WIA and hibernation again
in [Windows XP Basics]
|
Prev: Pressing Change Password -button in WIN XP causes reboot
Next: Microsoft caught pirating somebody's patent again!!!
From: John John - MVP on 31 Mar 2010 10:38 William B. Lurie wrote: > William B. Lurie wrote: >> John John - MVP wrote: >>> William B. Lurie wrote: >>>> John John - MVP wrote: >>>>> William B. Lurie wrote: >>>>>> William B. Lurie wrote: >>>>>>> Unknown wrote: >>>>>>>> Since you have Viewpoint Manager Service started in services, >>>>>>>> have you opened it and disabled auto update? >>>>>>>> Could be this service is looking for updates for viewpoint >>>>>>>> products and thusly not allowing hibernation. >>>>>>> >>>>>>> (snip) >>>>>>> Well, I didn't consciously install it, have never intentionally used >>>>>>> it and don't know what it's for, I'll certainly disable it and see >>>>>>> what >>>>>>> that does for me, good or bad. Thanks. >>>>>> >>>>>> And now, John, some new evidence elicited from Clean Booth overnight >>>>>> run on Clone system, with phone line disconnected: >>>>>> >>>>>> Note that the first of the questionable Events on System was a >>>>>> newbie.... Application Layer Gateway Service started.....From >>>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>>> Does that tell anything? >>>>> >>>>> I'm not so sure that your "Clean Boot" is all that clean... I >>>>> suspect that Norton plays a role in the ALG request to the Service >>>>> Control Manager. The WIA... I suspect your web cam or your Lexmark >>>>> printer. From the clone after you boot do the Net Start and the >>>>> Tasklist /svc commands and see what is running when you clean boot. >>>>> >>>>> Also run the AT command, it should return "There are no entries in >>>>> the list". >>>>> >>>>> John >>>> Glad to see you again, John. I'll act on your latest suggestions, but >>>> first how would you suggest I take Lexmark and Webcam out of the >>>> picture?I'd prefer not to uninstall them..... >>>> And I'll run the AT command, but I don't recognize it. I'll do as >>>> you say as soon as I hear from you, but first, this morning's test: >>>> >>>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>>> unplugged, Error Reporting and Event Log set to Automatic, and >>>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>>> during which *no* events of any kind were to be found in the >>>> events log. This threw me, but it's what I saw. Now I will have lunch, >>>> followed by what you ask (including clarification of 'AT' please). >>> >>> AT will simply let you see if you have any Scheduled Tasks. >>> >>> John >> >> And I'd like to run it... but where, what's its syntax? I can >> look at Start>>Control Panal>>Scheduled Tasks to make sure it >> is empty.... I'll start the 3-hour run now, assuming I find >> it empty. First I'll Clean Boot, then net start and tasklist, >> make sure there are no scheduled tasks...... > > Okay, John, but the plot has thickened. First, there are no > scheduled tasks. I looked. I don't allow them, ever. I'm > an I-want-control man. > > Now I made a long run on Clone with, I think, everything you > and I were trying to do, and maybe I disabled something that I > shouldn't have. Please look at the following files (you'll know what > they are) and I think the main thing they show is that I disabled > some automatic time check for the first time. I'm not sure where. > But I glean nothing more from these. And the one Event Log that > you see, is the only one of those logs with anything pertinent there. > > I'll paste in the files here. > >> Type Date Time Source Category Event User Computer >> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A >> COMPAQ-2006 >> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A >> COMPAQ-2006 >> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A >> COMPAQ-2006 > > Event Type: Error > Event Source: W32Time > Event Category: None > Event ID: 29 > Date: 3/30/2010 > Time: 9:49:49 PM > User: N/A > Computer: COMPAQ-2006 > Description: > The time provider NtpClient is configured to acquire time from one or > more time sources, however none of the sources are currently accessible. > No attempt to contact a source will be made for 14 minutes. NtpClient > has no source of accurate time. