WIA and hibernation again
in [Windows XP Basics]
|
Prev: Pressing Change Password -button in WIN XP causes reboot
Next: Microsoft caught pirating somebody's patent again!!!
From: John John - MVP on 9 Apr 2010 20:56 William B. Lurie wrote: > William B. Lurie wrote: >> John John - MVP wrote: >>> William B. Lurie wrote: >>> >>>>> Is the machine still connected to the internet or to a LAN? >>>>> Disconnect from both while you troubleshoot the problem! >>>>> >>>>> John >>>> John, I thought I made that clear. On each and every test run, >>>> I restart the computer in order to reboot to the the test system, >>>> and while it is booting, I physically disconnect the phone line >>>> as it enters the modem from the wall outlet. As for LAN....... >>>> I am a poor single-line homeowner with only one line of access >>>> to the world of information, other than Comcast cable for TV. >>> >>> OK, being that your firewall and AV applications are not running >>> while you run these trials I just wanted to make sure that you >>> weren't opening your unprotected machine to the outside world. >>> >>> >>> >>>> And as for Ci which we discussed earlier, I can't put my finger on it; >>>> please tell me again what to disable to stop it from cataloguing >>>> system volume information at what appears to be random odd times. >>> >>> Let's try one last effort and see if we can get to the bottom of >>> this. I'm going to try another approach, I will try to configure your >>> services via scripts or batch files that you can run on your >>> machine. We are going to start from scratch again, I need you to do >>> the following 2 tasks: >>> >>> Task 1: >>> >>> Copy the stuff between the ====== lines and save it as ServiceStat.vbs: >>> >>> >>> ================================================================ >>> Const ForWriting = 2 >>> Set objFSO = CreateObject("Scripting.FileSystemObject") >>> Set objLogFile = objFSO.OpenTextFile("c:\services.txt", _ >>> ForWriting, True) >>> objLogFile.Write _ >>> ("Service Name,Start Mode") >>> objLogFile.Writeline >>> strComputer = "." >>> Set objWMIService = GetObject("winmgmts:" _ >>> & "{impersonationLevel=impersonate}!\\" & strComputer & >>> "\root\cimv2") >>> Set colListOfServices = objWMIService.ExecQuery _ >>> ("Select * from Win32_Service") >>> For Each objService in colListOfServices >>> objLogFile.Write(objService.Name) & "," >>> objLogFile.Write(objService.StartMode) & "," >>> objLogFile.writeline >>> Next >>> objLogFile.Close >>> ================================================================ >>> >>> Run ServiceState.vbs (double click on it) and after it runs look for >>> the file C:\services.txt, copy and paste the contents of the file to >>> your next post. >>> >>> >>> Task 2: >>> >>> This one involves running a Sysinternals utility (Autorunsc) at the >>> command prompt. >>> >>> Go here: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx >>> >>> and download the Autoruns and Autorunsc package (581 KB). Unzip the >>> package, there will be two executable in the package: >>> >>> The GUI version: autoruns.exe >>> >>> and the Command version: autorunsc.exe >>> >>> Copy the command version (autorunsc.exe) to an easy to find location, >>> for example C:\, then at a Command Prompt run this command: >>> >>> c:\autorunsc >c:\autostart.txt >>> >>> Copy and paste the contents of the c:\autostart.txt to your next post. >>> >>> >>> Be patient after you post the files. I have a busy next few days >>> ahead, I might not be able to get back to you until much later, maybe >>> not before Sunday. >>> >>> John >> Okay, John, I did it pretty well, but with limitations. >> File autorunsc.exe said it unzipped but I couldn't find it. >> I did the unzipping all in one directory and I found the >> autorun.exe but not its command version. So I executed the >> one I found and maybe what I'll send below is what you were >> after. >> >> The file services.txt saved but is EMPTY except for a header line. >> I'll go back and do that again. >> >> Service Name,Start Mode <<<<<<<That's all that the run collected. >> >> >> Meanwhile, here's the other one: >> >>> HKLM\System\CurrentControlSet\Control\Terminal >>> Server\Wds\rdpwd\StartupPrograms >>> rdpclip >>> rdpclip >>> RDP Clip Monitor >>> Microsoft Corporation >>> 5.1.2600.2180 >>> c:\windows\system32\rdpclip.exe >>> ab978e64b3cb5b78842bc2bdae19d0cd (MD5) >>> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1) >>> >>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit >>> C:\WINDOWS\system32\userinit.exe >>> C:\WINDOWS\system32\userinit.exe >>> Userinit Logon Application >>> Microsoft Corporation >>> 5.1.2600.2180 >>> c:\windows\system32\userinit.exe >>> 39b1ffb03c2296323832acbae50d2aff (MD5) >>> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1) >>> >>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell >>> Explorer.exe >>> Explorer.exe >>> Windows Explorer >>> Microsoft Corporation >>> 6.0.2900.3156 >>> c:\windows\explorer.exe >>> 97bd6515465659ff8f3b7be375b2ea87 (MD5) >>> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1) >>> >>> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >>> LXCTCATS >>> rundll32 >>> C:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16 >>> Lexmark Connect Timer DLL >>> Lexmark International Inc. >>> 1.20.0.0 >>> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll >>> e9b2e1938b478881a0ce79b6bb9ac31c (MD5) >>> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1) >>> >>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> ctfmon.exe >>> C:\windows\system32\ctfmon.exe >>> CTF Loader >>> Microsoft Corporation >>> 5.1.2600.2180 >>> c:\windows\system32\ctfmon.exe >>> 24232996a38c0b0cf151c2140ae29fc8 (MD5) >>> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1) >> > But let me expand about services.txt .... > > In the process of doing that on the clone, it