *no* events of any kind were to be found in the >> events log. This threw me, but it's what I saw. Now I will have lunch, >> followed by what you ask (including clarification of 'AT' please). > > AT will simply let you see if you have any Scheduled Tasks. > > John And I'd like to run it... but where, what's its syntax? I can look at Start>>Control Panal>>Scheduled Tasks to make sure it is empty.... I'll start the 3-hour run now, assuming I find it empty. First I'll Clean Boot, then net start and tasklist, make sure there are no scheduled tasks......
From: William B. Lurie on 30 Mar 2010 22:27 William B. Lurie wrote: > John John - MVP wrote: >> William B. Lurie wrote: >>> John John - MVP wrote: >>>> William B. Lurie wrote: >>>>> William B. Lurie wrote: >>>>>> Unknown wrote: >>>>>>> Since you have Viewpoint Manager Service started in services, >>>>>>> have you opened it and disabled auto update? >>>>>>> Could be this service is looking for updates for viewpoint >>>>>>> products and thusly not allowing hibernation. >>>>>> >>>>>> (snip) >>>>>> Well, I didn't consciously install it, have never intentionally used >>>>>> it and don't know what it's for, I'll certainly disable it and see >>>>>> what >>>>>> that does for me, good or bad. Thanks. >>>>> >>>>> And now, John, some new evidence elicited from Clean Booth overnight >>>>> run on Clone system, with phone line disconnected: >>>>> >>>>> Note that the first of the questionable Events on System was a >>>>> newbie.... Application Layer Gateway Service started.....From >>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>> Does that tell anything? >>>> >>>> I'm not so sure that your "Clean Boot" is all that clean... I >>>> suspect that Norton plays a role in the ALG request to the Service >>>> Control Manager. The WIA... I suspect your web cam or your Lexmark >>>> printer. From the clone after you boot do the Net Start and the >>>> Tasklist /svc commands and see what is running when you clean boot. >>>> >>>> Also run the AT command, it should return "There are no entries in >>>> the list". >>>> >>>> John >>> Glad to see you again, John. I'll act on your latest suggestions, but >>> first how would you suggest I take Lexmark and Webcam out of the >>> picture?I'd prefer not to uninstall them..... >>> And I'll run the AT command, but I don't recognize it. I'll do as >>> you say as soon as I hear from you, but first, this morning's test: >>> >>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>> unplugged, Error Reporting and Event Log set to Automatic, and >>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>> during which *no* events of any kind were to be found in the >>> events log. This threw me, but it's what I saw. Now I will have lunch, >>> followed by what you ask (including clarification of 'AT' please). >> >> AT will simply let you see if you have any Scheduled Tasks. >> >> John > > And I'd like to run it... but where, what's its syntax? I can > look at Start>>Control Panal>>Scheduled Tasks to make sure it > is empty.... I'll start the 3-hour run now, assuming I find > it empty. First I'll Clean Boot, then net start and tasklist, > make sure there are no scheduled tasks...... Okay, John, but the plot has thickened. First, there are no scheduled tasks. I looked. I don't allow them, ever. I'm an I-want-control man. Now I made a long run on Clone with, I think, everything you and I were trying to do, and maybe I disabled something that I shouldn't have. Please look at the following files (you'll know what they are) and I think the main thing they show is that I disabled some automatic time check for the first time. I'm not sure where. But I glean nothing more from these. And the one Event Log that you see, is the only one of those logs with anything pertinent there. I'll paste in the files here. > Type Date Time Source Category Event User Computer > Error 3/30/2010 9:49:49 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 9:49:49 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 9:04:44 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 9:04:44 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 8:49:44 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 8:49:44 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 8:03:26 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 8:03:26 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 7:48:26 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 7:48:26 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 7:01:58 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 