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > ese Windows services are started: > > Automatic Updates > COM+ Event System > Cryptographic Services > DCOM Server Process Launcher > DHCP Client > Distributed Link Tracking Client > DNS Client > Error Reporting Service > Event Log > Fast User Switching Compatibility > Help and Support > IPSEC Services > Network Connections > Network Location Awareness (NLA) > Plug and Play > Print Spooler > Protected Storage > Remote Access Connection Manager > Remote Procedure Call (RPC) > Secondary Logon > Security Accounts Manager > Server > Shell Hardware Detection > SSDP Discovery Service > System Event Notification > Task Scheduler > TCP/IP NetBIOS Helper > Telephony > Terminal Services > Themes > WebClient > Windows Audio > Windows Firewall/Internet Connection Sharing (ICS) > Windows Management Instrumentation > Windows Time > Wireless Zero Configuration > Workstation > > The command completed successfully. > > > Image Name PID Services > ========================= ====== > ============================================= > System Idle Process 0 N/A > System 4 N/A > smss.exe 1200 N/A > csrss.exe 1284 N/A > winlogon.exe 1316 N/A > services.exe 1360 Eventlog, PlugPlay > lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs > svchost.exe 1532 DcomLaunch, TermService > svchost.exe 1632 RpcSs > svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, > EventSystem, > FastUserSwitchingCompatibility, > helpsvc, lanmanserver, lanmanworkstation, > Netman, Nla, RasMan, Schedule, seclogon, > SENS, SharedAccess, ShellHWDetection, > TapiSrv, Themes, TrkWks, W32Time, winmgmt, > wuauserv, WZCSVC > svchost.exe 1932 Dnscache > svchost.exe 244 LmHosts, SSDPSRV > spoolsv.exe 556 Spooler > explorer.exe 788 N/A > svchost.exe 880 WebClient > EditPadLite.exe 912 N/A > cmd.exe 392 N/A > tasklist.exe 1664 N/A > wmiprvse.exe 424 N/A > > It's getting kind of lengthy, but I know you want to see it. > Did I do something wrong? What should I restore? This is your 'clone' test installation, right? 1- Disable the Windows Time service. 2- Disable the SSDP Discovery Service You disable these services in the Services Management Console (enter services.msc in the Start Menu Run box) John
From: William B. Lurie on 31 Mar 2010 11:23 Unknown wrote: > William; What firewall are you using? If not the Windows firewall you may > not be able to synchronize your time. Sorry, unk.....Windows Firewall id rgw *only* firewall I have on. > Check in control panel 'Date and Time' and use 'tick.usno.navy.mil' as the > time server. > By default the time is synced once a week. But with another > firewall-----????????? > When this is finally solved I'll bet it turns out to be Norton Anti Virus.. Hardly, unK.....I've been doing all my testing (lately) in Clean Boot, on my Clone system, with NAV turned off. > "William B. Lurie" <billurie(a)nospam.net> wrote in message > news:%23wJmnmH0KHA.3676(a)TK2MSFTNGP05.phx.gbl... >> William B. Lurie wrote: >>> John John - MVP wrote: >>>> William B. Lurie wrote: >>>>> John John - MVP wrote: >>>>>> William B. Lurie wrote: >>>>>>> William B. Lurie wrote: >>>>>>>> Unknown wrote: >>>>>>>>> Since you have Viewpoint Manager Service started in services, have >>>>>>>>> you opened it and disabled auto update? >>>>>>>>> Could be this service is looking for updates for viewpoint products >>>>>>>>> and thusly not allowing hibernation. >>>>>>>> (snip) >>>>>>>> Well, I didn't consciously install it, have never intentionally used >>>>>>>> it and don't know what it's for, I'll certainly disable it and see >>>>>>>> what >>>>>>>> that does for me, good or bad. Thanks. >>>>>>> And now, John, some new evidence elicited from Clean Booth overnight >>>>>>> run on Clone system, with phone line disconnected: >>>>>>> >>>>>>> Note that the first of the questionable Events on System was a >>>>>>> newbie.... Application Layer Gateway Service started.....From >>>>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>>>> Does that tell anything? >>>>>> I'm not so sure that your "Clean Boot" is all that clean... I suspect >>>>>> that Norton plays a role in the ALG request to the Service Control >>>>>> Manager. The WIA... I suspect your web cam or your Lexmark printer. >>>>>> From the clone after you boot do the Net Start and the Tasklist /svc >>>>>> commands and see what is running when you clean boot. >>>>>> >>>>>> Also run the AT command, it should return "There are no entries in the >>>>>> list". >>>>>> >>>>>> John >>>>> Glad to see you again, John. I'll act on your latest suggestions, but >>>>> first how would you suggest I take Lexmark and Webcam out of the >>>>> picture?I'd prefer not to uninstall them..... >>>>> And I'll run the AT command, but I don't recognize it. I'll do as you >>>>> say as soon as I hear from you, but first, this morning's test: >>>>> >>>>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>>>> unplugged, Error Reporting and Event Log set to Automatic, and >>>>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>>>> during which *no* events of any kind were to be found in the >>>>> events log. This threw me, but it's what I saw. Now I will have lunch, >>>>> followed by what you ask (including clarification of 'AT' please). >>>> AT will simply let you see if you have any Scheduled Tasks. >>>> >>>> John >>> And I'd like to run it... but where, what's its syntax? I can >>> look at Start>>Control Panal>>Scheduled Tasks to make sure it >>> is empty.... I'll start the 3-hour run now, assuming I find >>> it empty. First I'll Clean Boot, then net start and tasklist, >>> make sure there are no scheduled tasks...... >> Okay, John, but the plot has thickened. First, there are no >> scheduled tasks. I looked. I don't allow them, ever. I'm >> an I-want-control man. >> >> Now I made a long run on Clone with, I think, everything you >> and I were trying to do, and maybe I disabled something that I >> shouldn't have. Please look at the following files (you'll know what >> they are) and I think the main thing they show is that I disabled >> some automatic time check for the first time. I'm not sure where. >> But I glean nothing more from these. And the one Event Log that >> you see, is the only one of those logs with anything pertinent there. >> >> I'll paste in the files here. >> >>> Type Date Time Source Category Event User Computer >>> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A COMPAQ-2006 >>> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A COMPAQ-2006 >>> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A COMPAQ-2006 >> Event Type: Error >> Event Source: W32Time >> Event Category: None >> Event ID: 29 >> Date: 3/30/2010 >> Time: 9:49:49 PM >> User: N/A >> Computer: COMPAQ-2006 >> Description: >> The time provider NtpClient is configured to acquire time from one or more >> time sources, however none of the sources are currently accessible. No >> attempt to contact a source will be made for 14 minutes. NtpClient has no >> source of accurate time. >> >> For more information, see Help and Support Center at >> http://go.microsoft.com/fwlink/events.asp. >> >> >> ese Windows services are started: >> >> Automatic Updates >> COM+ Event System >> Cryptographic Services >> DCOM Server Process Launcher >> DHCP Client >> Distributed Link Tracking Client >> DNS Client >> Error Reporting Service >> Event Log >> Fast User Switching Compatibility >> Help and Support >> IPSEC Services >> Network Connections >> Network Location Awareness (NLA) >> Plug and Play >> Print Spooler >> Protected Storage >> Remote Access Connection Manager >> Remote Procedure Call (RPC) >> Secondary Logon >> Security Accounts Manager >> Server >> Shell Hardware Detection >> SSDP Discovery Service >> System Event Notification >> Task Scheduler >> TCP/IP