gave an error pane: > "Remote Server machine does not exist or is unavailable. > 'GetObject' code 800A01CE Microsoft VBScript Runtime Error" > > But I did run it on my Master machine and got the following: > >> Service Name,Start Mode >> Alerter,Disabled, >> ALG,Manual, >> AppMgmt,Manual, >> aspnet_state,Manual, >> Ati HotKey Poller,Disabled, >> ATI Smart,Manual, >> AudioSrv,Auto, >> Automatic LiveUpdate Scheduler,Disabled, >> BITS,Manual, >> Browser,Auto, >> CiSvc,Manual, >> ClipSrv,Disabled, >> clr_optimization_v2.0.50727_32,Manual, >> COMSysApp,Manual, >> CryptSvc,Auto, >> DcomLaunch,Auto, >> Dhcp,Auto, >> dmadmin,Manual, >> dmserver,Manual, >> Dnscache,Auto, >> ERSvc,Auto, >> Eventlog,Auto, >> EventSystem,Manual, >> FastUserSwitchingCompatibility,Manual, >> Fax,Manual, >> FontCache3.0.0.0,Manual, >> GEARSecurity,Disabled, >> helpsvc,Auto, >> HidServ,Disabled, >> HTTPFilter,Manual, >> IDriverT,Manual, >> idsvc,Manual, >> Imapi Helper,Manual, >> ImapiService,Manual, >> lanmanserver,Auto, >> lanmanworkstation,Auto, >> LexBceS,Auto, >> LiveUpdate,Manual, >> LmHosts,Auto, >> lxct_device,Auto, >> MBAMService,Disabled, >> MDM,Manual, >> Messenger,Disabled, >> mnmsrvc,Manual, >> MSIServer,Manual, >> NetDDE,Disabled, >> NetDDEdsdm,Disabled, >> Netlogon,Manual, >> Netman,Manual, >> NetTcpPortSharing,Disabled, >> Nla,Manual, >> Norton AntiVirus,Auto, >> Norton Save and Restore,Manual, >> NProtectService,Manual, >> NtLmSsp,Manual, >> NtmsSvc,Manual, >> ose,Manual, >> PlugPlay,Auto, >> PolicyAgent,Manual, >> ProtectedStorage,Auto, >> psqlWGE,Auto, >> RasAuto,Disabled, >> RasMan,Manual, >> RDSessMgr,Manual, >> RemoteAccess,Disabled, >> RpcLocator,Manual, >> RpcSs,Auto, >> RSVP,Manual, >> SamSs,Auto, >> SCardSvr,Manual, >> Schedule,Manual, >> seclogon,Auto, >> SENS,Auto, >> SharedAccess,Auto, >> ShellHWDetection,Auto, >> Speed Disk service,Disabled, >> Spooler,Auto, >> srservice,Auto, >> SSDPSRV,Manual, >> stisvc,Manual, >> SwPrv,Manual, >> Symantec RemoteAssist,Manual, >> SysmonLog,Manual, >> TapiSrv,Manual, >> TermService,Auto, >> Themes,Auto, >> TrkWks,Auto, >> upnphost,Manual, >> UPS,Manual, >> Viewpoint Manager Service,Disabled, >> VSS,Manual, >> W32Time,Auto, >> WebClient,Auto, >> winmgmt,Auto, >> WmdmPmSN,Manual, >> WmiApSrv,Disabled, >> WMPNetworkSvc,Manual, >> wscsvc,Manual, >> wuauserv,Manual, >> WudfSvc,Manual, >> WZCSVC,Auto, >> xmlprov,Manual, > > I'd sure like to run that on the clone, but you'll > have to modify the .vbs file so that the error goes away. Let's run everything on a new clone of your master installation. John
From: William B. Lurie on 9 Apr 2010 22:50 John John - MVP wrote: > William B. Lurie wrote: >> William B. Lurie wrote: >>> John John - MVP wrote: >>>> William B. Lurie wrote: >>>> >>>>>> Is the machine still connected to the internet or to a LAN? >>>>>> Disconnect from both while you troubleshoot the problem! >>>>>> >>>>>> John >>>>> John, I thought I made that clear. On each and every test run, >>>>> I restart the computer in order to reboot to the the test system, >>>>> and while it is booting, I physically disconnect the phone line >>>>> as it enters the modem from the wall outlet. As for LAN....... >>>>> I am a poor single-line homeowner with only one line of access >>>>> to the world of information, other than Comcast cable for TV. >>>> >>>> OK, being that your firewall and AV applications are not running >>>> while you run these trials I just wanted to make sure that you >>>> weren't opening your unprotected machine to the outside world. >>>> >>>> >>>> >>>>> And as for Ci which we discussed earlier, I can't put my finger on it; >>>>> please tell me again what to disable to stop it from cataloguing >>>>> system volume information at what appears to be random odd times. >>>> >>>> Let's try one last effort and see if we can get to the bottom of >>>> this. I'm going to try another approach, I will try to configure >>>> your services via scripts or batch files that you can run on your >>>> machine. We are going to start from scratch again, I need you to do >>>> the following 2 tasks: >>>> >>>> Task 1: >>>> >>>> Copy the stuff between the ====== lines and save it as ServiceStat.vbs: >>>> >>>> >>>> ================================================================ >>>> Const ForWriting = 2 >>>> Set objFSO = CreateObject("Scripting.FileSystemObject") >>>> Set objLogFile = objFSO.OpenTextFile("c:\services.txt", _ >>>> ForWriting, True) >>>> objLogFile.Write _ >>>> ("Service Name,Start Mode") >>>> objLogFile.Writeline >>>> strComputer = "." >>>> Set objWMIService = GetObject("winmgmts:" _ >>>> & "{impersonationLevel=impersonate}!\\" & strComputer & >>>> "\root\cimv2") >>>> Set colListOfServices = objWMIService.ExecQuery _ >>>> ("Select * from Win32_Service") >>>> For Each objService in colListOfServices >>>> objLogFile.Write(objService.Name) & "," >>>> objLogFile.Write(objService.StartMode) & "," >>>> objLogFile.writeline >>>> Next >>>> objLogFile.Close >>>> ================================================================ >>>> >>>> Run ServiceState.vbs (double click on it) and after it runs look for >>>> the file C:\services.txt, copy and paste the contents of the file to >>>> your next post. >>>> >>>> >>>> Task 2: >>>> >>>> This one involves running a Sysinternals utility (Autorunsc) at the >>>> command prompt. >>>> >>>> Go here: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx >>>> >>>> and download the Autoruns and Autorunsc package (581 KB). Unzip the >>>> package, there will be two executable in the package: >>>> >>>> The GUI version: autoruns.exe >>>> >>>> and the Command version: autorunsc.exe >>>> >>>> Copy the command version (autorunsc.exe) to an easy to find >>>> location, for example C:\, then at a Command Prompt run this command: >>>> >>>> c:\autorunsc >c:\autostart.txt >>>> >>>> Copy and paste the contents of