WIA and hibernation again
in [Windows XP Basics]
|
Prev: Pressing Change Password -button in WIN XP causes reboot
Next: Microsoft caught pirating somebody's patent again!!!
From: Unknown on 31 Mar 2010 12:42 You're funnier than a rubber crutch. "Antares 531" <gordonlrDELETE(a)swbell.net> wrote in message news:q5t6r5ltbd022d8u7vv76vta08kl8rh4k5(a)4ax.com... > WIA means West Indies Alligators??? Are you trying to get them to > hibernate?
From: Unknown on 31 Mar 2010 13:39 Curiosity question. Did you at any time alter the time interval for when you sync your clock? Check your registry at: HKEY_LOCAL_MACHINE\System\currentcontrolset\services\w32Time\TimeProviders\NTPclient in right pane special poll interval is a hexidecimal count in seconds. For one week (XP default time) it is 0x00093a80 (604800) "William B. Lurie" <billurie(a)nospam.net> wrote in message news:OYzonaO0KHA.3380(a)TK2MSFTNGP05.phx.gbl... > John John - MVP wrote: >> William B. Lurie wrote: >>> William B. Lurie wrote: >>>> John John - MVP wrote: >>>>> William B. Lurie wrote: >>>>>> John John - MVP wrote: >>>>>>> William B. Lurie wrote: >>>>>>>> William B. Lurie wrote: >>>>>>>>> Unknown wrote: >>>>>>>>>> Since you have Viewpoint Manager Service started in services, >>>>>>>>>> have you opened it and disabled auto update? >>>>>>>>>> Could be this service is looking for updates for viewpoint >>>>>>>>>> products and thusly not allowing hibernation. >>>>>>>>> >>>>>>>>> (snip) >>>>>>>>> Well, I didn't consciously install it, have never intentionally >>>>>>>>> used >>>>>>>>> it and don't know what it's for, I'll certainly disable it and see >>>>>>>>> what >>>>>>>>> that does for me, good or bad. Thanks. >>>>>>>> >>>>>>>> And now, John, some new evidence elicited from Clean Booth >>>>>>>> overnight >>>>>>>> run on Clone system, with phone line disconnected: >>>>>>>> >>>>>>>> Note that the first of the questionable Events on System was a >>>>>>>> newbie.... Application Layer Gateway Service started.....From >>>>>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>>>>> Does that tell anything? >>>>>>> >>>>>>> I'm not so sure that your "Clean Boot" is all that clean... I >>>>>>> suspect that Norton plays a role in the ALG request to the Service >>>>>>> Control Manager. The WIA... I suspect your web cam or your Lexmark >>>>>>> printer. From the clone after you boot do the Net Start and the >>>>>>> Tasklist /svc commands and see what is running when you clean boot. >>>>>>> >>>>>>> Also run the AT command, it should return "There are no entries in >>>>>>> the list". >>>>>>> >>>>>>> John >>>>>> Glad to see you again, John. I'll act on your latest suggestions, but >>>>>> first how would you suggest I take Lexmark and Webcam out of the >>>>>> picture?I'd prefer not to uninstall them..... >>>>>> And I'll run the AT command, but I don't recognize it. I'll do as >>>>>> you say as soon as I hear from you, but first, this morning's test: >>>>>> >>>>>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>>>>> unplugged, Error Reporting and Event Log set to Automatic, and >>>>>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>>>>> during which *no* events of any kind were to be found in the >>>>>> events log. This threw me, but it's what I saw. Now I will have >>>>>> lunch, >>>>>> followed by what you ask (including clarification of 'AT' please). >>>>> >>>>> AT will simply let you see if you have any Scheduled Tasks. >>>>> >>>>> John >>>> >>>> And I'd like to run it... but where, what's its syntax? I can >>>> look at Start>>Control Panal>>Scheduled Tasks to make sure it >>>> is empty.... I'll start the 3-hour run now, assuming I find >>>> it empty. First I'll Clean Boot, then net start and tasklist, >>>> make sure there are no scheduled tasks...... >>> >>> Okay, John, but the plot has thickened. First, there are no >>> scheduled tasks. I looked. I don't allow