WIA and hibernation again
William B. Lurie
evidence.
Overnight my system was prevented from going into hibernation
because WIA was invoked every hour, as seen in the Events
Log snip below. I have to assume that WIA is an important
service, but I'd like to know if it can be set so that it is
called every 3 hours instead.
3/18/2010 4:41:49 AM Service Control Manager Information None 7036
N/A COMPAQ-2006 The Windows Image Acquisition (WIA) service entered the
running state.
3/18/2010 3:40:32 AM Service Control Manager Information None 7036
N/A COMPAQ-2006 The Windows Image Acquisition (WIA) service entered the
running state.
3/18/2010 2:39:15 AM Service Control Manager Information None 7036
N/A COMPAQ-2006 The Windows Image Acquisition (WIA) service entered the
running state.
3/18/2010 1:37:56 AM Service Control Manager Information None 7036
N/A COMPAQ-2006 The Windows Image Acquisition (WIA) service entered the
running state.
3/18/2010 1:37:52 AM Tcpip Information None 4201 N/A COMPAQ-2006 The
system detected that network adapter
\DEVICE\TCPIP_{D5E50A75-4A1C-4421-A5B4-569C9FE131B8} was connected to
the network, and has initiated normal operation over the network adapter.
3/18/2010 12:36:37 AM Service Control Manager Information None 7036
N/A COMPAQ-2006 The Windows Image Acquisition (WIA) service entered the
running state.
*****************************************************************
Note above: WIA entered running state every hour.
*****************************************************************
Details of one of the Events above:
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 3/18/2010
Time: 3:40:32 AM
User: N/A
Computer: COMPAQ-2006
Description:
The Windows Image Acquisition (WIA) service entered the running state.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
3/17/2010 11:17:49 PM Service Control Manager Information None 7036
N/A COMPAQ-2006 The Windows Image Acquisition (WIA) service entered the
running state.
3/17/2010 10:34:01 PM Service Control Manager Information None 7036
N/A COMPAQ-2006 The Windows Image Acquisition (WIA) service entered the
running state.
***********************************************************************
John John - MVP
likes to acquire images. Some multi-function printers refuse to work if
this service isn't running (even if you only print and never scan
anything). You said in another post that you have a web cam somewhere
on your network... I would look in that direction, turn it off and see
what happens.
John
William B. Lurie
and see wha' hoppen. But to me, the key question is,
why every hour? And someplace it has to be *set* as one
hour, where is it, and why can't it be three hours?
Jose
The next time you decide to Hibernate, take a screenshot of your Task
Manager so we can see what is running.
There are lot's of things that are set to "do things" periodically -
too many to list.
You could also have a Schedule Task added by one of many software
packages.
Right click the Taskbar, choose Task Manager and select the Processes
tab.
Click View, Select Columns, check the box that says: Virtual Memory
Size. Expand the width of the Task Manager box so you can see all the
columns and processes.
Double click a column heading in TM to sort by the column. For
example, sort Task Manager by the CPU or Virtual Memory size column.
Take a screenshot of what you see in Task Manager (see below for
instructions).
Browse yourself over to where your Scheduled Tasks are:
c:\windows\tasks
Change the view to a Detailed View if it is not already (View,
Details)
Take a screen shot of the contents of that folder in Details view with
the columns widened (especially the Schedule column) so they make
sense and are readable.
To create and email/post/print a screenshot:
Press the Print Scrn button to copy your entire screen to the Windows
clipboard.
Press Alt Print Scrn to copy just the active window to the Windows
clipboard.
Open MS Paint:
Start, Program Accessories, Paint
When Paint opens, press CTRL-V to paste the clipboard, save the new
Paint file to your desktop or someplace you can remember. JPG files
take up less hard disk space than BMP files and just as readable.
Make as many screenshots as you need. Practice makes perfect. Be
careful your screenshot does not contain any personal information.
Practice viewing your images before you upload them to be sure they
are okay.
Some sites will let you attach a file directly to your post. If the
site has some kind of attachment/upload function it is usually easiest
just to use it.
If there is no such function in your message board to upload files
(there is not here), then use a free third party image hosting WWW
site.
Create a free account on some free picture hosting web site. You can
always remove your account later if you want. Here are some free
image hosting sites:
http://www.imageshack.us/
http://photobucket.com/
Using your free account, upload your screenshot(s) (the JPG or BMP
files) to the site and it will return to you a URL web address (a
Direct Link) for your new image(s) which you can paste the Direct Link
in a message post, email, etc.
When you are done, what you post for others to use should look
something like this:
http://img96.imageshack.us/img96/6530/taskmanagerv.jpg
So, what we need in return is two links to two screenshots!
Jose
Oh yeah - let's see your startup info screenshot too:
Download CCleaner, install it, run it, click Tools, Startup and drag
the columns around so all the Startup items are easy to see on one
screen.
CCleaner is good for this since it shows more information in a bigger
display and CCLeaner has other useful functions you can check out
later. You can uninstall CCleaner later if you don't use it.
Get CCleaner here:
Here is mine:
William B. Lurie
> CCleaner is good for this since it shows more information in a bigger
> display and CCLeaner has other useful functions you can check out
> later. You can uninstall CCleaner later if you don't use it.
>
> Get CCleaner here:
>
> http://www.ccleaner.com/
>
> Here is mine:
>
> http://img100.imageshack.us/img100/6969/ccleanerstartup.jpg
(snip)
Jose, thanks mucho for all the instructions (which I have
printed out, and snipped). I did CCleaner, and have family
obligations for the next few days and may not get to do what
you asked. But it will be my priority in a few days. Stay loose.
William B. Lurie
Jose, I think I got the shots you asked for.
Please check these and let me know if they are useful:
http://bellsouthpwp.net/b/i/billurie/shot4.jpg
http://bellsouthpwp.net/b/i/billurie/shot5.jpg
William B. Lurie
I didn/t ignore your request about Scheduled asks.
There was one back in 2009. The when column reads Never.
I use Gadwin to make screen shots. Can be .bmp .jpg or .gif.
Let me know if you could read mine.
Jose
I can see them just fine. I would like to get a CClearner shot though
when you have time.
William B Lurie - you have a lot of things running. You should get
yourself a boring system like mine.
I am going to have to noodle out an understandable strategy and with
your 2 hour wait and see if I can Hibernate setting, figuring it out
could take a lot of clock time - waiting. When it does work, I don't
want to be anywhere around for my personal safety.
Or, switch to one hour!
William B. Lurie
120 MB of trash. Is there something more I should do? I will
have time sporadically.
Switching to one hour might be the practical engineer's solution,
but the scientist wants to know *why*.
Jose
I posted how to collect the Startup info from CCleaner and an
example. It is just easier to read.
Being a Hibernator myself, I would be curious to know why you wait 2
hours. It should work of course (as far as I know), but that is a
long time.
Are you thinking that you might miss something - an incoming message
of some sort, a Skype call, etc.
I want to know what the problem is too and if I had it, I would really
try to fix it, but you have a lot of stuff running and trying to sort
it out to which item might be checking for something to do every hour
will take either a process of elimination (disable some, wait, disable
more, wait, eetc.) trial and error or researching every item you have
running. Not impossible, but time consuming.
There is no way I am going to install all that stuff to try it. As
some other poster says: :D
In theory, your system should be fine with zero startup items. Take a
look at my CCleaner startup and Task Manager. But my computer life on
this box is very calm!
If you disable all the Startup items in msconfig, you may not be able
to do some things, missing some items in your system try for a while
when you are testing with the programs not loaded, but you could
disable them all, reboot then see what happens in two hours. You may
get some complaining messages, but does hibernate work now? If it
still doesn't work, we will know it is something else and can look
elsewhere.
Right now I see you can disable realsched, Reader_sl, ctfmon (unless
you are using a multilingual interface), dumprep, ACLMTR, STTask,
VProTray to start. You don't "need" them to survive and they are not
your hibernation problem (I don't think) but they are things you can
eliminate from the equation - at least temporarily. Then you will
have 7 less possibilities - but it will take you 2 hours to find out.
If it doesn't work, do some more.
Plus you have a pesky empty Startup item and we can fix that easily
later.
Let's say you just disable 5 and test. No good? Do 5 more and test
again. Works now? Turn 1 of the last 5 on and test again. Sooner or
later (hours later), you will find the culprit. Maybe you can Google
(yes it is now an official verb in the English language) the items to
help you see what they do, if they are on some auto update/check thing
and if you can do without them - at least for testing.
You have many, many variables and the process of elimination may take
less time than researching individual items to find out what they do.
When you find the one that prevents hibernation, research that one and
figure out if you can change it. If you can't figure out what it is,
figure out what it's not.
William B. Lurie
> Let's say you just disable 5 and test. No good? Do 5 more and test
> again. Works now? Turn 1 of the last 5 on and test again. Sooner or
> later (hours later), you will find the culprit. Maybe you can Google
> (yes it is now an official verb in the English language) the items to
> help you see what they do, if they are on some auto update/check thing
> and if you can do without them - at least for testing.
>
> You have many, many variables and the process of elimination may take
> less time than researching individual items to find out what they do.
> When you find the one that prevents hibernation, research that one and
> figure out if you can change it. If you can't figure out what it is,
> figure out what it's not.
>
Jose, my work on this will continue but very sporadic until
after Sunday, because we have a daughter and 30-year old granddaughter
visiting us and sharing the computer until then. Your advice is sound
and welcome and I started with the 7 you listed, overnight, taking
them out of startup. Was no help. But I'll be back.
I like to snip off a bunch of older stuff, so if anybody objects,
let me know.