the c:\autostart.txt to your next post. >>>> >>>> >>>> Be patient after you post the files. I have a busy next few days >>>> ahead, I might not be able to get back to you until much later, >>>> maybe not before Sunday. >>>> >>>> John >>> Okay, John, I did it pretty well, but with limitations. >>> File autorunsc.exe said it unzipped but I couldn't find it. >>> I did the unzipping all in one directory and I found the >>> autorun.exe but not its command version. So I executed the >>> one I found and maybe what I'll send below is what you were >>> after. >>> >>> The file services.txt saved but is EMPTY except for a header line. >>> I'll go back and do that again. >>> >>> Service Name,Start Mode <<<<<<<That's all that the run collected. >>> >>> >>> Meanwhile, here's the other one: >>> >>>> HKLM\System\CurrentControlSet\Control\Terminal >>>> Server\Wds\rdpwd\StartupPrograms >>>> rdpclip >>>> rdpclip >>>> RDP Clip Monitor >>>> Microsoft Corporation >>>> 5.1.2600.2180 >>>> c:\windows\system32\rdpclip.exe >>>> ab978e64b3cb5b78842bc2bdae19d0cd (MD5) >>>> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1) >>>> >>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit >>>> C:\WINDOWS\system32\userinit.exe >>>> C:\WINDOWS\system32\userinit.exe >>>> Userinit Logon Application >>>> Microsoft Corporation >>>> 5.1.2600.2180 >>>> c:\windows\system32\userinit.exe >>>> 39b1ffb03c2296323832acbae50d2aff (MD5) >>>> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1) >>>> >>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell >>>> Explorer.exe >>>> Explorer.exe >>>> Windows Explorer >>>> Microsoft Corporation >>>> 6.0.2900.3156 >>>> c:\windows\explorer.exe >>>> 97bd6515465659ff8f3b7be375b2ea87 (MD5) >>>> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1) >>>> >>>> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >>>> LXCTCATS >>>> rundll32 >>>> C:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16 >>>> Lexmark Connect Timer DLL >>>> Lexmark International Inc. >>>> 1.20.0.0 >>>> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll >>>> e9b2e1938b478881a0ce79b6bb9ac31c (MD5) >>>> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1) >>>> >>>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>> ctfmon.exe >>>> C:\windows\system32\ctfmon.exe >>>> CTF Loader >>>> Microsoft Corporation >>>> 5.1.2600.2180 >>>> c:\windows\system32\ctfmon.exe >>>> 24232996a38c0b0cf151c2140ae29fc8 (MD5) >>>> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1) >>> >> But let me expand about services.txt .... >> >> In the process of doing that on the clone, it gave an error pane: >> "Remote Server machine does not exist or is unavailable. >> 'GetObject' code 800A01CE Microsoft VBScript Runtime Error" >> >> But I did run it on my Master machine and got the following: >> >>> Service Name,Start Mode >>> Alerter,Disabled, >>> ALG,Manual, >>> AppMgmt,Manual, >>> aspnet_state,Manual, >>> Ati HotKey Poller,Disabled, >>> ATI Smart,Manual, >>> AudioSrv,Auto, >>> Automatic LiveUpdate Scheduler,Disabled, >>> BITS,Manual, >>> Browser,Auto, >>> CiSvc,Manual, >>> ClipSrv,Disabled, >>> clr_optimization_v2.0.50727_32,Manual, >>> COMSysApp,Manual, >>> CryptSvc,Auto, >>> DcomLaunch,Auto, >>> Dhcp,Auto, >>> dmadmin,Manual, >>> dmserver,Manual, >>> Dnscache,Auto, >>> ERSvc,Auto, >>> Eventlog,Auto, >>> EventSystem,Manual, >>> FastUserSwitchingCompatibility,Manual, >>> Fax,Manual, >>> FontCache3.0.0.0,Manual, >>> GEARSecurity,Disabled, >>> helpsvc,Auto, >>> HidServ,Disabled, >>> HTTPFilter,Manual, >>> IDriverT,Manual, >>> idsvc,Manual, >>> Imapi Helper,Manual, >>> ImapiService,Manual, >>> lanmanserver,Auto, >>> lanmanworkstation,Auto, >>> LexBceS,Auto, >>> LiveUpdate,Manual, >>> LmHosts,Auto, >>> lxct_device,Auto, >>> MBAMService,Disabled, >>> MDM,Manual, >>> Messenger,Disabled, >>> mnmsrvc,Manual, >>> MSIServer,Manual, >>> NetDDE,Disabled, >>> NetDDEdsdm,Disabled, >>> Netlogon,Manual, >>> Netman,Manual, >>> NetTcpPortSharing,Disabled, >>> Nla,Manual, >>> Norton AntiVirus,Auto, >>> Norton Save and Restore,Manual, >>> NProtectService,Manual, >>> NtLmSsp,Manual, >>> NtmsSvc,Manual, >>> ose,Manual, >>> PlugPlay,Auto, >>> PolicyAgent,Manual, >>> ProtectedStorage,Auto, >>> psqlWGE,Auto, >>> RasAuto,Disabled, >>> RasMan,Manual, >>> RDSessMgr,Manual, >>> RemoteAccess,Disabled, >>> RpcLocator,Manual, >>> RpcSs,Auto, >>> RSVP,Manual, >>> SamSs,Auto, >>> SCardSvr,Manual, >>> Schedule,Manual, >>> seclogon,Auto, >>> SENS,Auto, >>> SharedAccess,Auto, >>> ShellHWDetection,Auto, >>> Speed Disk service,Disabled, >>> Spooler,Auto, >>> srservice,Auto, >>> SSDPSRV,Manual, >>> stisvc,Manual, >>> SwPrv,Manual, >>> Symantec RemoteAssist,Manual, >>> SysmonLog,Manual, >>> TapiSrv,Manual, >>> TermService,Auto, >>> Themes,Auto, >>> TrkWks,Auto, >>> upnphost,Manual, >>> UPS,Manual, >>> Viewpoint Manager Service,Disabled, >>> VSS,Manual, >>> W32Time,Auto, >>> WebClient,Auto, >>> winmgmt,Auto, >>> WmdmPmSN,Manual, >>> WmiApSrv,Disabled, >>> WMPNetworkSvc,Manual, >>> wscsvc,Manual, >>> wuauserv,Manual, >>> WudfSvc,Manual, >>> WZCSVC,Auto, >>> xmlprov,Manual, >> >> I'd sure like to run that on the clone, but you'll >> have to modify the .vbs file so that the error goes away. > > Let's run everything on a new clone of your master installation. > > John Okay, John, I have the files saved ready to put on a different clone, one that has not been stripped down with much of the services made manual. BTW.......if you check my reports, I had the stripped-down clone hibernating properly and was re-activating services and the first batch of ten or so went fine, and then the next one blew it, and so on. But if you want me to switch from Clone1 to Clone2, where Clone2 is identical with my Master except for the later driver, I will be able to do that tomorrow morning. Since this is a fresh start, should we start a different thread or just <snip>? Bill