NetBIOS Helper >> Telephony >> Terminal Services >> Themes >> WebClient >> Windows Audio >> Windows Firewall/Internet Connection Sharing (ICS) >> Windows Management Instrumentation >> Windows Time >> Wireless Zero Configuration >> Workstation >> >> The command completed successfully. >> >> >> Image Name PID Services >> ========================= ====== >> ============================================= >> System Idle Process 0 N/A >> System 4 N/A >> smss.exe 1200 N/A >> csrss.exe 1284 N/A >> winlogon.exe 1316 N/A >> services.exe 1360 Eventlog, PlugPlay >> lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs >> svchost.exe 1532 DcomLaunch, TermService >> svchost.exe 1632 RpcSs >> svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, >> EventSystem, >> FastUserSwitchingCompatibility, >> helpsvc, lanmanserver, lanmanworkstation, >> Netman, Nla, RasMan, Schedule, seclogon, >> SENS, SharedAccess, ShellHWDetection, >> TapiSrv, Themes, TrkWks, W32Time, >> winmgmt, >> wuauserv, WZCSVC >> svchost.exe 1932 Dnscache >> svchost.exe 244 LmHosts, SSDPSRV >> spoolsv.exe 556 Spooler >> explorer.exe 788 N/A >> svchost.exe 880 WebClient >> EditPadLite.exe 912 N/A >> cmd.exe 392 N/A >> tasklist.exe 1664 N/A >> wmiprvse.exe 424 N/A >> >> It's getting kind of lengthy, but I know you want to see it. >> Did I do something wrong? What should I restore? > >
From: William B. Lurie on 31 Mar 2010 11:27 John John - MVP wrote: > William B. Lurie wrote: >> William B. Lurie wrote: >>> John John - MVP wrote: >>>> William B. Lurie wrote: >>>>> John John - MVP wrote: >>>>>> William B. Lurie wrote: >>>>>>> William B. Lurie wrote: >>>>>>>> Unknown wrote: >>>>>>>>> Since you have Viewpoint Manager Service started in services, >>>>>>>>> have you opened it and disabled auto update? >>>>>>>>> Could be this service is looking for updates for viewpoint >>>>>>>>> products and thusly not allowing hibernation. >>>>>>>> >>>>>>>> (snip) >>>>>>>> Well, I didn't consciously install it, have never intentionally >>>>>>>> used >>>>>>>> it and don't know what it's for, I'll certainly disable it and see >>>>>>>> what >>>>>>>> that does for me, good or bad. Thanks. >>>>>>> >>>>>>> And now, John, some new evidence elicited from Clean Booth overnight >>>>>>> run on Clone system, with phone line disconnected: >>>>>>> >>>>>>> Note that the first of the questionable Events on System was a >>>>>>> newbie.... Application Layer Gateway Service started.....From >>>>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>>>> Does that tell anything? >>>>>> >>>>>> I'm not so sure that your "Clean Boot" is all that clean... I >>>>>> suspect that Norton plays a role in the ALG request to the Service >>>>>> Control Manager. The WIA... I suspect your web cam or your >>>>>> Lexmark printer. From the clone after you boot do the Net Start >>>>>> and the Tasklist /svc commands and see what is running when you >>>>>> clean boot. >>>>>> >>>>>> Also run the AT command, it should return "There are no entries in >>>>>> the list". >>>>>> >>>>>> John >>>>> Glad to see you again, John. I'll act on your latest suggestions, but >>>>> first how would you suggest I take Lexmark and Webcam out of the >>>>> picture?I'd prefer not to uninstall them..... >>>>> And I'll run the AT command, but I don't recognize it. I'll do as >>>>> you say as soon as I hear from you, but first, this morning's test: >>>>> >>>>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>>>> unplugged, Error Reporting and Event Log set to Automatic, and >>>>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>>>> during which *no* events of any kind were to be found in the >>>>> events log. This threw me, but it's what I saw. Now I will have lunch, >>>>> followed by what you ask (including clarification of 'AT' please). >>>> >>>> AT will simply let you see if you have any Scheduled Tasks. >>>> >>>> John >>> >>> And I'd like to run it... but where, what's its syntax? I can >>> look at Start>>Control Panal>>Scheduled Tasks to make sure it >>> is