William B. Lurie
Continuing on, since the computer is available, I have disabled many
of the items, leaving only 3 questionable "user" items in the
TaskManager list. I have to track down, for one thing, why
RealSched keeps coming back onto the startup list even when I
uncheck it. Not vital, because for the 2-hour test, I can just
delete it from RAM.
There is RTHDCPL.EXE which is some kind of Windows Audio program
which I can uncheck for these tests.
And there is RecGuard which also keeps coming back when I uncheck it.
Maybe you can advise me on those. Anyway, I still have a running system
with darn near everything that is "Compaq User" and suspicious in the
Task List, unchecked and not in RAM
William B. Lurie
And further!!!!
ISUSPM.exe and ISSCH.EXE ...
Install Shield Update Service!!! And Scheduler!!!!
It obviously runs without being asked to by *me*.
I have searched but can't find out what the built-in parameters are.
Maybe one of them runs every hour!!!!
Anybody got any suggestions of built-in, hard-wired
'helpful' programs, like these, that maybe run every hour?
Bill P
Isuspm.exe is a program which may have been installed by you when you
installed other software programs. The actual disk location is shown below
for you, so you can always verify the location of the file to make sure it
is not spyware or adware, as the file should be located in the proper folder
and not elsewhere. This is a program which is from a company called
Macrovision. The purpose of this isuspm.exe software program is to check for
the latest updates from Macrovision products. This can be removed from your
startup if you wish to check for updates yourself manually. This file is
considered safe and is not considered spyware, adware, or virus related.
Visit isuspm.exe for complete information on this task or process. If you
would like help on other tasks or processes, you can view the entire process
and task directory here.
What is the isuspm.exe location, where is it stored on my computer?
This file will be found on your hard drive at
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe "
"Purpose of this file:
Issch.exe is a program that part of an installshield utility. The exact disk
location where it should be stored on your computer is also shown below to
verify it is not spyware, as many spyware programs use similar names and
just locate them elsewhere on your hard drive. Always check the proper disk
location of your programs if you are concerned that they may be spyware or
virus. This issch.exe programs purpose is to keep the software up to date.
Basically it checks for new versions and is not necessary to always run in
your system startup. This file is considered safe and is not spyware or
adware related. Visit issch.exe for complete information on this task or
process. If you would like help on other tasks or processes, you can view
the entire process and task directory here.
What is the issch.exe location, where is it stored on my computer?
This file will be found on your hard drive at
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe "
Just some info that Google threw up.
William B. Lurie
These two say they do updating and scheduling, and it is
just such intrusion that I'm trying to track down.
Even though it is a .exe, and they cleaim info is available
there, I can't manage to extract any. Maybe if I go to their
source, Macrovision.....
Bill P
"William B. Lurie" <bill...@nospam.net> wrote in message
news:OhWPys4x...@TK2MSFTNGP04.phx.gbl...
And they can both be stopped from running in your startup system.
William B. Lurie
And I can't stop them from running in the startup program. It's
half a day later, but I couldn't do anything with them. Tried to run
them manually from command prompt and couldn't. But see below.
Maybe Tcpip is leading somewhere.
William B. Lurie
(snip)
> Let's say you just disable 5 and test. No good? Do 5 more and test
> again. Works now? Turn 1 of the last 5 on and test again. Sooner or
> later (hours later), you will find the culprit. Maybe you can Google
> (yes it is now an official verb in the English language) the items to
> help you see what they do, if they are on some auto update/check thing
> and if you can do without them - at least for testing.
>
> You have many, many variables and the process of elimination may take
> less time than researching individual items to find out what they do.
> When you find the one that prevents hibernation, research that one and
> figure out if you can change it. If you can't figure out what it is,
> figure out what it's not.
>
"Compaq-Owner", except for what I feel is one HP necessity.
And my StartupList I cleared out, too. See these:
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4201
Date: 3/19/2010
Time: 4:27:51 PM
User: N/A
Computer: COMPAQ-2006
Description:
The system detected that network adapter
\DEVICE\TCPIP_{D5E50A75-4A1C-4421-A5B4-569C9FE131B8} was connected to
the network, and has initiated normal operation over the network adapter.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 69 10 00 40 ....i..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
What happens every hour is identified.
Now look at the Task Manager.
http://bellsouthpwp.net/b/i/billurie/taskmgr1.jpg
What next?
Jose
Uncheck ISUSPM - that is the InstallShield stuff which does want to
run and look for updates periodically. It is configurable, but wants
to look once a day. That could mean after 1 hour of idle, it checks.
You can change it, but I would uninstall it, but you will have to look
for it yourself to see how to do these things. Look in Add/Remove
Programs.
Reboot and if those processes are still running in TM, terminate them.
Where is that CCcleaner Startup screenshot!?
William B. Lurie
Here's the way it is now. ope you can read it.
BTW, CCcleaner, when I ran
it yesterday, cleaned out the "Run" places that I like to keep.
You say those files are configurable, but I don't know how.
I don't think I'll find them in Add/Remove.....
William B. Lurie
I see that ISUS and a few others got put back in my startup list.
I have removed them again. I hope you can work with the really
sanitized status that I sent before, and which it now has again.
Jose
Almost. We need to see the Startup info:
Click Tools, Startup and drag the columns around so all the Startup
items are easy to see on one screen. CCleaner is good for this since
it shows more information in a bigger display and CCLeaner has other
useful functions you can check out later. You can uninstall CCleaner
later if you don't use it.
Example:
http://img100.imageshack.us/img100/6969/ccleanerstartup.jpg
I could not find the correct way to uninstall the silly InstallShield
thing and if it was me, I would not worry about trying to configure
it, I would uninstall it. I will look some more. It wants to update
once a day (at least) and will probably wait for an idle time and one
hour sounds good, huh?
Check in msconfig Service tab, Hide All Microsoft Services. What is
left are things you or your other programs have installed. If you see
any of that IS stuff there, disable it and reboot. I can't recall in
recent memory when I have see that stuff in TM and I have looked at a
lot of TMs. If something goes wrong, you can put stuff back through
msconfig - that is what it is there for (troubleshooting).
Check TM again after reboot - if you still see them, terminate them,
then wait your 2 hours, or check Event Viewer in 1+ hours for those
messages and I'll look for the best way to uninstall it even if I have
to install it myself (probably). From what I read, it is all
ridiculous crapola leftover from some other program that uses IS to
install itself. Their original WWW page is unhooked.
Most people have an IS folder here which is "normal" (enable show
hidden files and folders):
C:\Program Files\InstallShield Installation Information
I have an UpdateService folder, but my UpdateService folder is empty.
Maybe I uninstalled it years ago when my XP was coming together. That
would be just like me.
William B. Lurie
(snip)
Well, I think I'm getting more used to CCcleaner.....see these:
http://bellsouthpwp.net/b/i/billurie/cc1a.jpg
http://bellsouthpwp.net/b/i/billurie/cc1b.jpg
Clearing everything except HPBootop from Startup list, rebooting,
cleaning everything in the User list (except the HP item) but
not touching System items..... I find that rebooting causes issch.exe
and realsched.exe and ISUSPM to be placed back in Startup again,
every time. While booting up, I watch
TM and I see that agent.exe goes into operation, and then
disappears. Maybe that file gets executed and does these nasty
things.
Anyway, I did find the IS folder, but it has a few dozen lines that
look like Registry entries but nothing that looks like a .exe or
the like. I'd be willing to disable ISUSPM ..... but first I gotta
find the rascal.
Bill P
"William B. Lurie" <bill...@nospam.net> wrote in message
news:%23qSVgDF...@TK2MSFTNGP05.phx.gbl...
This is where it is :-
What is the isuspm.exe location, where is it stored on my computer?
This file will be found on your hard drive at
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe "
Bill
Jose
That's looking pretty good. You are getting the hang of it now!
Next time, sort CCcleaner by the Enabled field by clicking the column
heading so all the Yes items are at the top. Don't care about the No
items. Drag the column headings so you can see more (make them
wider). What you have is okay, but it will be more readable when you
learn how to sort the columns and drag the column widths around so it
is just wide enough to show all the characters - especially the File
column. See my example - nice and wide, takes up the whole screen,
then take the screen shot.
If you see those IS things after reboot, just end them and realsched
too. If something goes wrong just reboot and they will start up.
Ending or disabling does not equal uninstalling. You are just trying
to figure out what is keeping you from Hibernating, then you can
figure out what to do about it when you know what it is. Kill
whatever is suspicious and wait.
I can't find a system with that IS junk on there, so I will have to
figure out how to install it. You could just rename the executables
where Bill P is pointing, and that may give you some error, but they
won't start anymore! Check the Services tab in msconfig too and see
if they are disableable. Can't find in in Add/Remove either?
William B. Lurie
have taken a half dozen files, including realsched.exe, agent issch
ISUSPM and just left hem in place, with their extension changed to .EXX ...
As we agreed, it takes hours to let it run and go to hibernate and
then bring it out to see if it's clean... but fortunately my house
guests are out on other ventures in a strange land (South Florida) and
I have time. When they're here the computer stays busy/
Hang loose. I think I'm almost ready to graduate from your tutoring
course.
William B. Lurie
William B. Lurie wr
(snip)
> Jose, except for refining what CC shows, I've been following you and I
> have taken a half dozen files, including realsched.exe, agent issch
> ISUSPM and just left hem in place, with their extension changed to .EXX
> ...
>
> As we agreed, it takes hours to let it run and go to hibernate and
> then bring it out to see if it's clean... but fortunately my house
> guests are out on other ventures in a strange land (South Florida) and
> I have time. When they're here the computer stays busy/
>
> Hang loose. I think I'm almost ready to graduate from your tutoring
> course.