From: John John - MVP on 10 Apr 2010 07:18 William B. Lurie wrote: > John John - MVP wrote: >> William B. Lurie wrote: >>> William B. Lurie wrote: >>>> John John - MVP wrote: >>>>> William B. Lurie wrote: >>>>> >>>>>>> Is the machine still connected to the internet or to a LAN? >>>>>>> Disconnect from both while you troubleshoot the problem! >>>>>>> >>>>>>> John >>>>>> John, I thought I made that clear. On each and every test run, >>>>>> I restart the computer in order to reboot to the the test system, >>>>>> and while it is booting, I physically disconnect the phone line >>>>>> as it enters the modem from the wall outlet. As for LAN....... >>>>>> I am a poor single-line homeowner with only one line of access >>>>>> to the world of information, other than Comcast cable for TV. >>>>> >>>>> OK, being that your firewall and AV applications are not running >>>>> while you run these trials I just wanted to make sure that you >>>>> weren't opening your unprotected machine to the outside world. >>>>> >>>>> >>>>> >>>>>> And as for Ci which we discussed earlier, I can't put my finger on >>>>>> it; >>>>>> please tell me again what to disable to stop it from cataloguing >>>>>> system volume information at what appears to be random odd times. >>>>> >>>>> Let's try one last effort and see if we can get to the bottom of >>>>> this. I'm going to try another approach, I will try to configure >>>>> your services via scripts or batch files that you can run on your >>>>> machine. We are going to start from scratch again, I need you to >>>>> do the following 2 tasks: >>>>> >>>>> Task 1: >>>>> >>>>> Copy the stuff between the ====== lines and save it as >>>>> ServiceStat.vbs: >>>>> >>>>> >>>>> ================================================================ >>>>> Const ForWriting = 2 >>>>> Set objFSO = CreateObject("Scripting.FileSystemObject") >>>>> Set objLogFile = objFSO.OpenTextFile("c:\services.txt", _ >>>>> ForWriting, True) >>>>> objLogFile.Write _ >>>>> ("Service Name,Start Mode") >>>>> objLogFile.Writeline >>>>> strComputer = "." >>>>> Set objWMIService = GetObject("winmgmts:" _ >>>>> & "{impersonationLevel=impersonate}!\\" & strComputer & >>>>> "\root\cimv2") >>>>> Set colListOfServices = objWMIService.ExecQuery _ >>>>> ("Select * from Win32_Service") >>>>> For Each objService in colListOfServices >>>>> objLogFile.Write(objService.Name) & "," >>>>> objLogFile.Write(objService.StartMode) & "," >>>>> objLogFile.writeline >>>>> Next >>>>> objLogFile.Close >>>>> ================================================================ >>>>> >>>>> Run ServiceState.vbs (double click on it) and after it runs look >>>>> for the file C:\services.txt, copy and paste the contents of the >>>>> file to your next post. >>>>> >>>>> >>>>> Task 2: >>>>> >>>>> This one involves running a Sysinternals utility (Autorunsc) at the >>>>> command prompt. >>>>> >>>>> Go here: >>>>> http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx >>>>> >>>>> and download the Autoruns and Autorunsc package (581 KB). Unzip >>>>> the package, there will be two executable in the package: >>>>> >>>>> The GUI version: autoruns.exe >>>>> >>>>> and the Command version: autorunsc.exe >>>>> >>>>> Copy the command version (autorunsc.exe) to an easy to find >>>>> location, for example C:\, then at a Command Prompt run this command: >>>>> >>>>> c:\autorunsc >c:\autostart.txt >>>>> >>>>> Copy and paste the contents of the c:\autostart.txt to your next post. >>>>> >>>>> >>>>> Be patient after you post the files. I have a busy next few days >>>>> ahead, I might not be able to get back to you until much later, >>>>> maybe not before Sunday. >>>>> >>>>> John >>>> Okay, John, I did it pretty well, but with limitations. >>>> File autorunsc.exe said it unzipped but I couldn't find it. >>>> I did the unzipping all in one directory and I found the >>>> autorun.exe but not its command version. So I executed the >>>> one I found and maybe what I'll send below is what you were >>>> after. >>>> >>>> The file services.txt saved but is EMPTY except for a header line. >>>> I'll go back and do that again. >>>> >>>> Service Name,Start Mode <<<<<<<That's all that the run collected. >>>> >>>> >>>> Meanwhile, here's the other one: >>>> >>>>> HKLM\System\CurrentControlSet\Control\Terminal >>>>> Server\Wds\rdpwd\StartupPrograms >>>>> rdpclip >>>>> rdpclip >>>>> RDP Clip Monitor >>>>> Microsoft Corporation >>>>> 5.1.2600.2180 >>>>> c:\windows\system32\rdpclip.exe >>>>> ab978e64b3cb5b78842bc2bdae19d0cd (MD5) >>>>> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1) >>>>> >>>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit >>>>> C:\WINDOWS\system32\userinit.exe >>>>> C:\WINDOWS\system32\userinit.exe >>>>> Userinit Logon Application >>>>> Microsoft Corporation >>>>> 5.1.2600.2180 >>>>> c:\windows\system32\userinit.exe >>>>> 39b1ffb03c2296323832acbae50d2aff (MD5) >>>>> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1) >>>>> >>>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell >>>>> Explorer.exe >>>>> Explorer.exe >>>>> Windows Explorer >>>>> Microsoft Corporation >>>>> 6.0.2900.3156 >>>>> c:\windows\explorer.exe >>>>> 97bd6515465659ff8f3b7be375b2ea87 (MD5) >>>>> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1) >>>>> >>>>> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >>>>> LXCTCATS >>>>> rundll32 >>>>> C:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16 >>>>> >>>>> Lexmark Connect Timer DLL >>>>> Lexmark International Inc. >>>>> 1.20.0.0 >>>>> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll >>>>> e9b2e1938b478881a0ce79b6bb9ac31c (MD5) >>>>> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1) >>>>> >>>>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>>> ctfmon.exe >>>>> C:\windows\system32\ctfmon.exe >>>>> CTF Loader >>>>> Microsoft Corporation >>>>> 5.1.2600.2180 >>>>> c:\windows\system32\ctfmon.exe >>>>> 24232996a38c0b0cf151c2140ae29fc8 (MD5) >>>>> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1) >>>> >>> But let me expand about services.txt .... >>> >>> In the process of doing that on the clone, it gave an error pane: >>> "Remote Server machine does not exist or is unavailable. >>> 'GetObject' code 800A01CE Microsoft VBScript Runtime Error" >>> >>> But I did run it on my Master machine and got the following: >>> >>>> Service Name,Start Mode >>>> Alerter,Disabled, >>>> ALG,Manual, >>>> AppMgmt,Manual, >>>> aspnet_state,Manual, >>>> Ati HotKey Poller,Disabled, >>>> ATI Smart,Manual, >>>> AudioSrv,Auto, >>>> Automatic LiveUpdate Scheduler,Disabled, >>>> BITS,Manual, >>>> Browser,Auto, >>>> CiSvc,Manual, >>>> ClipSrv,Disabled, >>>> clr_optimization_v2.0.50727_32,Manual, >>>> COMSysApp,Manual, >>>> CryptSvc,Auto, >>>> DcomLaunch,Auto, >>>> Dhcp,Auto, >>>> dmadmin,Manual, >>>> dmserver,Manual, >>>> Dnscache,Auto, >>>> ERSvc,Auto, >>>> Eventlog,Auto, >>>> EventSystem,Manual, >>>> FastUserSwitchingCompatibility,Manual, >>>> Fax,Manual, >>>> FontCache3.0.0.0,Manual, >>>> GEARSecurity,Disabled, >>>> helpsvc,Auto, >>>> HidServ,Disabled, >>>> HTTPFilter,Manual, >>>> IDriverT,Manual, >>>> idsvc,Manual, >>>> Imapi Helper,Manual, >>>> ImapiService,Manual, >>>> lanmanserver,Auto, >>>> lanmanworkstation,Auto, >>>> LexBceS,Auto, >>>> LiveUpdate,Manual, >>>> LmHosts,Auto, >>>> lxct_device,Auto, >>>> MBAMService,Disabled, >>>> MDM,Manual, >>>> Messenger,Disabled, >>>> mnmsrvc,Manual, >>>> MSIServer,Manual, >>>> NetDDE,Disabled, >>>> NetDDEdsdm,Disabled, >>>> Netlogon,Manual, >>>> Netman,Manual, >>>> NetTcpPortSharing,Disabled, >>>> Nla,Manual, >>>> Norton AntiVirus,Auto, >>>> Norton Save and Restore,Manual, >>>> NProtectService,Manual, >>>> NtLmSsp,Manual, >>>> NtmsSvc,Manual, >>>> ose,Manual, >>>> PlugPlay,Auto, >>>> PolicyAgent,Manual, >>>> ProtectedStorage,Auto, >>>> psqlWGE,Auto, >>>> RasAuto,Disabled, >>>> RasMan,Manual, >>>> RDSessMgr,Manual, >>>> RemoteAccess,Disabled, >>>> RpcLocator,Manual, >>>> RpcSs,Auto, >>>> RSVP,Manual, >>>> SamSs,Auto, >>>> SCardSvr,Manual, >>>> Schedule,Manual, >>>> seclogon,Auto, >>>> SENS,Auto, >>>> SharedAccess,Auto, >>>> ShellHWDetection,Auto, >>>> Speed Disk service,Disabled, >>>> Spooler,Auto, >>>> srservice,Auto, >>>> SSDPSRV,Manual, >>>> stisvc,Manual, >>>> SwPrv,Manual, >>>> Symantec RemoteAssist,Manual, >>>> SysmonLog,Manual, >>>> TapiSrv,Manual, >>>> TermService,Auto, >>>> Themes,Auto, >>>> TrkWks,Auto, >>>> upnphost,Manual, >>>> UPS,Manual, >>>> Viewpoint Manager Service,Disabled, >>>> VSS,Manual, >>>> W32Time,Auto, >>>> WebClient,Auto, >>>> winmgmt,Auto, >>>> WmdmPmSN,Manual, >>>> WmiApSrv,Disabled, >>>> WMPNetworkSvc,Manual, >>>> wscsvc,Manual, >>>> wuauserv,Manual, >>>> WudfSvc,Manual, >>>> WZCSVC,Auto, >>>> xmlprov,Manual, >>> >>> I'd sure like to run that on the clone, but you'll >>> have to modify the .vbs file so that the error goes away. >> >> Let's run everything on a new clone of your master installation. >> >> John > Okay, John, I have the files saved ready to put on a different clone, > one that has not been stripped down with much of the services > made manual. > > BTW.......if you check my reports, I had the stripped-down clone > hibernating properly and was re-activating services and the > first batch of ten or so went fine, and then the next one blew > it, and so on. But if you want me to switch from Clone1 to Clone2, > where Clone2 is identical with my Master except for the later > driver, I will be able to do that tomorrow morning. > > Since this is a fresh start, should we start a different thread or > just <snip>? You may as well start a new thread, this one is threaded pretty long and it's getting harder to find previous posts within it... one of the longest discussion I have ever been involved in... John
From: Unknown on 10 Apr 2010 11:21 What was included in the second batch of ten which 'blew it'? "William B. Lurie" <billurie(a)nospam.net> wrote in message news:u3ndXiF2KHA.5820(a)TK2MSFTNGP06.phx.gbl... > John John - MVP wrote: >> William B. Lurie wrote: >>> William B. Lurie wrote: >>>> John John - MVP wrote: >>>>> William B. Lurie wrote: >>>>> >>>>>>> Is the machine still connected to the internet or to a LAN? >>>>>>> Disconnect from both while you troubleshoot the problem! >>>>>>> >>>>>>> John >>>>>> John, I thought I made that clear. On each and every test run, >>>>>> I restart the computer in order to reboot to the the test system, >>>>>> and while it is booting, I physically disconnect the phone line >>>>>> as it enters the modem from the wall outlet. As for LAN....... >>>>>> I am a poor single-line homeowner with only one line of access >>>>>> to the world of information, other than Comcast cable for TV. >>>>> >>>>> OK, being that your firewall and AV applications are not running while >>>>> you run these trials I just wanted to make sure that you weren't >>>>> opening your unprotected machine to the outside world. >>>>> >>>>> >>>>> >>>>>> And as for Ci which we discussed earlier, I can't put my finger on >>>>>> it; >>>>>> please tell me again what to disable to stop it from cataloguing >>>>>> system volume information at what appears to be random odd times. >>>>> >>>>> Let's try one last effort and see if we can get to the bottom of this. >>>>> I'm going to try another approach, I will try to configure your >>>>> services via scripts or batch files that you can run on your machine. >>>>> We are going to start from scratch again, I need you to do the >>>>> following 2 tasks: >>>>> >>>>> Task 1: >>>>> >>>>> Copy the stuff between the ====== lines and save it as >>>>> ServiceStat.vbs: >>>>> >>>>> >>>>> ================================================================ >>>>> Const ForWriting = 2 >>>>> Set objFSO = CreateObject("Scripting.FileSystemObject") >>>>> Set objLogFile = objFSO.OpenTextFile("c:\services.txt", _ >>>>> ForWriting, True) >>>>> objLogFile.Write _ >>>>> ("Service Name,Start Mode") >>>>> objLogFile.Writeline >>>>> strComputer = "." >>>>> Set objWMIService = GetObject("winmgmts:" _ >>>>> & "{impersonationLevel=impersonate}!