empty.... I'll start the 3-hour run now, assuming I find >>> it empty. First I'll Clean Boot, then net start and tasklist, >>> make sure there are no scheduled tasks...... >> >> Okay, John, but the plot has thickened. First, there are no >> scheduled tasks. I looked. I don't allow them, ever. I'm >> an I-want-control man. >> >> Now I made a long run on Clone with, I think, everything you >> and I were trying to do, and maybe I disabled something that I >> shouldn't have. Please look at the following files (you'll know what >> they are) and I think the main thing they show is that I disabled >> some automatic time check for the first time. I'm not sure where. >> But I glean nothing more from these. And the one Event Log that >> you see, is the only one of those logs with anything pertinent there. >> >> I'll paste in the files here. >> >>> Type Date Time Source Category Event User Computer >>> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A >>> COMPAQ-2006 >>> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A >>> COMPAQ-2006 >> >> Event Type: Error >> Event Source: W32Time >> Event Category: None >> Event ID: 29 >> Date: 3/30/2010 >> Time: 9:49:49 PM >> User: N/A >> Computer: COMPAQ-2006 >> Description: >> The time provider NtpClient is configured to acquire time from one or >> more time sources, however none of the sources are currently >> accessible. No attempt to contact a source will be made for 14 >> minutes. NtpClient has no source of accurate time. >> >> For more information, see Help and Support Center at >> http://go.microsoft.com/fwlink/events.asp. >> >> >> ese Windows services are started: >> >> Automatic Updates >> COM+ Event System >> Cryptographic Services >> DCOM Server Process Launcher >> DHCP Client >> Distributed Link Tracking Client >> DNS Client >> Error Reporting Service >> Event Log >> Fast User Switching Compatibility >> Help and Support >> IPSEC Services >> Network Connections >> Network Location Awareness (NLA) >> Plug and Play >> Print Spooler >> Protected Storage >> Remote Access Connection Manager >> Remote Procedure Call (RPC) >> Secondary Logon >> Security Accounts Manager >> Server >> Shell Hardware Detection >> SSDP Discovery Service >> System Event Notification >> Task Scheduler >> TCP/IP NetBIOS Helper >> Telephony >> Terminal Services >> Themes >> WebClient >> Windows Audio >> Windows Firewall/Internet Connection Sharing (ICS) >> Windows Management Instrumentation >> Windows Time >> Wireless Zero Configuration >> Workstation >> >> The command completed successfully. >> >> >> Image Name PID Services >> ========================= ====== >> ============================================= >> System Idle Process 0 N/A >> System 4 N/A >> smss.exe 1200 N/A >> csrss.exe 1284 N/A >> winlogon.exe 1316 N/A >> services.exe 1360 Eventlog, PlugPlay >> lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs >> svchost.exe 1532 DcomLaunch, TermService >> svchost.exe 1632 RpcSs >> svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, >> EventSystem, >> FastUserSwitchingCompatibility, >> helpsvc, lanmanserver, >> lanmanworkstation, >> Netman, Nla, RasMan, Schedule, seclogon, >> SENS, SharedAccess, ShellHWDetection, >> TapiSrv, Themes, TrkWks, W32Time, >> winmgmt, >> wuauserv, WZCSVC >> svchost.exe 1932 Dnscache >> svchost.exe 244 LmHosts, SSDPSRV >> spoolsv.exe 556 Spooler >> explorer.exe 788 N/A >> svchost.exe 880 WebClient >> EditPadLite.exe 912 N/A >> cmd.exe 392 N/A >> tasklist.exe 1664 N/A >> wmiprvse.exe 424 N/A >> >> It's getting kind of lengthy, but I know you want to see it. >> Did I do something wrong? What should I restore? > > > This is your 'clone' test installation, right? > > 1- Disable the Windows Time service. > 2- Disable the SSDP Discovery Service > > You disable these services in the Services Management Console (enter > services.msc in the Start Menu Run box) > > John Can do, John.No other comments? What about the Error in Events Log about some drivers failing to load, or is that totally unrelated?