Well, a new status report. See my current TM and Startup.
http://bellsouthpwp.net/b/i/billurie/cc322.JPG
http://bellsouthpwp.net/b/i/billurie/tm322.JPG
I think they are cleaned of just about everything that
I can deactivate. Note that in TM there is one Compaq-Owner item
ccSvcHost that the system will not let me delete. BTW,
I have changed WIA to 'disabled' and the bottom line is still
that things happen to prevent hibernate at more than 1 hour.
Here's a sample Event that I can't resolve:
--------------------------------------------------------
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 3/21/2010
Time: 11:16:22 PM
User: N/A
Computer: COMPAQ-2006
Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2
KLIF
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------
This was a System event that occurred when the system should
have been going to hibernation.
I keep telling myself that I should just live with hibernate
set at 1 hour, but the scientist in me refuses to give up.
Unknown
work on. I am setting my hibernate time to two hours to see if I may have
the same problem. Will let you know.news:%23Ihdlpb...@TK2MSFTNGP04.phx.gbl...
William B. Lurie
Okay, I'll stay active in this project as long as people continue
to be helpful. As you've read in the thread, Jose has steered me
in the right direction. Getting rid of unnecessary clutter, that
supposedly was designed to make things easier and more automatic
for the user, sometimes have unwanted effects. And never
furnishing satisfying explanations as to why they are there, and
preventing the user to clean them out, is a constant annoyance.
Some of the MVP big guns can be great, though.
I have deactivated and prevented from loading a dozen files, all
having been seen in the Task Manager as resident in RAM and as
having been requested by Compaq-Owner (that's me). But there are
a dozen there that are loaded by "System", and I don't dare stop
those from loading, certainly not without some good advice.
Right now I'm waiting for Jose's next advice.
William B. Lurie
I just uploaded one item from the Event Log that I wish
somebody would interpret for me, and tell me how to stop
from happening. It, too, is interfering with hibernate:
http://profile.imageshack.us/user/billurie
Jose, please let me know if the URL above is correct;
it may need /event322.jpg or something similar added.
Unknown
nothing to work with.
I do not have any cameras. Sorry.news:%23QfmK9c...@TK2MSFTNGP02.phx.gbl...
William B. Lurie
Thanx for tryimg, UN. My camera is deactivated and none of its
software loaded......Good luck.
Unknown
William B. Lurie
But I've run out of investigating programs that are shown as
being under my loading control (i.e., non-System, non-
Network Service, non-Local Service) , and the Events that
are recorded are so non-specific that only the insiders can
tell which might have a one-hour repeat built into it. Like,
look at the error event below-----who would know whether
ftsata32 or KLIF are worth investigating, or how to do so?
I'm beginning to get the idea that I may just have to live with
no hibernate setting over 1 hour to be viable on this HP/Compaq
construction of Windows XP.
William B. Lurie
Well, after a few days of not posting anything, I'd like to
show a status report. I have a great, clean, system, with all sorts
of things no longer cluttering up the Startup menu and the Task
Manager. I have WIA started and Automatic, and hibernate set to
2 hours........and Events Log show that every hour, WIA causes
an event so that it *never* goes to hibernate. Here's one event:
*******************************************************
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Date: 3/24/2010
Time: 5:40:58 PM
User: N/A
Computer: COMPAQ-2006
Description:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
*********************************************************
It's obviously set *somewhere* at 1 hour. How do I get it
changed to 3 hours?
William B. Lurie
> Well, after a few days of not posting anything, I'd like to
> show a status report. I have a great, clean, system, with all sorts
> of things no longer cluttering up the Startup menu and the Task
> Manager. I have WIA started and Automatic, and hibernate set to
> 2 hours........and Events Log show that every hour, WIA causes
> an event so that it *never* goes to hibernate. Here's one event:
> *******************************************************
> Event Type: Information
> Event Source: Service Control Manager
> Event Category: None
> Event ID: 7036
> Date: 3/24/2010
> Time: 5:40:58 PM
> User: N/A
> Computer: COMPAQ-2006
> Description:
> The Windows Image Acquisition (WIA) service entered the running state.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> *********************************************************
> It's obviously set *somewhere* at 1 hour. How do I get it
> changed to 3 hours?
A closer look at services.msc shows, on expanding WIA, that its
executable is at Windows\system32\svchost.exe-k imgsvc .....
I'd appreciate it if one of those who know, would please lead
me to (or give me) instructions for modifying that executable
so that it kicks in every 3 hours instead of every hour.
John John - MVP
The service isn't starting of its own, it's starting because *something
else* is asking it to start. Sometime ago I gave you two commands to
get the list of running programs and services when the machine boots,
can you run them again and post the results? Reboot the machine and
then run these three commands at a Command Prompt, pressing enter after
each:
net start > c:\test.txt
tasklist /svc >> c:\test.txt
c:\test.txt
Copy and paste the contents of the notepad file to your next post.
Please note the single redirector (>) in the first command and the
double one (>>)in the second command.
John
William B. Lurie
These Windows services are started:
Application Layer Gateway Service
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
LexBce Server
lxct_device
Network Connections
Network Location Awareness (NLA)
Norton AntiVirus
Pervasive PSQL Workgroup Engine
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
Speed Disk service
SSDP Discovery Service
System Event Notification
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Viewpoint Manager Service
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation
The command completed successfully.
The second one gave the error pane saying:
Windows cannot find tasklist ..........
What did I do wrong?
John John - MVP
> The second one gave the error pane saying:
>
> Windows cannot find tasklist ..........
> What did I do wrong?
This was discussed in our thread a few weeks ago and at that time you
had gotten it to work. Here is a refresher.
Tasklist is included with Windows XP Professional but it isn't included
in XP Home. Download Tasklist.exe here:
http://www.computerhope.com/download/winxp/tasklist.exe
(Direct download link)
Download the file and place it in your C:\Windows\System32 folder.
Reboot the computer and run the command just after the reboot, we want
an accurate list of what is running just after the machine is booted and
before you start or run anything else.
John
William B. Lurie
you asked (and I don't recall ever seeing your earlier request, but
I could have missed it. I sure didn't ignore it on purpose).
**********************************************************
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1200 N/A
csrss.exe 1284 N/A
winlogon.exe 1316 N/A
services.exe 1360 Eventlog, PlugPlay
lsass.exe 1372 ProtectedStorage, SamSs
svchost.exe 1528 DcomLaunch, TermService
svchost.exe 1616 RpcSs
svchost.exe 1784 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc, lanmanserver,
lanmanworkstation,
Netman, Nla, RasMan, seclogon, SENS,
SharedAccess, ShellHWDetection,
TapiSrv,
Themes, TrkWks, W32Time, winmgmt,
WZCSVC
svchost.exe 1872 Dnscache
svchost.exe 244 LmHosts, SSDPSRV
LEXBCES.EXE 376 LexBceS
spoolsv.exe 544 Spooler
LEXPPS.EXE 576 N/A
explorer.exe 820 N/A
svchost.exe 940 WebClient
lxctcoms.exe 992 lxct_device
ccSvcHst.exe 1040 Norton AntiVirus
w3dbsmgr.exe 1444 psqlWGE
NOPDB.exe 1860 Speed Disk service
ViewpointService.exe 160 Viewpoint Manager Service
ccSvcHst.exe 2572 N/A
alg.exe 4056 ALG
hpsysdrv.exe 2192 N/A
EditPadLite.exe 3112 N/A
cmd.exe 1468 N/A
ntvdm.exe 3152 N/A
tasklist.exe 3092 N/A
wmiprvse.exe 3288 N/A
John John - MVP
This list was taken right after a reboot? I wonder what 16-bit/DOS
application would be running (inside the NTVDM) when you boot the machine...
John
William B. Lurie
I think I may have had to run the commands
from the actual DOS prompt (i.e., Start>Run>cmd);
I couldn't find the files created by putting the commands
into the Run>command window and executing from there.
I'll try to do it again, now, and generate a new set.
Yes, I'll reboot first.
William B. Lurie
John wrote:
(snip)
>>
>> This list was taken right after a reboot? I wonder what 16-bit/DOS
>> application would be running (inside the NTVDM) when you boot the
>> machine...
>>
>> John
> I'll do it again, John, if you ask me to.
> I think I may have had to run the commands
> from the actual DOS prompt (i.e., Start>Run>cmd);
> I couldn't find the files created by putting the commands
> into the Run>command window and executing from there.
>
> I'll try to do it again, now, and generate a new set.
> Yes, I'll reboot first.
I did the following immediately after reboot, by going
to cmd DOS prompt, the C:\ and
net start > c:\test326a.txt
enter
tasklist /svc > c:\test326b.txt
enter
And now I will copy and paste the two .txt files here.
> These Windows services are started:
>
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1200 N/A
csrss.exe 1280 N/A
winlogon.exe 1312 N/A
services.exe 1356 Eventlog, PlugPlay
lsass.exe 1368 ProtectedStorage, SamSs
svchost.exe 1532 DcomLaunch, TermService
svchost.exe 1628 RpcSs
svchost.exe 1796 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc, lanmanserver,
lanmanworkstation,
Netman, Nla, RasMan, seclogon, SENS,
SharedAccess, ShellHWDetection,
TapiSrv,
Themes, TrkWks, W32Time, winmgmt,
WZCSVC
svchost.exe 1868 Dnscache
svchost.exe 244 LmHosts, SSDPSRV
LEXBCES.EXE 392 LexBceS
spoolsv.exe 552 Spooler
LEXPPS.EXE 584 N/A
explorer.exe 832 N/A
svchost.exe 944 WebClient
lxctcoms.exe 996 lxct_device
ccSvcHst.exe 1044 Norton AntiVirus
w3dbsmgr.exe 1520 psqlWGE
NOPDB.exe 1824 Speed Disk service
ViewpointService.exe 2028 Viewpoint Manager Service
ccSvcHst.exe 2540 N/A
alg.exe 4080 ALG
cmd.exe 2256 N/A
hpsysdrv.exe 2348 N/A
tasklist.exe 2644 N/A
wmiprvse.exe 2676 N/A
Over to you, John.