\\" & strComputer & >>>>> "\root\cimv2") >>>>> Set colListOfServices = objWMIService.ExecQuery _ >>>>> ("Select * from Win32_Service") >>>>> For Each objService in colListOfServices >>>>> objLogFile.Write(objService.Name) & "," >>>>> objLogFile.Write(objService.StartMode) & "," >>>>> objLogFile.writeline >>>>> Next >>>>> objLogFile.Close >>>>> ================================================================ >>>>> >>>>> Run ServiceState.vbs (double click on it) and after it runs look for >>>>> the file C:\services.txt, copy and paste the contents of the file to >>>>> your next post. >>>>> >>>>> >>>>> Task 2: >>>>> >>>>> This one involves running a Sysinternals utility (Autorunsc) at the >>>>> command prompt. >>>>> >>>>> Go here: >>>>> http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx >>>>> >>>>> and download the Autoruns and Autorunsc package (581 KB). Unzip the >>>>> package, there will be two executable in the package: >>>>> >>>>> The GUI version: autoruns.exe >>>>> >>>>> and the Command version: autorunsc.exe >>>>> >>>>> Copy the command version (autorunsc.exe) to an easy to find location, >>>>> for example C:\, then at a Command Prompt run this command: >>>>> >>>>> c:\autorunsc >c:\autostart.txt >>>>> >>>>> Copy and paste the contents of the c:\autostart.txt to your next post. >>>>> >>>>> >>>>> Be patient after you post the files. I have a busy next few days >>>>> ahead, I might not be able to get back to you until much later, maybe >>>>> not before Sunday. >>>>> >>>>> John >>>> Okay, John, I did it pretty well, but with limitations. >>>> File autorunsc.exe said it unzipped but I couldn't find it. >>>> I did the unzipping all in one directory and I found the >>>> autorun.exe but not its command version. So I executed the >>>> one I found and maybe what I'll send below is what you were >>>> after. >>>> >>>> The file services.txt saved but is EMPTY except for a header line. >>>> I'll go back and do that again. >>>> >>>> Service Name,Start Mode <<<<<<<That's all that the run collected. >>>> >>>> >>>> Meanwhile, here's the other one: >>>> >>>>> HKLM\System\CurrentControlSet\Control\Terminal >>>>> Server\Wds\rdpwd\StartupPrograms >>>>> rdpclip >>>>> rdpclip >>>>> RDP Clip Monitor >>>>> Microsoft Corporation >>>>> 5.1.2600.2180 >>>>> c:\windows\system32\rdpclip.exe >>>>> ab978e64b3cb5b78842bc2bdae19d0cd (MD5) >>>>> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1) >>>>> >>>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit >>>>> C:\WINDOWS\system32\userinit.exe >>>>> C:\WINDOWS\system32\userinit.exe >>>>> Userinit Logon Application >>>>> Microsoft Corporation >>>>> 5.1.2600.2180 >>>>> c:\windows\system32\userinit.exe >>>>> 39b1ffb03c2296323832acbae50d2aff (MD5) >>>>> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1) >>>>> >>>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell >>>>> Explorer.exe >>>>> Explorer.exe >>>>> Windows Explorer >>>>> Microsoft Corporation >>>>> 6.0.2900.3156 >>>>> c:\windows\explorer.exe >>>>> 97bd6515465659ff8f3b7be375b2ea87 (MD5) >>>>> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1) >>>>> >>>>> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >>>>> LXCTCATS >>>>> rundll32 >>>>> C:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16 >>>>> Lexmark Connect Timer DLL >>>>> Lexmark International Inc. >>>>> 1.20.0.0 >>>>> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll >>>>> e9b2e1938b478881a0ce79b6bb9ac31c (MD5) >>>>> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1) >>>>> >>>>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>>> ctfmon.exe >>>>> C:\windows\system32\ctfmon.exe >>>>> CTF Loader >>>>> Microsoft Corporation >>>>> 5.1.2600.2180 >>>>> c:\windows\system32\ctfmon.exe >>>>> 24232996a38c0b0cf151c2140ae29fc8 (MD5) >>>>> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1) >>>> >>> But let me expand about services.txt .... >>> >>> In the process of doing that on the clone, it gave an error pane: >>> "Remote Server machine does not exist or is unavailable. >>> 'GetObject' code 800A01CE Microsoft VBScript Runtime Error" >>> >>> But I did run it on my Master machine and got the following: >>> >>>> Service Name,Start Mode >>>> Alerter,Disabled, >>>> ALG,Manual, >>>> AppMgmt,Manual, >>>> aspnet_state,Manual, >>>> Ati HotKey Poller,Disabled, >>>> ATI Smart,Manual, >>>> AudioSrv,Auto, >>>> Automatic LiveUpdate Scheduler,Disabled, >>>> BITS,Manual, >>>> Browser,Auto, >>>> CiSvc,Manual, >>>> ClipSrv,Disabled, >>>> clr_optimization_v2.0.50727_32,Manual, >>>> COMSysApp,Manual, >>>> CryptSvc,Auto, >>>> DcomLaunch,Auto, >>>> Dhcp,Auto, >>>> dmadmin,Manual, >>>> dmserver,Manual, >>>> Dnscache,Auto, >>>> ERSvc,Auto, >>>> Eventlog,Auto, >>>> EventSystem,Manual, >>>> FastUserSwitchingCompatibility,Manual, >>>> Fax,Manual, >>>> FontCache3.0.0.0,Manual, >>>> GEARSecurity,Disabled, >>>> helpsvc,Auto, >>>> HidServ,Disabled, >>>> HTTPFilter,Manual, >>>> IDriverT,Manual, >>>> idsvc,Manual, >>>> Imapi Helper,Manual, >>>> ImapiService,Manual, >>>> lanmanserver,Auto, >>>> lanmanworkstation,Auto, >>>> LexBceS,Auto, >>>> LiveUpdate,Manual, >>>> LmHosts,Auto, >>>> lxct_device,Auto, >>>> MBAMService,Disabled, >>>> MDM,Manual, >>>> Messenger,Disabled, >>>> mnmsrvc,Manual, >>>> MSIServer,Manual, >>>> NetDDE,Disabled, >>>> NetDDEdsdm,Disabled, >>>> Netlogon,Manual, >>>> Netman,Manual, >>>> NetTcpPortSharing,Disabled, >>>> Nla,Manual, >>>> Norton AntiVirus,Auto, >>>> Norton Save and