From: John John - MVP on 31 Mar 2010 11:39 William B. Lurie wrote: > John John - MVP wrote: >> William B. Lurie wrote: >>> William B. Lurie wrote: >>>> John John - MVP wrote: >>>>> William B. Lurie wrote: >>>>>> John John - MVP wrote: >>>>>>> William B. Lurie wrote: >>>>>>>> William B. Lurie wrote: >>>>>>>>> Unknown wrote: >>>>>>>>>> Since you have Viewpoint Manager Service started in services, >>>>>>>>>> have you opened it and disabled auto update? >>>>>>>>>> Could be this service is looking for updates for viewpoint >>>>>>>>>> products and thusly not allowing hibernation. >>>>>>>>> >>>>>>>>> (snip) >>>>>>>>> Well, I didn't consciously install it, have never intentionally >>>>>>>>> used >>>>>>>>> it and don't know what it's for, I'll certainly disable it and see >>>>>>>>> what >>>>>>>>> that does for me, good or bad. Thanks. >>>>>>>> >>>>>>>> And now, John, some new evidence elicited from Clean Booth >>>>>>>> overnight >>>>>>>> run on Clone system, with phone line disconnected: >>>>>>>> >>>>>>>> Note that the first of the questionable Events on System was a >>>>>>>> newbie.... Application Layer Gateway Service started.....From >>>>>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>>>>> Does that tell anything? >>>>>>> >>>>>>> I'm not so sure that your "Clean Boot" is all that clean... I >>>>>>> suspect that Norton plays a role in the ALG request to the >>>>>>> Service Control Manager. The WIA... I suspect your web cam or >>>>>>> your Lexmark printer. From the clone after you boot do the Net >>>>>>> Start and the Tasklist /svc commands and see what is running when >>>>>>> you clean boot. >>>>>>> >>>>>>> Also run the AT command, it should return "There are no entries >>>>>>> in the list". >>>>>>> >>>>>>> John >>>>>> Glad to see you again, John. I'll act on your latest suggestions, but >>>>>> first how would you suggest I take Lexmark and Webcam out of the >>>>>> picture?I'd prefer not to uninstall them..... >>>>>> And I'll run the AT command, but I don't recognize it. I'll do as >>>>>> you say as soon as I hear from you, but first, this morning's test: >>>>>> >>>>>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>>>>> unplugged, Error Reporting and Event Log set to Automatic, and >>>>>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>>>>> during which *no* events of any kind were to be found in the >>>>>> events log. This threw me, but it's what I saw. Now I will have >>>>>> lunch, >>>>>> followed by what you ask (including clarification of 'AT' please). >>>>> >>>>> AT will simply let you see if you have any Scheduled Tasks. >>>>> >>>>> John >>>> >>>> And I'd like to run it... but where, what's its syntax? I can >>>> look at Start>>Control Panal>>Scheduled Tasks to make sure it >>>> is empty.... I'll start the 3-hour run now, assuming I find >>>> it empty. First I'll Clean Boot, then net start and tasklist, >>>> make sure there are no scheduled tasks...... >>> >>> Okay, John, but the plot has thickened. First, there are no >>> scheduled tasks. I looked. I don't allow them, ever. I'm >>> an I-want-control man. >>> >>> Now I made a long run on Clone with, I think, everything you >>> and I were trying to do, and maybe I disabled something that I >>> shouldn't have. Please look at the following files (you'll know what >>> they are) and I think the main thing they show is that I disabled >>> some automatic time check for the first time. I'm not sure where. >>> But I glean nothing more from these. And the one Event Log that >>> you see, is the only one of those logs with anything pertinent there. >>> >>> I'll