John John - MVP
If I understand correctly, you have the machine set to hibernate after 2
hours of inactivity but it can't enter the hibernation state because
something keeps it awake...
This is what I would try:
Reboot the machine and don't do anything whatsoever after it boots,
leave it alone for the time set for hibernation and see if it does
hibernate.
If it doesn't hibernate I would then try a clean boot and once again not
touch the machine for the set time and see if it does hibernate.
http://support.microsoft.com/kb/310353
How to configure Windows XP to start in a "clean boot" state
John
William B. Lurie
the following additional clarification:
If hibernate is set for 2 hours.....it will not.
If set for 1 hour.......it does.
Later today I'll do as you say above, for the 2 hour test.
William B. Lurie
>
> hours of inactivity but it can't enter the hibernation state because
> something keeps it awake...
>
> This is what I would try:
>
> Reboot the machine and don't do anything whatsoever after it boots,
> leave it alone for the time set for hibernation and see if it does
> hibernate.
>
> If it doesn't hibernate I would then try a clean boot and once again not
> touch the machine for the set time and see if it does hibernate.
>
> http://support.microsoft.com/kb/310353
> How to configure Windows XP to start in a "clean boot" state
>
> John
but I believe I have installed one of the SP3 'fixes' which
were supposed to fix hibernate problems......
William B. Lurie
>
> hours of inactivity but it can't enter the hibernation state because
> something keeps it awake...
>
> This is what I would try:
>
> Reboot the machine and don't do anything whatsoever after it boots,
> leave it alone for the time set for hibernation and see if it does
> hibernate.
>
> If it doesn't hibernate I would then try a clean boot and once again not
> touch the machine for the set time and see if it does hibernate.
>
> http://support.microsoft.com/kb/310353
> How to configure Windows XP to start in a "clean boot" state
>
> John
John, I followed instructions. Touched NOTHING for 4 hours
(hibernate set at 2). Power-on light on tower was flashing
and it never went to hibernate. I'll read the Clean Boot instructions
again. Last time I thought it was quite an effort, but this is
this time. Maybe this evening.
Unknown
William; I compared my services with yours since my system does not fail to
hibernate.
I'll post the differences. Do a Google search for 'viewpoint manager
services'. Looks suspicious.
I would also suspect Norton AntiVirus.
Differences (not on my system) are:
LexBce Server
lxct device
Norton AntiVirus-------I would definately get rid of this.
Pervasive PSQL Workgroup Engine
Speed Disk Service------Part of Norton
Viewpoint Manager Service
"William B. Lurie" <bill...@nospam.net> wrote in message
news:OPnYAYRz...@TK2MSFTNGP02.phx.gbl...
William B. Lurie
Dear Unk:
Thanks for working with me. I'll let John comment more on
your list, but Norton Anti-Virus is my main protection and
I don't leave home without it. I could, of course, disconnect from
the phone line and disable it to see if somehow that's the cause.
One thing at a time.....
William B. Lurie
I took another small step, John. I like to try new things on my Clone
system before I take a chance with my Main Drive......so I printed
out KB310353 and followed its Method 2 on my clone system. It was very
easy, and I did it and immediately went away for 2-3/4 hours ......and
when I returned, the power light on my tower was blinking, the screen
was on, and was not even in Screen Saver mode, which to me means that
some Event occurred. It goes to Screen Saver at 10 minutes. I undid the
msconfig changes and returned here, to my Master Drive.
So I would judge that Clean Boot didn't show any difference. What's
your next advice?
John John - MVP
Take a look in the Event Viewer and see if anything relevant is logged.
Check the log on the clone too.
John
William B. Lurie
it told a noteworthy story. But, because I, too, am suspicious that
the Norton AV software is a likely suspect, I made a different test
overnight, on this Master system.
I disabled all Norton/Symantec entries in the services.msc list,
disconnected from the phone line, and let it try to go to sleep
at 10 P.M...... and when I checked nine hours later, the power
light on the tower was flashing. So I immediately copied and
saved the 3 pages in the Events Log, and will paste them in below.
I was disappointed in a way, at not seeing the every-hour intervention,
and I don't know if it's good news or not. What's your take on it?
(I'm sorry for the length of the post; I haven't worked out the
free uploading thing yet).
But the overnight Events Log is surprisingly bare; maybe that does point
the accusing finger at the Norton software. I can repeat that test
overnight with just that one difference.
Note the usual 7026 error when booting at 6:50 this morning,
that I've mentioned before, and nothing else.
I really ought to do the clean boot thing again on the clone, and
record the Events Log.
> Type Date Time Source Category Event User Computer
> Information 3/27/2010 6:49:21 AM Norton AntiVirus None 35 SYSTEM COMPAQ-2006
> Information 3/27/2010 6:49:19 AM Norton AntiVirus None 34 SYSTEM COMPAQ-2006
> Information 3/27/2010 6:45:45 AM SecurityCenter None 1800 N/A COMPAQ-2006
> Information 3/27/2010 6:44:02 AM Viewpoint Manager Service None 0 N/A COMPAQ-2006
> Information 3/27/2010 6:43:11 AM Norton Save and Restore Medium Priority 100 N/A COMPAQ-2006
> Information 3/27/2010 6:42:26 AM Norton AntiVirus None 35 SYSTEM COMPAQ-2006
> Information 3/27/2010 6:42:25 AM Norton AntiVirus None 34 SYSTEM COMPAQ-2006
Type Date Time Source Category Event User Computer
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 849 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:04 AM Security Policy Change 848 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:50:02 AM Security Privilege Use 576 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:50:02 AM Security Logon/Logoff 528 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:53 AM Security Privilege Use 576 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:53 AM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:46 AM Security Privilege Use 576 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:46 AM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:44 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:39 AM Security Privilege Use 576 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:39 AM Security Logon/Logoff 528 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:21 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:15 AM Security Logon/Logoff 540
ANONYMOUS LOGON COMPAQ-2006
Success Audit 3/27/2010 6:49:12 AM Security Privilege Use 576 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:12 AM Security Logon/Logoff 528 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:06 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:06 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:06 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:05 AM Security Policy Change 806 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:04 AM Security Privilege Use 576
Compaq_Owner COMPAQ-2006
Success Audit 3/27/2010 6:49:04 AM Security Logon/Logoff 528
Compaq_Owner COMPAQ-2006
Success Audit 3/27/2010 6:49:04 AM Security Account Logon 680 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:04 AM Security Logon/Logoff 538
Compaq_Owner COMPAQ-2006
Success Audit 3/27/2010 6:49:04 AM Security Privilege Use 576
Compaq_Owner COMPAQ-2006
Success Audit 3/27/2010 6:49:04 AM Security Logon/Logoff 528
Compaq_Owner COMPAQ-2006
Success Audit 3/27/2010 6:49:04 AM Security Account Logon 680 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:02 AM Security Privilege Use 576 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:02 AM Security Logon/Logoff 528 LOCAL
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:02 AM Security Privilege Use 576 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:02 AM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security Privilege Use 576 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 518 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 514 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 514 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 514 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 514 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 514 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 514 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:49:01 AM Security System Event 514 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:47:55 AM Security System Event 513 SYSTEM
COMPAQ-2006
Success Audit 3/27/2010 6:47:48 AM Security Logon/Logoff 551
Compaq_Owner COMPAQ-2006
Success Audit 3/26/2010 10:29:50 PM Security System Event 517 SYSTEM
COMPAQ-2006
Type Date Time Source Category Event User Computer
Information 3/27/2010 7:02:21 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 7:02:20 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 7:00:55 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 7:00:55 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7035
Compaq_Owner COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:50:35 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Error 3/27/2010 6:50:35 AM Service Control Manager None 7026 N/A COMPAQ-2006
Information 3/27/2010 6:50:02 AM SRTSP None 2003 N/A COMPAQ-2006
Information 3/27/2010 6:48:47 AM Tcpip None 4201 N/A COMPAQ-2006
Information 3/27/2010 6:49:01 AM eventlog None 6005 N/A COMPAQ-2006
Information 3/27/2010 6:49:01 AM eventlog None 6009 N/A COMPAQ-2006
Information 3/27/2010 6:47:55 AM eventlog None 6006 N/A COMPAQ-2006
Information 3/27/2010 6:45:45 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:45:45 AM Service Control Manager None 7035
Compaq_Owner COMPAQ-2006
Information 3/27/2010 6:44:02 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:44:02 AM Service Control Manager None 7035
Compaq_Owner COMPAQ-2006
Information 3/27/2010 6:42:56 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:42:56 AM Service Control Manager None 7035
Compaq_Owner COMPAQ-2006
Information 3/27/2010 6:42:49 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 3/27/2010 6:42:26 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:42:26 AM Service Control Manager None 7035
Compaq_Owner COMPAQ-2006
Information 3/27/2010 6:41:19 AM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 3/27/2010 6:41:19 AM Service Control Manager None 7035
SYSTEM COMPAQ-2006
William B. Lurie
AntiVirus does do Idle Time Scan. I had it set for "Quarterly" so it
should not have interfered. But with their help, I reset it to *never*
and maybe that will be the answer. I can live with no idle time scans.
So put my other testing on hold while I find out if hibernate now
works right.