7:01:58 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 6:46:58 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 6:46:58 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 6:00:39 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 6:00:39 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 5:45:39 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 5:45:39 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 4:59:21 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 4:59:21 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 4:44:21 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 4:44:21 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 3:58:03 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 3:58:03 PM W32Time None 17 N/A COMPAQ-2006 > Error 3/30/2010 3:43:04 PM W32Time None 29 N/A COMPAQ-2006 > Error 3/30/2010 3:43:04 PM W32Time None 17 N/A COMPAQ-2006 Event Type: Error Event Source: W32Time Event Category: None Event ID: 29 Date: 3/30/2010 Time: 9:49:49 PM User: N/A Computer: COMPAQ-2006 Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ese Windows services are started: Automatic Updates COM+ Event System Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client DNS Client Error Reporting Service Event Log Fast User Switching Compatibility Help and Support IPSEC Services Network Connections Network Location Awareness (NLA) Plug and Play Print Spooler Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Secondary Logon Security Accounts Manager Server Shell Hardware Detection SSDP Discovery Service System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services Themes WebClient Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Management Instrumentation Windows Time Wireless Zero Configuration Workstation The command completed successfully. Image Name PID Services ========================= ====== ============================================= System Idle Process 0 N/A System 4 N/A smss.exe 1200 N/A csrss.exe 1284 N/A winlogon.exe 1316 N/A services.exe 1360 Eventlog, PlugPlay lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs svchost.exe 1532 DcomLaunch, TermService svchost.exe 1632 RpcSs svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wuauserv, WZCSVC svchost.exe 1932 Dnscache svchost.exe 244 LmHosts, SSDPSRV spoolsv.exe 556 Spooler explorer.exe 788 N/A svchost.exe 880 WebClient EditPadLite.exe 912 N/A cmd.exe 392 N/A tasklist.exe 1664 N/A wmiprvse.exe 424 N/A It's getting kind of lengthy, but I know you want to see it. Did I do something wrong? What should I restore?
From: Unknown on 31 Mar 2010 10:23
William; What firewall are you using? If not the Windows firewall you may not be able to synchronize your time. Check in control panel 'Date and Time' and use 'tick.usno.navy.mil' as the time server. By default the time is synced once a week. But with another firewall-----????????? When this is finally solved I'll bet it turns out to be Norton Anti Virus.. "William B. Lurie" <billurie(a)nospam.net> wrote in message news:%23wJmnmH0KHA.3676(a)TK2MSFTNGP05.phx.gbl... > William B. Lurie wrote: >> John John - MVP wrote: >>> William B. Lurie wrote: >>>> John John - MVP wrote: >>>>> William B. Lurie wrote: >>>>>> William B. Lurie wrote: >>>>>>> Unknown wrote: >>>>>>>> Since you have Viewpoint Manager Service started in services, have >>>>>>>> you opened it and disabled auto update? >>>>>>>> Could be this service is looking for updates for viewpoint products >>>>>>>> and thusly not allowing hibernation. >>>>>>> >>>>>>> (snip) >>>>>>> Well, I didn't consciously install it, have never intentionally used >>>>>>> it and don't know what it's for, I'll certainly disable it and see >>>>>>> what >>>>>>> that does for me, good or bad. Thanks. >>>>>> >>>>>> And now, John, some new evidence elicited from Clean Booth overnight >>>>>> run on Clone system, with phone line disconnected: >>>>>> >>>>>> Note that the first of the questionable Events on System was a >>>>>> newbie.... Application Layer Gateway Service started.....From >>>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>>> Does that tell anything? >>>>> >>>>> I'm not so sure that your "Clean Boot" is all that clean... I suspect >>>>> that Norton plays a role in the ALG request to the Service Control >>>>> Manager. The WIA... I suspect your web cam or your Lexmark printer. >>>>> From the clone after you boot do the Net Start and the Tasklist /svc >>>>> commands and see what is running when you clean boot. >>>>> >>>>> Also run the AT command, it