Restore,Manual, >>>> NProtectService,Manual, >>>> NtLmSsp,Manual, >>>> NtmsSvc,Manual, >>>> ose,Manual, >>>> PlugPlay,Auto, >>>> PolicyAgent,Manual, >>>> ProtectedStorage,Auto, >>>> psqlWGE,Auto, >>>> RasAuto,Disabled, >>>> RasMan,Manual, >>>> RDSessMgr,Manual, >>>> RemoteAccess,Disabled, >>>> RpcLocator,Manual, >>>> RpcSs,Auto, >>>> RSVP,Manual, >>>> SamSs,Auto, >>>> SCardSvr,Manual, >>>> Schedule,Manual, >>>> seclogon,Auto, >>>> SENS,Auto, >>>> SharedAccess,Auto, >>>> ShellHWDetection,Auto, >>>> Speed Disk service,Disabled, >>>> Spooler,Auto, >>>> srservice,Auto, >>>> SSDPSRV,Manual, >>>> stisvc,Manual, >>>> SwPrv,Manual, >>>> Symantec RemoteAssist,Manual, >>>> SysmonLog,Manual, >>>> TapiSrv,Manual, >>>> TermService,Auto, >>>> Themes,Auto, >>>> TrkWks,Auto, >>>> upnphost,Manual, >>>> UPS,Manual, >>>> Viewpoint Manager Service,Disabled, >>>> VSS,Manual, >>>> W32Time,Auto, >>>> WebClient,Auto, >>>> winmgmt,Auto, >>>> WmdmPmSN,Manual, >>>> WmiApSrv,Disabled, >>>> WMPNetworkSvc,Manual, >>>> wscsvc,Manual, >>>> wuauserv,Manual, >>>> WudfSvc,Manual, >>>> WZCSVC,Auto, >>>> xmlprov,Manual, >>> >>> I'd sure like to run that on the clone, but you'll >>> have to modify the .vbs file so that the error goes away. >> >> Let's run everything on a new clone of your master installation. >> >> John > Okay, John, I have the files saved ready to put on a different clone, > one that has not been stripped down with much of the services > made manual. > > BTW.......if you check my reports, I had the stripped-down clone > hibernating properly and was re-activating services and the > first batch of ten or so went fine, and then the next one blew > it, and so on. But if you want me to switch from Clone1 to Clone2, > where Clone2 is identical with my Master except for the later > driver, I will be able to do that tomorrow morning. > > Since this is a fresh start, should we start a different thread or > just <snip>? > Bill
From: William B. Lurie on 10 Apr 2010 11:31
Unknown wrote: > What was included in the second batch of ten which 'blew it'? It was one in the alphabetic sequence, I'm not sure which. One of the four "D's". > "William B. Lurie" <billurie(a)nospam.net> wrote in message > news:u3ndXiF2KHA.5820(a)TK2MSFTNGP06.phx.gbl... >> John John - MVP wrote: >>>>>>>> Is the machine still connected to the internet or to a LAN? >>>>>>>> Disconnect from both while you troubleshoot the problem! >>>>>>>> >>>>>>>> John >>>>>>> John, I thought I made that clear. On each and every test run, >>>>>>> I restart the computer in order to reboot to the the test system, >>>>>>> and while it is booting, I physically disconnect the phone line >>>>>>> as it enters the modem from the wall outlet. As for LAN....... >>>>>>> I am a poor single-line homeowner with only one line of access >>>>>>> to the world of information, other than Comcast cable for TV. >>>>>> OK, being that your firewall and AV applications are not running while >>>>>> you run these trials I just wanted to make sure that you weren't >>>>>> opening your unprotected machine to the outside world. >>>>>> >>>>>> >>>>>> >>>>>>> And as for Ci which we discussed earlier, I can't put my finger on >>>>>>> it; >>>>>>> please tell me again what to disable to stop it from cataloguing >>>>>>> system volume information at what appears to be random odd times. >>>>>> Let's try one last effort and see if we can get to the bottom of this. >>>>>> I'm going to try another approach, I will try to configure your >>>>>> services via scripts or batch files that you can run on your machine. >>>>>> We are going to start from scratch again, I need you to do the >>>>>> following 2 tasks: >>>>>> >>>>>> Task 1: >>>>>> >>>>>> Copy the stuff between the ====== lines and save it as >>>>>> ServiceStat.vbs: >>>>>> >>>>>> >>>>>> ================================================================ >>>>>> Const ForWriting = 2 >>>>>> Set objFSO = CreateObject("Scripting.FileSystemObject") >>>>>> Set objLogFile = objFSO.OpenTextFile("c:\services.txt", _ >>>>>> ForWriting, True) >>>>>> objLogFile.Write _ >>>>>> ("Service Name,Start Mode") >>>>>> objLogFile.Writeline >>>>>> strComputer = "." >>>>>> Set objWMIService = GetObject("winmgmts:" _ >>>>>> & "{impersonationLevel=impersonate}!\\" & strComputer & >>>>>> "\root\cimv2") >>>>>> Set colListOfServices = objWMIService.ExecQuery _ >>>>>> ("Select * from Win32_Service") >>>>>> For Each objService in colListOfServices >>>>>> objLogFile.Write(objService.Name) & "," >>>>>> objLogFile.Write(objService.StartMode) & "," >>>>>> objLogFile.writeline >>>>>> Next >>>>>> objLogFile.Close >>>>>> ================================================================ >>>>>> >>>>>> Run ServiceState.vbs (double click on it) and after it runs look for >>>>>> the file C:\services.txt, copy and paste the contents of the file to >>>>>> your next post. >>>>>> >>>>>> >>>>>> Task 2: >>>>>> >>>>>> This one involves running a Sysinternals utility (Autorunsc) at the >>>>>> command prompt. >>>>>> >>>>>> Go here: >>>>>> http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx >>>>>> >>>>>> and download the Autoruns and Autorunsc package (581 KB). Unzip the >>>>>> package, there will be two executable in the package: >>>>>> >>>>>> The GUI version: autoruns.exe >>>>>> >>>>>> and the Command version: autorunsc.exe >>>>>> >>>>>> Copy the command version (autorunsc.exe) to an easy to find location, >>>>>> for example C:\, then at a Command Prompt run this command: >>>>>> >>>>>> c:\autorunsc >c:\autostart.txt >>>>>> >>>>>> Copy and paste the contents of the c:\autostart.txt to your next post. >>>>>> >>>>>> >>>>>> Be patient after you post the files. I have a busy next few days >>>>>> ahead, I might not be able to get back to you until much later, maybe >>>>>> not before Sunday. >>>>>> >>>>>> John >>>>> Okay, John, I did it pretty well, but with limitations. >>>>> File autorunsc.exe said it unzipped but I couldn't find it. >>>>> I did the unzipping all in one directory and I found