Unknown
William B. Lurie
Unknown
William B. Lurie
and went away. Three hours later, it had not gone into hibernation,
and Events Log showed *no* events in that period, but was
obviously alive and recording things. I am of the opinion that
Norton Anti-Virus is not the source of the problem. And I'm not about
to change horses and use MSE (as Unk just suggested). There has to
be a reason why it doesn't hibernate after 2 hours, and the events
log doesn't show it.
I'm going back to Clone, Disable Norton, do a Clean Boot, and let 3
hours go by, and look at Events Log as you suggested, John. I won't
be back on until 1600 EDT.
William B. Lurie
I didn't do it right, and will do it again later this evening. Sorry.
William B. Lurie
I think I did it right this time, John, and it still didn't go to
hibernate, and left events periodically in Events Log. I'll let
it run all night tonight, and have more data in the morning, and will
b extra keerful this time. Mwanwhile, perhaps these are of value:
> These Windows services are started:
>
> Application Layer Gateway Service
> Automatic Updates
> COM+ Event System
> Cryptographic Services
> DCOM Server Process Launcher
> DHCP Client
> Distributed Link Tracking Client
> DNS Client
> Error Reporting Service
> Event Log
> Fast User Switching Compatibility
> Help and Support
> IPSEC Services
> Network Connections
> Network Location Awareness (NLA)
> Plug and Play
> Print Spooler
> Protected Storage
> Remote Access Connection Manager
> Remote Procedure Call (RPC)
> Secondary Logon
> Security Accounts Manager
> Server
> Shell Hardware Detection
> SSDP Discovery Service
> System Event Notification
> Task Scheduler
> TCP/IP NetBIOS Helper
> Telephony
> Terminal Services
> Themes
> WebClient
> Windows Audio
> Windows Firewall/Internet Connection Sharing (ICS)
> Windows Image Acquisition (WIA)
> Windows Management Instrumentation
> Windows Time
> Wireless Zero Configuration
> Workstation
>
> The command completed successfully.
>
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1200 N/A
csrss.exe 1284 N/A
winlogon.exe 1316 N/A
services.exe 1360 Eventlog, PlugPlay
lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 1532 DcomLaunch, TermService
svchost.exe 1632 RpcSs
svchost.exe 1784 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc, lanmanserver,
lanmanworkstation,
Netman, Nla, RasMan, Schedule,
seclogon,
SENS, SharedAccess, ShellHWDetection,
TapiSrv, Themes, TrkWks, W32Time,
winmgmt,
wuauserv, WZCSVC
svchost.exe 1872 Dnscache
svchost.exe 232 LmHosts, SSDPSRV
spoolsv.exe 556 Spooler
explorer.exe 816 N/A
svchost.exe 904 WebClient
svchost.exe 976 stisvc
PrintScreen.exe 1864 N/A
alg.exe 1712 ALG
cmd.exe 1728 N/A
tasklist.exe 652 N/A
wmiprvse.exe 1136 N/A
I am able to send some more before I shut down.
Note the Events Log.....I left it at around 7:48
and came back and saw that it was not going to
hibernate, at 10:36 .... meanwhile please note the
events in betweem which I guess are what caused it not
to hibernate. The 7036's. Maybe you can make something
of this, John. I do think I did it right this time.
> Type Date Time Source Category Event User Computer
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7035 Compaq_Owner COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/27/2010 10:56:32 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Error 3/27/2010 10:56:32 PM Service Control Manager None 7026 N/A COMPAQ-2006
> Information 3/27/2010 10:54:44 PM Tcpip None 4201 N/A COMPAQ-2006
> Information 3/27/2010 10:55:03 PM eventlog None 6005 N/A COMPAQ-2006
> Information 3/27/2010 10:55:03 PM eventlog None 6009 N/A COMPAQ-2006
> Information 3/27/2010 10:36:00 PM eventlog None 6006 N/A COMPAQ-2006
> Information 3/27/2010 10:19:27 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 9:18:02 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 7:48:35 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 7:48:35 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 7:48:35 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/27/2010 7:48:35 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/27/2010 7:48:35 PM Service Control Manager None 7036 N/A COMPAQ-2006
>
William B. Lurie
> Event Type: Information
> Event Source: Service Control Manager
> Event Category: None
> Event ID: 7036
> Date: 3/27/2010
> Time: 9:18:02 PM
> User: N/A
> Computer: COMPAQ-2006
> Description:
> The Windows Image Acquisition (WIA) service entered the running state.
>
> So, are we back to continuing to try to find out what caused
WIA to enter the running state? It was listed as a System
event....and I believe it says the Service Control Manager was
the Source of the event.
Unknown
opened it and disabled auto update?
Could be this service is looking for updates for viewpoint products and
thusly not allowing hibernation.news:%23djV5%23jzKH...@TK2MSFTNGP04.phx.gbl...
William B. Lurie
> Since you have Viewpoint Manager Service started in services, have you
> opened it and disabled auto update?
> Could be this service is looking for updates for viewpoint products and
> thusly not allowing hibernation.
(snip)
Well, I didn't consciously install it, have never intentionally used
it and don't know what it's for, I'll certainly disable it and see
what
that does for me, good or bad. Thanks.
William B. Lurie
And now, John, some new evidence elicited from Clean Booth overnight
run on Clone system, with phone line disconnected:
Note that the first of the questionable Events on System was a
newbie.... Application Layer Gateway Service started.....From
then on, it was every hour, another intrusion calol to WIA.....
Does that tell anything?
> Type Date Time Source Category Event User Computer
> Information 3/30/2010 6:30:57 AM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/30/2010 5:29:47 AM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/30/2010 4:28:29 AM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/30/2010 3:27:11 AM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/30/2010 2:25:53 AM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/30/2010 1:24:35 AM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/30/2010 12:23:17 AM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 11:21:52 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7035 Compaq_Owner COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 3/29/2010 10:20:12 PM Service Control Manager None 7036 N/A COMPAQ-2006
>
> Event Type: Information
> Event Source: Service Control Manager
> Event Category: None
> Event ID: 7035
> Date: 3/29/2010
> Time: 10:20:12 PM
> User: NT AUTHORITY\SYSTEM
> Computer: COMPAQ-2006
> Description:
> The Application Layer Gateway Service service was
successfully sent a start control.
John John - MVP
William B. Lurie wrote:
> William B. Lurie wrote:
>> Unknown wrote:
>>> Since you have Viewpoint Manager Service started in services, have
>>> you opened it and disabled auto update?
>>> Could be this service is looking for updates for viewpoint products
>>> and thusly not allowing hibernation.
>>
>> (snip)
>> Well, I didn't consciously install it, have never intentionally used
>> it and don't know what it's for, I'll certainly disable it and see
>> what
>> that does for me, good or bad. Thanks.
>
> And now, John, some new evidence elicited from Clean Booth overnight
> run on Clone system, with phone line disconnected:
>
> Note that the first of the questionable Events on System was a
> newbie.... Application Layer Gateway Service started.....From
> then on, it was every hour, another intrusion calol to WIA.....
> Does that tell anything?
I'm not so sure that your "Clean Boot" is all that clean... I suspect
that Norton plays a role in the ALG request to the Service Control
Manager. The WIA... I suspect your web cam or your Lexmark printer.
From the clone after you boot do the Net Start and the Tasklist /svc
commands and see what is running when you clean boot.
Also run the AT command, it should return "There are no entries in the
list".
John
William B. Lurie
first how would you suggest I take Lexmark and Webcam out of the
picture?I'd prefer not to uninstall them.....
And I'll run the AT command, but I don't recognize it. I'll do as you
say as soon as I hear from you, but first, this morning's test:
What I have: disabled Viewpoint Mgr and WIA, my phone line was
unplugged, Error Reporting and Event Log set to Automatic, and
then what I thought was Clean Boot, and ran for 3.5 hours....
during which *no* events of any kind were to be found in the
events log. This threw me, but it's what I saw. Now I will have lunch,
followed by what you ask (including clarification of 'AT' please).
John John - MVP
AT will simply let you see if you have any Scheduled Tasks.
John
William B. Lurie
And I'd like to run it... but where, what's its syntax? I can
look at Start>>Control Panal>>Scheduled Tasks to make sure it
is empty.... I'll start the 3-hour run now, assuming I find
it empty. First I'll Clean Boot, then net start and tasklist,
make sure there are no scheduled tasks......
William B. Lurie
Okay, John, but the plot has thickened. First, there are no
scheduled tasks. I looked. I don't allow them, ever. I'm
an I-want-control man.
Now I made a long run on Clone with, I think, everything you
and I were trying to do, and maybe I disabled something that I
shouldn't have. Please look at the following files (you'll know what
they are) and I think the main thing they show is that I disabled
some automatic time check for the first time. I'm not sure where.
But I glean nothing more from these. And the one Event Log that
you see, is the only one of those logs with anything pertinent there.
I'll paste in the files here.
> Type Date Time Source Category Event User Computer
> Error 3/30/2010 9:49:49 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 9:49:49 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 9:04:44 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 9:04:44 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 8:49:44 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 8:49:44 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 8:03:26 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 8:03:26 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 7:48:26 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 7:48:26 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 7:01:58 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 7:01:58 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 6:46:58 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 6:46:58 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 6:00:39 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 6:00:39 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 5:45:39 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 5:45:39 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 4:59:21 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 4:59:21 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 4:44:21 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 4:44:21 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 3:58:03 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 3:58:03 PM W32Time None 17 N/A COMPAQ-2006
> Error 3/30/2010 3:43:04 PM W32Time None 29 N/A COMPAQ-2006
> Error 3/30/2010 3:43:04 PM W32Time None 17 N/A COMPAQ-2006
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 3/30/2010
Time: 9:49:49 PM
User: N/A
Computer: COMPAQ-2006
Description:
The time provider NtpClient is configured to acquire time from one or
more time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes. NtpClient
has no source of accurate time.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
ese Windows services are started:
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation
The command completed successfully.