them, ever. I'm >>> an I-want-control man. >>> >>> Now I made a long run on Clone with, I think, everything you >>> and I were trying to do, and maybe I disabled something that I >>> shouldn't have. Please look at the following files (you'll know what >>> they are) and I think the main thing they show is that I disabled >>> some automatic time check for the first time. I'm not sure where. >>> But I glean nothing more from these. And the one Event Log that >>> you see, is the only one of those logs with anything pertinent there. >>> >>> I'll paste in the files here. >>> >>>> Type Date Time Source Category Event User Computer >>>> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A >>>> COMPAQ-2006 >>>> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A >>>> COMPAQ-2006 >>> >>> Event Type: Error >>> Event Source: W32Time >>> Event Category: None >>> Event ID: 29 >>> Date: 3/30/2010 >>> Time: 9:49:49 PM >>> User: N/A >>> Computer: COMPAQ-2006 >>> Description: >>> The time provider NtpClient is configured to acquire time from one or >>> more time sources, however none of the sources are currently accessible. >>> No attempt to contact a source will be made for 14 minutes. NtpClient >>> has no source of accurate time. >>> >>> For more information, see Help and Support Center at >>> http://go.microsoft.com/fwlink/events.asp. >>> >>> >>> ese Windows services are started: >>> >>> Automatic Updates >>> COM+ Event System >>> Cryptographic Services >>> DCOM Server Process Launcher >>> DHCP Client >>> Distributed Link Tracking Client >>> DNS Client >>> Error Reporting Service >>> Event Log >>> Fast User Switching Compatibility >>> Help and Support >>> IPSEC Services >>> Network Connections >>> Network Location Awareness (NLA) >>> Plug and Play >>> Print Spooler >>> Protected Storage >>> Remote Access Connection Manager >>> Remote Procedure Call (RPC) >>> Secondary Logon >>> Security Accounts Manager >>> Server >>> Shell Hardware Detection >>> SSDP Discovery Service >>> System Event Notification >>> Task Scheduler >>> TCP/IP NetBIOS Helper >>> Telephony >>> Terminal Services >>> Themes >>> WebClient >>> Windows Audio >>> Windows Firewall/Internet Connection Sharing (ICS) >>> Windows Management Instrumentation >>> Windows Time >>> Wireless Zero Configuration >>> Workstation >>> >>> The command completed successfully. >>> >>> >>> Image Name PID Services >>> ========================= ====== >>> ============================================= >>> System Idle Process 0 N/A >>> System 4 N/A >>> smss.exe 1200 N/A >>> csrss.exe 1284 N/A >>> winlogon.exe 1316 N/A >>> services.exe 1360 Eventlog, PlugPlay >>> lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs >>> svchost.exe 1532 DcomLaunch, TermService >>> svchost.exe 1632 RpcSs >>> svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, >>> EventSystem, >>> FastUserSwitchingCompatibility, >>> helpsvc, lanmanserver, >>> lanmanworkstation, >>> Netman, Nla, RasMan, Schedule, >>> seclogon, >>> SENS, SharedAccess, ShellHWDetection, >>> TapiSrv, Themes, TrkWks, W32Time, >>> winmgmt, >>> wuauserv, WZCSVC >>> svchost.exe 1932 Dnscache >>> svchost.exe 244 LmHosts, SSDPSRV >>> spoolsv.exe 556 Spooler >>> explorer.exe 788 N/A >>> svchost.exe 880 WebClient >>> EditPadLite.exe 912 N/A >>> cmd.exe 392 N/A >>> tasklist.exe 1664 N/A >>> wmiprvse.exe 424 N/A >>> >>> It's getting kind of lengthy, but I know you want to see it. >>> Did I do something wrong? What should I restore? >> >> >> This is your 'clone' test installation, right? >> >> 1- Disable the Windows Time service. >> 2- Disable the SSDP Discovery Service >> >> You disable these services in the Services Management Console (enter >> services.msc in the Start Menu Run box) >> >> John > > Can do, John.No other comments? What about the Error in Events Log > about some drivers failing to load, or is that totally unrelated?