the >>>>> autorun.exe but not its command version. So I executed the >>>>> one I found and maybe what I'll send below is what you were >>>>> after. >>>>> >>>>> The file services.txt saved but is EMPTY except for a header line. >>>>> I'll go back and do that again. >>>>> >>>>> Service Name,Start Mode <<<<<<<That's all that the run collected. >>>>> >>>>> >>>>> Meanwhile, here's the other one: >>>>> >>>>>> HKLM\System\CurrentControlSet\Control\Terminal >>>>>> Server\Wds\rdpwd\StartupPrograms >>>>>> rdpclip >>>>>> rdpclip >>>>>> RDP Clip Monitor >>>>>> Microsoft Corporation >>>>>> 5.1.2600.2180 >>>>>> c:\windows\system32\rdpclip.exe >>>>>> ab978e64b3cb5b78842bc2bdae19d0cd (MD5) >>>>>> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1) >>>>>> >>>>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit >>>>>> C:\WINDOWS\system32\userinit.exe >>>>>> C:\WINDOWS\system32\userinit.exe >>>>>> Userinit Logon Application >>>>>> Microsoft Corporation >>>>>> 5.1.2600.2180 >>>>>> c:\windows\system32\userinit.exe >>>>>> 39b1ffb03c2296323832acbae50d2aff (MD5) >>>>>> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1) >>>>>> >>>>>> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell >>>>>> Explorer.exe >>>>>> Explorer.exe >>>>>> Windows Explorer >>>>>> Microsoft Corporation >>>>>> 6.0.2900.3156 >>>>>> c:\windows\explorer.exe >>>>>> 97bd6515465659ff8f3b7be375b2ea87 (MD5) >>>>>> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1) >>>>>> >>>>>> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >>>>>> LXCTCATS >>>>>> rundll32 >>>>>> C:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry(a)16 >>>>>> Lexmark Connect Timer DLL >>>>>> Lexmark International Inc. >>>>>> 1.20.0.0 >>>>>> c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll >>>>>> e9b2e1938b478881a0ce79b6bb9ac31c (MD5) >>>>>> 56d5749513073983c7bfb2fe1cabc88fc73a6726 (SHA-1) >>>>>> >>>>>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>>>> ctfmon.exe >>>>>> C:\windows\system32\ctfmon.exe >>>>>> CTF Loader >>>>>> Microsoft Corporation >>>>>> 5.1.2600.2180 >>>>>> c:\windows\system32\ctfmon.exe >>>>>> 24232996a38c0b0cf151c2140ae29fc8 (MD5) >>>>>> b36d03b56a30187ffc6257459d632a4faac48af2 (SHA-1) >>>> But let me expand about services.txt .... >>>> >>>> In the process of doing that on the clone, it gave an error pane: >>>> "Remote Server machine does not exist or is unavailable. >>>> 'GetObject' code 800A01CE Microsoft VBScript Runtime Error" >>>> >>>> But I did run it on my Master machine and got the following: >>>> >>>>> Service Name,Start Mode >>>>> Alerter,Disabled, >>>>> ALG,Manual, >>>>> AppMgmt,Manual, >>>>> aspnet_state,Manual, >>>>> Ati HotKey Poller,Disabled, >>>>> ATI Smart,Manual, >>>>> AudioSrv,Auto, >>>>> Automatic LiveUpdate Scheduler,Disabled, >>>>> BITS,Manual, >>>>> Browser,Auto, >>>>> CiSvc,Manual, >>>>> ClipSrv,Disabled, >>>>> clr_optimization_v2.0.50727_32,Manual, >>>>> COMSysApp,Manual, >>>>> CryptSvc,Auto, >>>>> DcomLaunch,Auto, >>>>> Dhcp,Auto, >>>>> dmadmin,Manual, >>>>> dmserver,Manual, >>>>> Dnscache,Auto, >>>>> ERSvc,Auto, >>>>> Eventlog,Auto, >>>>> EventSystem,Manual, >>>>> FastUserSwitchingCompatibility,Manual, >>>>> Fax,Manual, >>>>> FontCache3.0.0.0,Manual, >>>>> GEARSecurity,Disabled, >>>>> helpsvc,Auto, >>>>> HidServ,Disabled, >>>>> HTTPFilter,Manual, >>>>> IDriverT,Manual, >>>>> idsvc,Manual, >>>>> Imapi Helper,Manual, >>>>> ImapiService,Manual, >>>>> lanmanserver,Auto, >>>>> lanmanworkstation,Auto, >>>>> LexBceS,Auto, >>>>> LiveUpdate,Manual, >>>>> LmHosts,Auto, >>>>> lxct_device,Auto, >>>>> MBAMService,Disabled, >>>>> MDM,Manual, >>>>> Messenger,Disabled, >>>>> mnmsrvc,Manual, >>>>> MSIServer,Manual, >>>>> NetDDE,Disabled, >>>>> NetDDEdsdm,Disabled, >>>>> Netlogon,Manual, >>>>> Netman,Manual, >>>>> NetTcpPortSharing,Disabled, >>>>> Nla,Manual, >>>>> Norton AntiVirus,Auto, >>>>> Norton Save and Restore,Manual, >>>>> NProtectService,Manual, >>>>> NtLmSsp,Manual, >>>>> NtmsSvc,Manual, >>>>> ose,Manual, >>>>> PlugPlay,Auto, >>>>> PolicyAgent,Manual, >>>>> ProtectedStorage,Auto, >>>>> psqlWGE,Auto, >>>>> RasAuto,Disabled, >>>>> RasMan,Manual, >>>>> RDSessMgr,Manual, >>>>> RemoteAccess,Disabled, >>>>> RpcLocator,Manual, >>>>> RpcSs,Auto, >>>>> RSVP,Manual, >>>>> SamSs,Auto, >>>>> SCardSvr,Manual, >>>>> Schedule,Manual, >>>>> seclogon,Auto, >>>>> SENS,Auto, >>>>> SharedAccess,Auto, >>>>> ShellHWDetection,Auto, >>>>> Speed Disk service,Disabled, >>>>> Spooler,Auto, >>>>> srservice,Auto, >>>>> SSDPSRV,Manual, >>>>> stisvc,Manual, >>>>> SwPrv,Manual, >>>>> Symantec RemoteAssist,Manual, >>>>> SysmonLog,Manual, >>>>> TapiSrv,Manual, >>>>> TermService,Auto, >>>>> Themes,Auto, >>>>> TrkWks,Auto, >>>>> upnphost,Manual, >>>>> UPS,Manual, >>>>> Viewpoint Manager Service,Disabled, >>>>> VSS,Manual, >>>>> W32Time,Auto, >>>>> WebClient,Auto, >>>>> winmgmt,Auto, >>>>> WmdmPmSN,Manual, >>>>> WmiApSrv,Disabled, >>>>> WMPNetworkSvc,Manual, >>>>> wscsvc,Manual, >>>>> wuauserv,Manual, >>>>> WudfSvc,Manual, >>>>> WZCSVC,Auto, >>>>> xmlprov,Manual, >>>> I'd sure like to run that on the clone, but you'll >>>> have to modify the .vbs file so that the error goes away. >>> Let's run everything on a new clone of your master installation. >>> >>> John >> Okay, John, I have the files saved ready to put on a different clone, >> one that has not been stripped down with much of the services >> made manual. >> >> BTW.......if you check my reports, I had the stripped-down clone >> hibernating properly and was re-activating services and the >> first batch of ten or so went fine, and then the next one blew >> it, and so on. But if you want me to switch from Clone1 to Clone2, >> where Clone2 is identical with my Master except for the later >> driver, I will be able to do that tomorrow morning. >> >> Since this is a fresh start, should we start a different thread or >> just <snip>? >> Bill > > |