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1200 N/A
csrss.exe 1284 N/A
winlogon.exe 1316 N/A
services.exe 1360 Eventlog, PlugPlay
lsass.exe 1372 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 1532 DcomLaunch, TermService
svchost.exe 1632 RpcSs
svchost.exe 1800 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc, lanmanserver,
lanmanworkstation,
Netman, Nla, RasMan, Schedule,
seclogon,
SENS, SharedAccess, ShellHWDetection,
TapiSrv, Themes, TrkWks, W32Time,
winmgmt,
wuauserv, WZCSVC
svchost.exe 1932 Dnscache
svchost.exe 244 LmHosts, SSDPSRV
spoolsv.exe 556 Spooler
explorer.exe 788 N/A
svchost.exe 880 WebClient
EditPadLite.exe 912 N/A
cmd.exe 392 N/A
tasklist.exe 1664 N/A
wmiprvse.exe 424 N/A
It's getting kind of lengthy, but I know you want to see it.
Did I do something wrong? What should I restore?
Unknown
not be able to synchronize your time.
Check in control panel 'Date and Time' and use 'tick.usno.navy.mil' as the
time server.
By default the time is synced once a week. But with another
firewall-----?????????
When this is finally solved I'll bet it turns out to be Norton Anti Virus..news:%23wJmnmH...@TK2MSFTNGP05.phx.gbl...
John John - MVP
This is your 'clone' test installation, right?
1- Disable the Windows Time service.
2- Disable the SSDP Discovery Service
You disable these services in the Services Management Console (enter
services.msc in the Start Menu Run box)
John
William B. Lurie
Unknown wrote:
> William; What firewall are you using? If not the Windows firewall you may
> not be able to synchronize your time.
Sorry, unk.....Windows Firewall id rgw *only* firewall I have on.
> Check in control panel 'Date and Time' and use 'tick.usno.navy.mil' as the
> time server.
> By default the time is synced once a week. But with another
> firewall-----?????????
> When this is finally solved I'll bet it turns out to be Norton Anti Virus..
Hardly, unK.....I've been doing all my testing (lately)
in Clean Boot, on my Clone system, with NAV turned off.
William B. Lurie
Can do, John.No other comments? What about the Error in Events Log
about some drivers failing to load, or is that totally unrelated?
John John - MVP
Which drivers failing to load? I haven't seen your post about this...
No other comments now, just disable the services mentioned and see if
the machine can enter the hibernation state after more than one hour idle.
John
Antares 531
hibernate?
Unknown
"Antares 531" <gordonl...@swbell.net> wrote in message
news:q5t6r5ltbd022d8u7...@4ax.com...
Unknown
Curiosity question. Did you at any time alter the time interval for when you
sync your clock?
Check your registry at:
HKEY_LOCAL_MACHINE\System\currentcontrolset\services\w32Time\TimeProviders\NTPclient
in right pane special poll interval is a hexidecimal count in seconds.
For one week (XP default time) it is 0x00093a80 (604800)news:OYzonaO0...@TK2MSFTNGP05.phx.gbl...
William B. Lurie
again, and, as seems to happen every time, something comes up that I
never saw before. But the clock bit went away. Hibernation results...
still the same. See the Events Log. As for the failing to load, I'll
show you that one again. But now....
>
> Image Name PID Services
> ========================= ====== =============================================
> System Idle Process 0 N/A
> System 4 N/A
> smss.exe 1200 N/A
> csrss.exe 1280 N/A
> winlogon.exe 1312 N/A
> services.exe 1356 Eventlog, PlugPlay
> lsass.exe 1368 PolicyAgent, ProtectedStorage, SamSs
> svchost.exe 1528 DcomLaunch, TermService
> svchost.exe 1628 RpcSs
> svchost.exe 1784 AudioSrv, CryptSvc, Dhcp, ERSvc,
> EventSystem, FastUserSwitchingCompatibility,
> helpsvc, lanmanserver, lanmanworkstation,
> Netman, Nla, RasMan, Schedule, seclogon,
> SENS, SharedAccess, ShellHWDetection,
> TapiSrv, Themes, TrkWks, winmgmt, wuauserv,
> WZCSVC
> svchost.exe 1928 Dnscache
> svchost.exe 240 LmHosts
> spoolsv.exe 552 Spooler
> explorer.exe 772 N/A
> svchost.exe 872 WebClient
> mmc.exe 1452 N/A
> EditPadLite.exe 172 N/A
> cmd.exe 1672 N/A
> ntvdm.exe 568 N/A
> tasklist.exe 296 N/A
> wmiprvse.exe 1572 N/A
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 3/31/2010
Time: 1:26:17 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: COMPAQ-2006
Description:
Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Type Date Time Source Category Event User Computer
Success Audit 3/31/2010 1:26:17 PM Security Privilege Use 576 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/31/2010 1:26:17 PM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
Success Audit 3/31/2010 12:09:37 PM Security Privilege Use 576
NETWORK SERVICE COMPAQ-2006
Success Audit 3/31/2010 12:09:37 PM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
These Windows services are started:
Automatic Updates
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
IPSEC Services
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Management Instrumentation
Wireless Zero Configuration
Workstation
The command completed successfully.
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1200 N/A
csrss.exe 1280 N/A
winlogon.exe 1312 N/A
services.exe 1356 Eventlog, PlugPlay
lsass.exe 1368 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 1528 DcomLaunch, TermService
svchost.exe 1628 RpcSs
svchost.exe 1784 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc, lanmanserver,
lanmanworkstation,
Netman, Nla, RasMan, Schedule,
seclogon,
SENS, SharedAccess, ShellHWDetection,
TapiSrv, Themes, TrkWks, winmgmt,
wuauserv,
WZCSVC
svchost.exe 1928 Dnscache
svchost.exe 240 LmHosts
spoolsv.exe 552 Spooler
explorer.exe 772 N/A
svchost.exe 872 WebClient
mmc.exe 1452 N/A
EditPadLite.exe 172 N/A
cmd.exe 1672 N/A
ntvdm.exe 568 N/A
tasklist.exe 296 N/A
wmiprvse.exe 1572 N/A
I think that's the lot. Note that I started it at 12:09 and at 1:26
an event interrupted the hibernation process.
I can show you the details of those two events, if you like.
I don't recall seeing events of that type before. Logon/logoff?
Not by me. Privilege use? Huh?
William B. Lurie
> Curiosity question. Did you at any time alter the time interval for when you
> sync your clock?
> Check your registry at:
> HKEY_LOCAL_MACHINE\System\currentcontrolset\services\w32Time\TimeProviders\NTPclient
> in right pane special poll interval is a hexidecimal count in seconds.
> For one week (XP default time) it is 0x00093a80 (604800)
> "William B. Lurie" <bill...@nospam.net> wrote in message
No, I've never been there. It of course did the Savings Time changeover
with no hitch at all. This problem goes back way beyond 10 days ago.......
William B. Lurie
John:
Here is a typical error which shows up
frequently. I did mention it before.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 3/31/2010
Time: 3:31:04 PM
User: N/A
Computer: COMPAQ-2006
Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2
KLIF
Unknown
is trying to sync your clock
too often then perhaps that would prevent hibernation. Savings time
changeover
would not be affected.news:Ok%2360vQ0...@TK2MSFTNGP06.phx.gbl...
John John - MVP
This is from your 'Clean Boot" on the clone?
Logon Type 5 is a service logon, a service logged on to do a task.
John
William B. Lurie
the clone system, which I Clean Boot every time I make one of
these 3-hour attempts to hibernate. The fact that it is not loading
all of the regular running Startup items is indicated by the
fact that I have about 180 MB of "Current Commit" and not the 400+
that TM shows right now on my Master System. It may have logged on
to do a task, but it was no scheduled task that I can track down,
and I was away from the machine. It sits with a black screen, idle,
with the tower's power-on light flashing, and suddenly the screen
comes on, with my desktop, and the period of waiting for it to go
to hibernation has been interrupted. What next?
I'm not going to look at that clock matter, unless you tell me to.
One thing at a time......
William B. Lurie
setting is indeed as you showed, for SpecialPollInterval.
Back to the drawing board.........
John John - MVP
So we went from 2 hours hibernate to 3 hours... or did I forget to move
my clock ahead... <g>
> ... It may have logged on
> to do a task, but it was no scheduled task that I can track down,
> and I was away from the machine. It sits with a black screen, idle,
> with the tower's power-on light flashing, and suddenly the screen
> comes on, with my desktop, and the period of waiting for it to go
> to hibernation has been interrupted.
Maybe it's a screen saver... make sure that none are selected to run.
> What next?
Philosophy 101... Or disable more unneeded stuff... or look at loaded
modules. It's easier to disable unneeded stuff for now, but if you want
to look at loaded modules copy and paste this in the Start menu Run box
and press <Enter>:
msinfo32 /category SWEnvLoadedModules
If something looks out of whack there, investigate. Modules that are
loaded outside the \Windows path are not needed.
> I'm not going to look at that clock matter, unless you tell me to.
> One thing at a time......
You don't need to bother with the time service, set your clock manually
and keep the time service disabled until you fix the hibernate problem.
You can check the current time here: http://www.time.gov/
So, what's the thing with the 3 hour hibernate... does it hibernate at 2
hours? Or 1 hour?
There are six Windows NT critical services, you have more than thirty
running services. Hibernation (probably) can't run on the six services
but weeding the list probably won't hurt your troubleshooting efforts.