From: William B. Lurie on 31 Mar 2010 15:48 John John - MVP wrote: > William B. Lurie wrote: >> John John - MVP wrote: >>> William B. Lurie wrote: >>>> William B. Lurie wrote: >>>>> John John - MVP wrote: >>>>>> William B. Lurie wrote: >>>>>>> John John - MVP wrote: >>>>>>>> William B. Lurie wrote: >>>>>>>>> William B. Lurie wrote: >>>>>>>>>> Unknown wrote: >>>>>>>>>>> Since you have Viewpoint Manager Service started in services, >>>>>>>>>>> have you opened it and disabled auto update? >>>>>>>>>>> Could be this service is looking for updates for viewpoint >>>>>>>>>>> products and thusly not allowing hibernation. >>>>>>>>>> >>>>>>>>>> (snip) >>>>>>>>>> Well, I didn't consciously install it, have never >>>>>>>>>> intentionally used >>>>>>>>>> it and don't know what it's for, I'll certainly disable it and >>>>>>>>>> see >>>>>>>>>> what >>>>>>>>>> that does for me, good or bad. Thanks. >>>>>>>>> >>>>>>>>> And now, John, some new evidence elicited from Clean Booth >>>>>>>>> overnight >>>>>>>>> run on Clone system, with phone line disconnected: >>>>>>>>> >>>>>>>>> Note that the first of the questionable Events on System was a >>>>>>>>> newbie.... Application Layer Gateway Service started.....From >>>>>>>>> then on, it was every hour, another intrusion calol to WIA..... >>>>>>>>> Does that tell anything? >>>>>>>> >>>>>>>> I'm not so sure that your "Clean Boot" is all that clean... I >>>>>>>> suspect that Norton plays a role in the ALG request to the >>>>>>>> Service Control Manager. The WIA... I suspect your web cam or >>>>>>>> your Lexmark printer. From the clone after you boot do the Net >>>>>>>> Start and the Tasklist /svc commands and see what is running >>>>>>>> when you clean boot. >>>>>>>> >>>>>>>> Also run the AT command, it should return "There are no entries >>>>>>>> in the list". >>>>>>>> >>>>>>>> John >>>>>>> Glad to see you again, John. I'll act on your latest suggestions, >>>>>>> but >>>>>>> first how would you suggest I take Lexmark and Webcam out of the >>>>>>> picture?I'd prefer not to uninstall them..... >>>>>>> And I'll run the AT command, but I don't recognize it. I'll do >>>>>>> as you say as soon as I hear from you, but first, this morning's >>>>>>> test: >>>>>>> >>>>>>> What I have: disabled Viewpoint Mgr and WIA, my phone line was >>>>>>> unplugged, Error Reporting and Event Log set to Automatic, and >>>>>>> then what I thought was Clean Boot, and ran for 3.5 hours.... >>>>>>> during which *no* events of any kind were to be found in the >>>>>>> events log. This threw me, but it's what I saw. Now I will have >>>>>>> lunch, >>>>>>> followed by what you ask (including clarification of 'AT' please). >>>>>> >>>>>> AT will simply let you see if you have any Scheduled Tasks. >>>>>> >>>>>> John >>>>> >>>>> And I'd like to run it... but where, what's its syntax? I can >>>>> look at Start>>Control Panal>>Scheduled Tasks to make sure it >>>>> is empty.... I'll start the 3-hour run now, assuming I find >>>>> it empty. First I'll Clean Boot, then net start and tasklist, >>>>> make sure there are no scheduled tasks...... >>>> >>>> Okay, John, but the plot has thickened. First, there are no >>>> scheduled tasks. I looked. I don't allow them, ever. I'm >>>> an I-want-control man. >>>> >>>> Now I made a long run on Clone with, I think, everything you >>>> and I were trying to do, and maybe I disabled something that I >>>> shouldn't have. Please look at the following files (you'll know what >>>> they are) and I think the main thing they show is that I disabled >>>> some automatic time check for the first time. I'm not sure where. >>>> But I glean nothing more from these. And the one Event Log that >>>> you see, is the only one of those logs with anything pertinent there. >>>> >>>> I'll paste in the files here. >>>> >>>>> Type Date Time Source Category Event User >>>>> Computer >>>>> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A >>>>> COMPAQ-2006 >>>>> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A >>>>> COMPAQ-2006 >>>> >>>> Event Type: Error >>>> Event Source: W32Time >>>> Event Category: None >>>> Event ID: 29 >>>> Date: 3/30/2010 >>>> Time: 9:49:49 PM >>>> User: N/A >>>> Computer: COMPAQ-2006 >>>> Description: >>>> The time provider NtpClient is configured to acquire time from one >>>> or more time sources, however none of the sources are currently >>>> accessible. No attempt to contact a source will be made for 14 >>>> minutes. NtpClient has no source of accurate time. >>>> >>>> For more information, see Help and Support Center at >>>> http://go.microsoft.com/fwlink/events.asp. >>>> >>>> >>>> ese Windows services are started: >>>> >>>> Automatic Updates >>>> COM+ Event System >>>> Cryptographic Services >>>> DCOM Server Process Launcher >>>> DHCP Client >>>> Distributed Link Tracking Client >>>> DNS Client >>>> Error Reporting Service >>>> Event Log >>>> Fast User Switching Compatibility >>>> Help and Support >>>> IPSEC Services >>>> Network Connections >>>> Network Location Awareness (NLA) >>>> Plug and Play >>>> Print Spooler >>>> Protected Storage >>>> Remote Access Connection Manager >>>> Remote Procedure Call (RPC) >>>> Secondary Logon >>>> Security Accounts Manager >>>> Server >>>> Shell Hardware Detection >>>> SSDP Discovery Service >>>> System Event Notification >>>> Task Scheduler >>>> TCP/IP NetBIOS Helper >>>> Telephony >>>> Terminal Services >>>> Themes >>>> WebClient >>>> Windows Audio >>>> Windows Firewall/Internet Connection Sharing (ICS) >>>> Windows Management Instrumentation >>>> Windows Time >>>> Wireless Zero Configuration >>>> Workstation >>>> >>>> The command completed successfully. >>>> >>>> >>>> Image Name PID Services >>>> ========================= ====== >>>> ============================================= >>>> System Idle Process 0 N/A >>>> System 4 N/A >>>> smss.exe 1200 N/A >>>> csrss.exe 1284 N/A >>>> winlogon.exe 1316 N/A >>>> services.exe 1360 Eventlog, PlugPlay >>>> lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs >>>> svchost.exe 1532 DcomLaunch, TermService >>>> svchost.exe 1632 RpcSs >>>> svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc, >>>> EventSystem, >>>> FastUserSwitchingCompatibility, >>>> helpsvc, lanmanserver, >>>> lanmanworkstation, >>>> Netman, Nla, RasMan, Schedule, >>>> seclogon, >>>> SENS, SharedAccess, ShellHWDetection, >>>> TapiSrv, Themes, TrkWks, W32Time, >>>> winmgmt, >>>> wuauserv, WZCSVC >>>> svchost.exe 1932 Dnscache >>>> svchost.exe 244 LmHosts, SSDPSRV >>>> spoolsv.exe 556 Spooler >>>> explorer.exe 788 N/A >>>> svchost.exe 880 WebClient >>>> EditPadLite.exe 912 N/A >>>> cmd.exe 392 N/A >>>> tasklist.exe 1664 N/A >>>> wmiprvse.exe 424 N/A >>>> >>>> It's getting kind of lengthy, but I know you want to see it. >>>> Did I do something wrong? What should I restore? >>> >>> >>> This is your 'clone' test installation, right? >>> >>> 1- Disable the Windows Time service. >>> 2- Disable the SSDP Discovery Service >>> >>> You disable these services in the Services Management Console (enter >>> services.msc in the Start Menu Run box) >>> >>> John >> >> Can do, John.No other comments? > What about the Error in Events Log >> about some drivers failing to load, or is that totally unrelated? > > Which drivers failing to load? I haven't seen your post about this... > No other comments now, just disable the services mentioned and see if > the machine can enter the hibernation state after more than one hour idle. > > John Okay, John, see files below; I disabled those 2 services and ran it again, and, as seems to happen every time, something comes up that I never saw before. But the clock bit went away. Hibernation results... still the same. See the Events Log. As for the failing to load, I'll show you that one again. But now.... > > Image Name PID Services > ========================= ====== ============================================= > System Idle Process 0 N/A > System 4 N/A > smss.exe 1200 N/A > csrss.exe 1280 N/A > winlogon.exe 1312 N/A > services.exe 1356 Eventlog, PlugPlay > lsass.exe 1368 PolicyAgent, ProtectedStorage, SamSs > svchost.exe 1528 DcomLaunch, TermService > svchost.exe 1628 RpcSs > svchost.exe 1784 AudioSrv, CryptSvc, Dhcp, ERSvc, > EventSystem, FastUserSwitchingCompatibility, > helpsvc, lanmanserver, lanmanworkstation, > Netman, Nla, RasMan, Schedule, seclogon, > SENS, SharedAccess, ShellHWDetection, > TapiSrv, Themes, TrkWks, winmgmt, wuauserv, > WZCSVC > svchost.exe 1928 Dnscache > svchost.exe 240 LmHosts > spoolsv.exe 552 Spooler > explorer.exe 772 N/A > svchost.exe 872 WebClient > mmc.exe 1452 N/A > EditPadLite.exe 172 N/A > cmd.exe 1672 N/A > ntvdm.exe 568 N/A > tasklist.exe 296 N/A > wmiprvse.exe 1572 N/A Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 528 Date: 3/31/2010 Time: 1:26:17 PM User: NT AUTHORITY\NETWORK SERVICE Computer: COMPAQ-2006 Description: Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Type Date Time Source Category Event User Computer Success Audit 3/31/2010 1:26:17 PM Security Privilege Use 576 NETWORK SERVICE COMPAQ-2006 Success Audit 3/31/2010 1:26:17 PM Security Logon/Logoff 528 NETWORK SERVICE COMPAQ-2006 Success Audit 3/31/2010 12:09:37 PM Security Privilege Use 576 NETWORK SERVICE COMPAQ-2006 Success Audit 3/31/2010 12:09:37 PM Security Logon/Logoff 528 NETWORK SERVICE COMPAQ-2006 These Windows services are started: Automatic Updates COM+ Event System Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client DNS Client Error Reporting Service Event Log Fast User Switching Compatibility Help and Support IPSEC Services Network Connections Network Location Awareness (NLA) Plug and Play Print Spooler Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Secondary Logon Security Accounts Manager Server Shell Hardware Detection System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services Themes WebClient Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Management Instrumentation Wireless Zero Configuration Workstation The command completed successfully. Image Name PID Services ========================= ====== ============================================= System Idle Process 0 N/A System 4 N/A smss.exe 1200 N/A csrss.exe 1280 N/A winlogon.exe 1312 N/A services.exe 1356 Eventlog, PlugPlay lsass.exe 1368 PolicyAgent, ProtectedStorage, SamSs svchost.exe 1528 DcomLaunch, TermService svchost.exe 1628 RpcSs svchost.exe 1784 AudioSrv, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, TapiSrv, Themes, TrkWks, winmgmt, wuauserv, WZCSVC svchost.exe 1928 Dnscache svchost.exe 240 LmHosts spoolsv.exe 552 Spooler explorer.exe 772 N/A svchost.exe 872 WebClient mmc.exe 1452 N/A EditPadLite.exe 172 N/A cmd.exe 1672 N/A ntvdm.exe 568 N/A tasklist.exe 296 N/A wmiprvse.exe 1572 N/A I think that's the lot. Note that I started it at 12:09 and at 1:26 an event interrupted the hibernation process. I can show you the details of those two events, if you like. I don't recall seeing events of that type before. Logon/logoff? Not by me. Privilege use? Huh?
From: William B. Lurie on 31 Mar 2010 15:54 Unknown wrote: > Curiosity question. Did you at any time alter the time interval for when you > sync your clock? > Check your registry at: > HKEY_LOCAL_MACHINE\System\currentcontrolset\services\w32Time\TimeProviders\NTPclient > in right pane special poll interval is a hexidecimal count in seconds. > For one week (XP default time) it is 0x00093a80 (604800) > "William B. Lurie" <billurie(a)nospam.net> wrote in message No, I've never been there. It of course did the Savings Time changeover with no hitch at all. This problem goes back way beyond 10 days ago.......
From: William B. Lurie on 31 Mar 2010 15:59
William B. Lurie wrote: > Unknown wrote: >> Curiosity question. Did you at any time alter the time interval for >> when you sync your clock? >> Check your registry at: >> HKEY_LOCAL_MACHINE\System\currentcontrolset\services\w32Time\TimeProviders\NTPclient >> >> in right pane special poll interval is a hexidecimal count in seconds. >> For one week (XP default time) it is 0x00093a80 (604800) >> "William B. Lurie" <billurie(a)nospam.net> wrote in message > > No, I've never been there. It of course did the Savings Time changeover > with no hitch at all. This problem goes back way beyond 10 days ago....... John: Here is a typical error which shows up frequently. I did mention it before. Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7026 Date: 3/31/2010 Time: 3:31:04 PM User: N/A Computer: COMPAQ-2006 Description: The following boot-start or system-start driver(s) failed to load: ftsata2 KLIF For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. |