paste in the files here. >>> >>>> Type Date Time Source Category Event User Computer >>>> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>> >>> Event Type: Error >>> Event Source: W32Time >>> Event Category: None >>> Event ID: 29 >>> Date: 3/30/2010 >>> Time: 9:49:49 PM >>> User: N/A >>> Computer: COMPAQ-2006 >>> Description: >>> The time provider NtpClient is configured to acquire time from one or >>> more time sources, however none of the sources are currently >>> accessible. No attempt to contact a source will be made for 14 >>> minutes. NtpClient has no source of accurate time. >>> >>> For more information, see Help and Support Center at >>> http://go.microsoft.com/fwlink/events.asp. >>> >>> >>> ese Windows services are started: >>> >>> Automatic Updates >>> COM+ Event System >>> Cryptographic Services >>> DCOM Server Process Launcher >>> DHCP Client >>> Distributed Link Tracking Client >>> DNS Client >>> Error Reporting Service >>> Event Log >>> Fast User Switching Compatibility >>> Help and Support >>> IPSEC Services >>> Network Connections >>> Network Location Awareness (NLA) >>> Plug and Play >>> Print Spooler >>> Protected Storage >>> Remote Access Connection Manager >>> Remote Procedure Call (RPC) >>> Secondary Logon >>> Security Accounts Manager >>> Server >>> Shell Hardware Detection >>> SSDP Discovery Service >>> System Event Notification >>> Task Scheduler >>> TCP/IP NetBIOS Helper >>> Telephony >>> Terminal Services >>> Themes >>> WebClient >>> Windows Audio >>> Windows Firewall/Internet Connection Sharing (ICS) >>> Windows Management Instrumentation >>> Windows Time >>> Wireless Zero Configuration >>> Workstation >>> >>> The command completed successfully. >>> >>> >>> Image Name PID Services >>> ========================= ====== >>> ============================================= >>> System Idle Process 0 N/A >>> System 4 N/A >>> smss.exe 1200 N/A >>> csrss.exe 1284 N/A >>> winlogon.exe 1316 N/A >>> services.exe 1360 Eventlog, PlugPlay >>> lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs >>> svchost.exe 1532 DcomLaunch, TermService >>> svchost.exe 1632 RpcSs >>> svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, >>> EventSystem, >>> FastUserSwitchingCompatibility, >>> helpsvc, lanmanserver, >>> lanmanworkstation, >>> Netman, Nla, RasMan, Schedule, >>> seclogon, >>> SENS, SharedAccess, ShellHWDetection, >>> TapiSrv, Themes, TrkWks, W32Time, >>> winmgmt, >>> wuauserv, WZCSVC >>> svchost.exe 1932 Dnscache >>> svchost.exe 244 LmHosts, SSDPSRV >>> spoolsv.exe 556 Spooler >>> explorer.exe 788 N/A >>> svchost.exe 880 WebClient >>> EditPadLite.exe 912 N/A >>> cmd.exe 392 N/A >>> tasklist.exe 1664 N/A >>> wmiprvse.exe 424 N/A >>> >>> It's getting kind of lengthy, but I know you want to see it. >>> Did I do something wrong? What should I restore? >> >> >> This is your 'clone' test installation, right? >> >> 1- Disable the Windows Time service. >> 2- Disable the SSDP Discovery Service >> >> You disable these services in the Services Management Console (enter >> services.msc in the Start Menu Run box) >> >> John > > Can do, John.No other comments? What about the Error in Events Log > about some drivers failing to load, or is that totally unrelated? Which drivers failing to load? I haven't seen your post about this... No other comments now, just disable the services mentioned and see if the machine can enter the hibernation state after more than one hour idle. John
From: Antares 531 on 31 Mar 2010 12:14
WIA means West Indies Alligators??? Are you trying to get them to hibernate? |