Candidates for outright removal (for troubleshooting set to manual start):
Automatic Updates
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Fast User Switching Compatibility
Network Location Awareness (NLA)
Print Spooler
Remote Access Connection Manager
Secondary Logon
Server
Task Scheduler
TCP/IP NetBIOS Helper
WebClient
Note: The Server service is the biggest hole on your computer. When
this service is running the drawbridge is down. If you don't want
anybody in, pull up the drawbridge. Remote services can't execute if
the Server service is disabled.
John
William B. Lurie
John, the 3 hours is just a typo. Don't sweat it.
I'll set all those to Manual and see if anything changes.
William B. Lurie
Okay, now 0930....Did as suggested. All above now Manual.
Started 6:45 A.M., at 0800 it reverted to Desktop, and at
8:05 monitor was dark and power light flashing. I stopped
it and got following Events, net start and tasklist.
Note one request, that chkdsk/r be run because of corrupt etc.
First time that came around. Note other events, especially at start of run.
> These Windows services are started:
>
> COM+ Event System
> Cryptographic Services
> DCOM Server Process Launcher
> DHCP Client
> Event Log
> Fast User Switching Compatibility
> Help and Support
> IPSEC Services
> Network Connections
> Network Location Awareness (NLA)
> Plug and Play
> Protected Storage
> Remote Access Connection Manager
> Remote Procedure Call (RPC)
> Security Accounts Manager
> Server
> Shell Hardware Detection
> System Event Notification
> Telephony
> Terminal Services
> Themes
> Windows Audio
> Windows Firewall/Internet Connection Sharing (ICS)
> Windows Management Instrumentation
> Wireless Zero Configuration
> Workstation
>
> The command completed successfully.
>
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1200 N/A
csrss.exe 1280 N/A
winlogon.exe 1312 N/A
services.exe 1356 Eventlog, PlugPlay
lsass.exe 1368 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 1536 DcomLaunch, TermService
svchost.exe 1636 RpcSs
svchost.exe 1792 AudioSrv, CryptSvc, Dhcp, EventSystem,
FastUserSwitchingCompatibility,
helpsvc,
lanmanserver, lanmanworkstation,
Netman,
Nla, RasMan, SENS, SharedAccess,
ShellHWDetection, TapiSrv, Themes,
winmgmt,
WZCSVC
explorer.exe 632 N/A
ctfmon.exe 1548 N/A
EditPadLite.exe 1720 N/A
cmd.exe 1808 N/A
tasklist.exe 356 N/A
wmiprvse.exe 228 N/A
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/1/2010
Time: 6:40:36 AM
User: COMPAQ-2006\Compaq_Owner
Computer: COMPAQ-2006
Description:
DCOM got error "The service cannot be started, either because it is
disabled or because it has no enabled devices associated with it. "
attempting to start the service MDM with arguments "" in order to run
the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/1/2010
Time: 6:35:10 AM
User: COMPAQ-2006\Compaq_Owner
Computer: COMPAQ-2006
Description:
DCOM got error "The service cannot be started, either because it is
disabled or because it has no enabled devices associated with it. "
attempting to start the service MDM with arguments "" in order to run
the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Ntfs
Event Category: Disk
Event ID: 55
Date: 4/1/2010
Time: 6:42:47 AM
User: N/A
Computer: COMPAQ-2006
Description:
The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume R:.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0d 00 00 00 02 00 4e 00 ......N.
0008: 02 00 00 00 37 00 04 c0 ....7..�
0010: 00 00 00 00 32 00 00 c0 ....2..�
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 4/1/2010
Time: 6:44:25 AM
User: N/A
Computer: COMPAQ-2006
Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2
KLIF
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Especially note this last one, which has been seen on almost
every run.
John John - MVP
Is that an updated and current list of started Windows services?
You discussed about those two drivers with another poster not too long ago.
ftsata2: Do you now, or did you at any time have a Promise controller
installed?
KLIF: Do you now or did you at any time have Kaspersky AV software
installed on the machine?
The chkdsk message... What do you have stored on volume R?
John
William B. Lurie
>> 0010: 00 00 00 00 32 00 00 c0 ....2..À
>> 0018: 00 00 00 00 00 00 00 00 ........
>> 0020: 00 00 00 00 00 00 00 00 ........
>>
>> Event Type: Error
>> Event Source: Service Control Manager
>> Event Category: None
>> Event ID: 7026
>> Date: 4/1/2010
>> Time: 6:44:25 AM
>> User: N/A
>> Computer: COMPAQ-2006
>> Description:
>> The following boot-start or system-start driver(s) failed to load:
>> ftsata2
>> KLIF
>
>
> Is that an updated and current list of started Windows services?
Yes, John, I generate it anew every time I make one
of these hibernation runs, so that you can see it right
with the Events.
>
> You discussed about those two drivers with another poster not too long ago.
Yes, and now I'll answer your queries:
>
> ftsata2: Do you now, or did you at any time have a Promise controller
> installed?
No, I do not now, and never did. This basic HP machine came with
one hard drive, and cabling and slots for two more, which I
added. I select which drive to run by interrupting boot process
and telling it.
>
> KLIF: Do you now or did you at any time have Kaspersky AV software
> installed on the machine?
No, I have used Norton AV steadily for at least 15 years. From
the days when Norton was impossible to work with, to the present,
where they fix boo-boos by Chat and remote control of their software.
>
> The chkdsk message... What do you have stored on volume R?
Oh, I missed that it was referring to volume R. I have numerous
'restore points' of which that volume is one. I generate these
every month or so, using the Save & Restore feature of Norton
System Works, which used to be PowerQuest Partition Magic. I
keep these in case I have to recreate a system as it was as of
an earlier date). I'll chkdsk it routinely but I think we can
ignore that Event.
>
> Bill L.
Unknown
only go through the process of elimination.
It seems something is calling for the internet about every hour. May I ask
what you mean when you say Norton fixes their Boo-boos by remote control?news:%23AjmLjS...@TK2MSFTNGP04.phx.gbl...
John John - MVP
These system-start driver errors shouldn't affect the ability to
hibernate but you can change their startup type and get rid of the
errors if you want. You will have to change them in the registry at
their respective subkeys in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key , set their
Start Value to 0x3 or 0x4. 0x3 is manual start, 0x4 is disabled.
Or, we can change them at the command prompt if you wish, I need the
results of the following command before I can give you the proper
commands to change the start type:
sc query state= all >c:\sc.txt
Copy and paste the contents of the generated sc.txt file to your next
post, there will be lots of verbiage in the file, post it all.
John
William B. Lurie
Unknown wrote:
> Thanks. Without sitting at your machine and observing various items I can
> only go through the process of elimination.
> It seems something is calling for the internet about every hour. May I ask
> what you mean when you say Norton fixes their Boo-boos by remote control?
Sure. I go to their website and find tech support, for which one option
is one-on-one online chat with their 'analyst'. I describe the problem,
he (she) asks for permission to connect to my machine remotely, I give
it, then he takes control of my cursor as tho' he was sitting in my
chair, clicks and clacks, even downloads new upgrades software,
installs, he and I check that he has fixed the problem, and I terminate
the 'chat' session. The wait isn't usually long, typically 5 to 15
minutes. It's calling for *something* after one hour, which is why it
doesn't reach the 2-hour hibernate, but as for calling the Internet, I
don't know if we've proven that........