should return "There are no entries in the >>>>> list". >>>>> >>>>> John >>>> Glad to see you again, John. I'll act on your latest suggestions, but >>>> first how would you suggest I take Lexmark and Webcam out of the >>>> picture?I'd prefer not to uninstall them..... >>>> And I'll run the AT command, but I don't recognize it. I'll do as you >>>> say as soon as I hear from you, but first, this morning's test: >>>> >>>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>>> unplugged, Error Reporting and Event Log set to Automatic, and >>>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>>> during which *no* events of any kind were to be found in the >>>> events log. This threw me, but it's what I saw. Now I will have lunch, >>>> followed by what you ask (including clarification of 'AT' please). >>> >>> AT will simply let you see if you have any Scheduled Tasks. >>> >>> John >> >> And I'd like to run it... but where, what's its syntax? I can >> look at Start>>Control Panal>>Scheduled Tasks to make sure it >> is empty.... I'll start the 3-hour run now, assuming I find >> it empty. First I'll Clean Boot, then net start and tasklist, >> make sure there are no scheduled tasks...... > > Okay, John, but the plot has thickened. First, there are no > scheduled tasks. I looked. I don't allow them, ever. I'm > an I-want-control man. > > Now I made a long run on Clone with, I think, everything you > and I were trying to do, and maybe I disabled something that I > shouldn't have. Please look at the following files (you'll know what > they are) and I think the main thing they show is that I disabled > some automatic time check for the first time. I'm not sure where. > But I glean nothing more from these. And the one Event Log that > you see, is the only one of those logs with anything pertinent there. > > I'll paste in the files here. > >> Type Date Time Source Category Event User Computer >> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A COMPAQ-2006 >> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A COMPAQ-2006 >> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A COMPAQ-2006 > > Event Type: Error > Event Source: W32Time > Event Category: None > Event ID: 29 > Date: 3/30/2010 > Time: 9:49:49 PM > User: N/A > Computer: COMPAQ-2006 > Description: > The time provider NtpClient is configured to acquire time from one or more > time sources, however none of the sources are currently accessible. No > attempt to contact a source will be made for 14 minutes. NtpClient has no > source of accurate time. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > ese Windows services are started: > > Automatic Updates > COM+ Event System > Cryptographic Services > DCOM Server Process Launcher > DHCP Client > Distributed Link Tracking Client > DNS Client > Error Reporting Service > Event Log > Fast User Switching Compatibility > Help and Support > IPSEC Services > Network Connections > Network Location Awareness (NLA) > Plug and Play > Print Spooler > Protected Storage > Remote Access Connection Manager > Remote Procedure Call (RPC) > Secondary Logon > Security Accounts Manager > Server > Shell Hardware Detection > SSDP Discovery Service > System Event Notification > Task Scheduler > TCP/IP NetBIOS Helper > Telephony > Terminal Services > Themes > WebClient > Windows Audio > Windows Firewall/Internet Connection Sharing (ICS) > Windows Management Instrumentation > Windows Time > Wireless Zero Configuration > Workstation > > The command completed successfully. > > > Image Name PID Services > ========================= ====== > ============================================= > System Idle Process 0 N/A > System 4 N/A > smss.exe 1200 N/A > csrss.exe 1284 N/A > winlogon.exe 1316 N/A > services.exe 1360 Eventlog, PlugPlay > lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs > svchost.exe 1532 DcomLaunch, TermService > svchost.exe 1632 RpcSs > svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, > EventSystem, > FastUserSwitchingCompatibility, > helpsvc, lanmanserver, lanmanworkstation, > Netman, Nla, RasMan, Schedule, seclogon, > SENS, SharedAccess, ShellHWDetection, > TapiSrv, Themes, TrkWks, W32Time, > winmgmt, > wuauserv, WZCSVC > svchost.exe 1932 Dnscache > svchost.exe 244 LmHosts, SSDPSRV > spoolsv.exe 556 Spooler > explorer.exe 788 N/A > svchost.exe 880 WebClient > EditPadLite.exe 912 N/A > cmd.exe 392 N/A > tasklist.exe 1664 N/A > wmiprvse.exe 424 N/A > > It's getting kind of lengthy, but I know you want to see it. > Did I do something wrong? What should I restore? |