William B. Lurie
John John - MVP wrote:
>>>> 0010: 00 00 00 00 32 00 00 c0 ....2..�
Okay, John. I'll do it now on my Master system, saves some time in
rebooting, doing sc on clone, rebooting to Master. Here it is:
>
> SERVICE_NAME: Alerter
> DISPLAY_NAME: Alerter
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ALG
> DISPLAY_NAME: Application Layer Gateway Service
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: AppMgmt
> DISPLAY_NAME: Application Management
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: aspnet_state
> DISPLAY_NAME: ASP.NET State Service
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Ati HotKey Poller
> DISPLAY_NAME: Ati HotKey Poller
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ATI Smart
> DISPLAY_NAME: ATI Smart
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: AudioSrv
> DISPLAY_NAME: Windows Audio
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Automatic LiveUpdate Scheduler
> DISPLAY_NAME: Automatic LiveUpdate Scheduler
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: BITS
> DISPLAY_NAME: Background Intelligent Transfer Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Browser
> DISPLAY_NAME: Computer Browser
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: CiSvc
> DISPLAY_NAME: Indexing Service
> TYPE : 120 WIN32_SHARE_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ClipSrv
> DISPLAY_NAME: ClipBook
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: clr_optimization_v2.0.50727_32
> DISPLAY_NAME: .NET Runtime Optimization Service v2.0.50727_X86
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: COMSysApp
> DISPLAY_NAME: COM+ System Application
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: CryptSvc
> DISPLAY_NAME: Cryptographic Services
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: DcomLaunch
> DISPLAY_NAME: DCOM Server Process Launcher
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Dhcp
> DISPLAY_NAME: DHCP Client
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: dmadmin
> DISPLAY_NAME: Logical Disk Manager Administrative Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: dmserver
> DISPLAY_NAME: Logical Disk Manager
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Dnscache
> DISPLAY_NAME: DNS Client
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ERSvc
> DISPLAY_NAME: Error Reporting Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Eventlog
> DISPLAY_NAME: Event Log
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: EventSystem
> DISPLAY_NAME: COM+ Event System
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: FastUserSwitchingCompatibility
> DISPLAY_NAME: Fast User Switching Compatibility
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Fax
> DISPLAY_NAME: Fax
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: FontCache3.0.0.0
> DISPLAY_NAME: Windows Presentation Foundation Font Cache 3.0.0.0
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: GEARSecurity
> DISPLAY_NAME: GEARSecurity
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: helpsvc
> DISPLAY_NAME: Help and Support
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: HidServ
> DISPLAY_NAME: Human Interface Device Access
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: HTTPFilter
> DISPLAY_NAME: HTTP SSL
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: IDriverT
> DISPLAY_NAME: InstallDriver Table Manager
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: idsvc
> DISPLAY_NAME: Windows CardSpace
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Imapi Helper
> DISPLAY_NAME: Imapi Helper
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ImapiService
> DISPLAY_NAME: IMAPI CD-Burning COM Service
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: lanmanserver
> DISPLAY_NAME: Server
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: lanmanworkstation
> DISPLAY_NAME: Workstation
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: LexBceS
> DISPLAY_NAME: LexBce Server
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: LiveUpdate
> DISPLAY_NAME: LiveUpdate
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: LmHosts
> DISPLAY_NAME: TCP/IP NetBIOS Helper
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: lxct_device
> DISPLAY_NAME: lxct_device
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 4 RUNNING
> (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: MBAMService
> DISPLAY_NAME: MBAMService
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: MDM
> DISPLAY_NAME: Machine Debug Manager
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Messenger
> DISPLAY_NAME: Messenger
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: mnmsrvc
> DISPLAY_NAME: NetMeeting Remote Desktop Sharing
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: MSIServer
> DISPLAY_NAME: Windows Installer
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: NetDDE
> DISPLAY_NAME: Network DDE
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: NetDDEdsdm
> DISPLAY_NAME: Network DDE DSDM
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Netlogon
> DISPLAY_NAME: Net Logon
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Netman
> DISPLAY_NAME: Network Connections
> TYPE : 120 WIN32_SHARE_PROCESS (interactive)
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: NetTcpPortSharing
> DISPLAY_NAME: Net.Tcp Port Sharing Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Nla
> DISPLAY_NAME: Network Location Awareness (NLA)
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Norton AntiVirus
> DISPLAY_NAME: Norton AntiVirus
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Norton Save and Restore
> DISPLAY_NAME: Norton Save and Restore
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: NProtectService
> DISPLAY_NAME: Norton UnErase Protection
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: NtLmSsp
> DISPLAY_NAME: NT LM Security Support Provider
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: NtmsSvc
> DISPLAY_NAME: Removable Storage
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ose
> DISPLAY_NAME: Office Source Engine
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: PlugPlay
> DISPLAY_NAME: Plug and Play
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: PolicyAgent
> DISPLAY_NAME: IPSEC Services
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ProtectedStorage
> DISPLAY_NAME: Protected Storage
> TYPE : 120 WIN32_SHARE_PROCESS (interactive)
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: psqlWGE
> DISPLAY_NAME: Pervasive PSQL Workgroup Engine
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: RasAuto
> DISPLAY_NAME: Remote Access Auto Connection Manager
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: RasMan
> DISPLAY_NAME: Remote Access Connection Manager
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: RDSessMgr
> DISPLAY_NAME: Remote Desktop Help Session Manager
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: RemoteAccess
> DISPLAY_NAME: Routing and Remote Access
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: RpcLocator
> DISPLAY_NAME: Remote Procedure Call (RPC) Locator
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: RpcSs
> DISPLAY_NAME: Remote Procedure Call (RPC)
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 4 RUNNING
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: RSVP
> DISPLAY_NAME: QoS RSVP
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: SamSs
> DISPLAY_NAME: Security Accounts Manager
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: SCardSvr
> DISPLAY_NAME: Smart Card
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Schedule
> DISPLAY_NAME: Task Scheduler
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: seclogon
> DISPLAY_NAME: Secondary Logon
> TYPE : 120 WIN32_SHARE_PROCESS (interactive)
> STATE : 4 RUNNING
> (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: SENS
> DISPLAY_NAME: System Event Notification
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: SharedAccess
> DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: ShellHWDetection
> DISPLAY_NAME: Shell Hardware Detection
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Speed Disk service
> DISPLAY_NAME: Speed Disk service
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Spooler
> DISPLAY_NAME: Print Spooler
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: srservice
> DISPLAY_NAME: System Restore Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: SSDPSRV
> DISPLAY_NAME: SSDP Discovery Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: stisvc
> DISPLAY_NAME: Windows Image Acquisition (WIA)
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: SwPrv
> DISPLAY_NAME: MS Software Shadow Copy Provider
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Symantec RemoteAssist
> DISPLAY_NAME: Symantec RemoteAssist
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: SysmonLog
> DISPLAY_NAME: Performance Logs and Alerts
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: TapiSrv
> DISPLAY_NAME: Telephony
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: TermService
> DISPLAY_NAME: Terminal Services
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Themes
> DISPLAY_NAME: Themes
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: TrkWks
> DISPLAY_NAME: Distributed Link Tracking Client
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: upnphost
> DISPLAY_NAME: Universal Plug and Play Device Host
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: UPS
> DISPLAY_NAME: Uninterruptible Power Supply
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: Viewpoint Manager Service
> DISPLAY_NAME: Viewpoint Manager Service
> TYPE : 110 WIN32_OWN_PROCESS (interactive)
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: VSS
> DISPLAY_NAME: Volume Shadow Copy
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: W32Time
> DISPLAY_NAME: Windows Time
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: WebClient
> DISPLAY_NAME: WebClient
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: winmgmt
> DISPLAY_NAME: Windows Management Instrumentation
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: WmdmPmSN
> DISPLAY_NAME: Portable Media Serial Number Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: WmiApSrv
> DISPLAY_NAME: WMI Performance Adapter
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: WMPNetworkSvc
> DISPLAY_NAME: Windows Media Player Network Sharing Service
> TYPE : 10 WIN32_OWN_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: wscsvc
> DISPLAY_NAME: Security Center
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: wuauserv
> DISPLAY_NAME: Automatic Updates
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: WudfSvc
> DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: WZCSVC
> DISPLAY_NAME: Wireless Zero Configuration
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 4 RUNNING
> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
> WIN32_EXIT_CODE : 0 (0x0)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
>
> SERVICE_NAME: xmlprov
> DISPLAY_NAME: Network Provisioning Service
> TYPE : 20 WIN32_SHARE_PROCESS
> STATE : 1 STOPPED
> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
> WIN32_EXIT_CODE : 1077 (0x435)
> SERVICE_EXIT_CODE : 0 (0x0)
> CHECKPOINT : 0x0
> WAIT_HINT : 0x0
Unknown
At that point did you open task manager and check what processes is running
and whether or not
an application is running?
Also have you compared the services when starting to hibernate against the
services after one hour?news:OgFHiIb...@TK2MSFTNGP06.phx.gbl...
William B. Lurie
I don't mess with registry unless it has to be messed with.
And if those commands and errors are innocuous, I see no need to
mess with them via command prompt. And the chkdsk request was
a blind alley, and to be sure, I deleted that 2+ year old backup
anyway.
But what to do next? With all this time spent on the hibernate
problem, I hate to give up. Who knows, the answer may be just around
the next bend in the road.
William B. Lurie
> You stated after the hibernation time (2 hours) your HD light is flashing?
> At that point did you open task manager and check what processes is running
> and whether or not
> an application is running?
No, but I will next time around. What I see there most often, during
these test runs, is nothing related to the user except HpBootOpt, but
plenty of System and Local Service with many many 'svchost.exe',
none of which are under my control.
The sequence is, first desktop; then Screen Saver: then Monitor shutoff
(never), then HD shutoff (20 minutes), then System Standby (25 min.)
and finally hibernate (2 hours). After 2 hours or more have elapsed,
the mintor is in reduced power, the power-on light is flashing, and
that's all. It never goes to hibernate, which would be indicated by
the power-on light turning off.
Unknown
John John - MVP
>>>>> 0010: 00 00 00 00 32 00 00 c0 ....2..�
I don't see the KLIF or ftsata2 driver on the sc query list that you
supplied... could be that they are on the clone but not on the
production machine, or that the sc command doesn't see these as
services. You can try these and see what it returns:
sc query klif
sc query ftsata2
We could also get the list of drivers with a different command:
driverquery >c:\drivers.txt
If you want to solve the problem you need to keep on investigating until
you find what it is that is running or starting and that prevents
hibernation, I don't know of an easy way to figure this out. Sometimes
you need dogged determination to get to the bottom of some of these
problems.
John
William B. Lurie
SERVICE_NAME: ftsata2
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 31 (0x1f)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
The other one reads the same but I misplaced it.....the
same except it said klif and one other change
(I think TYPE -------CONTROL).
>
> We could also get the list of drivers with a different command:
>
> driverquery >c:\drivers.txt
It didn't recognize that command.
>
> If you want to solve the problem you need to keep on investigating until
> you find what it is that is running or starting and that prevents
> hibernation, I don't know of an easy way to figure this out. Sometimes
> you need dogged determination to get to the bottom of some of these
> problems.
Oh, you're right, John. We've both invested too much
time and intellect in it, and I'd hate to drop it,
either. But, as I said, what next?
>
William B. Lurie
> xxxxxxxx
>>
>> We could also get the list of drivers with a different command:
>>
>> driverquery >c:\drivers.txt
>
> It didn't recognize that command.
>>
>> If you want to solve the problem you need to keep on investigating
>> until you find what it is that is running or starting and that
>> prevents hibernation, I don't know of an easy way to figure this out.
>> Sometimes you need dogged determination to get to the bottom of some
>> of these problems.
>
> Oh, you're right, John. We've both invested too much
> time and intellect in it, and I'd hate to drop it,
> either. But, as I said, what next?
>>
>
on both drives:
>
> SERVICE_NAME: klif
> TYPE : 2 FILE_SYSTEM_DRIVER