2-hour hibernate failure

Prev: modem & AVG
Next: Just-In-Time Debugging

From: William B. Lurie on 14 Apr 2010 12:52

---

John John - MVP wrote:
> William B. Lurie wrote:
>
>> Latest news, overnight runs (I was up with a bad cold anyway):
>> Did first half of what was requested. Ran the .bat file and
>> am posting interesting results below. Will do it again from
>> Clean Boot later. See SCM/WIA involvement,
>
> Windows Image Acquisition (WIA) used by scanners, cameras and probably
> your webcam, this is why I asked you to *completely* remove these
> devices and all their associated software from your machine. In the
> batch file the line:
>
> sc config stisvc start= Disabled
>
> will (should have) set the Windows Image Acquisition (WIA) to
> *disabled*. A disabled service cannot start, trying to start it will
> throw an error. Something in your startup applications is changing the
> start status of the service an re-enabling it, these things don't change
> by themselves alone. Run the batch file again to reset the start values
> of the services then do a clean boot, don't reboot after you run the
> batch file because the startup applications will just change it again!
> Run the batch file then do the necessary steps to clean boot then reboot.
>
>
>> plus specifically the every-hour-events.
>
> You mean Norton stuff? That will be the next one to get its head
> chopped off! It shouldn't run if you do the clean boot properly.
>
> John
John, Norton in service is too important to me, and removing
it completely and reinstalling could be a forever task. We
have to either clear it or chop its legs off, and I propose
a test that will meet you more than half way. As you know,
I can always make more clones, even though it takes some time.

Let's take my test clone and remove all of Norton's A-V right
from Add/Remove. I just have to remember never to go online on
that system.

I'll take the system as it is now, UNinstall NAV,do your
ServicesStart.vbc again, and autorunsc.exe, and let's see
what happens. I'll start that right now.
Bill

From: William B. Lurie on 14 Apr 2010 17:51

---

John John - MVP wrote:
> William B. Lurie wrote:
>
>> Latest news, overnight runs (I was up with a bad cold anyway):
>> Did first half of what was requested. Ran the .bat file and
>> am posting interesting results below. Will do it again from
>> Clean Boot later. See SCM/WIA involvement,
>
> Windows Image Acquisition (WIA) used by scanners, cameras and probably
> your webcam, this is why I asked you to *completely* remove these
> devices and all their associated software from your machine. In the
> batch file the line:
>
> sc config stisvc start= Disabled
>
> will (should have) set the Windows Image Acquisition (WIA) to
> *disabled*. A disabled service cannot start, trying to start it will
> throw an error. Something in your startup applications is changing the
> start status of the service an re-enabling it, these things don't change
> by themselves alone. Run the batch file again to reset the start values
> of the services then do a clean boot, don't reboot after you run the
> batch file because the startup applications will just change it again!
> Run the batch file then do the necessary steps to clean boot then reboot.
>
>
>> plus specifically the every-hour-events.
>
> You mean Norton stuff? That will be the next one to get its head
> chopped off! It shouldn't run if you do the clean boot properly.
>
> John
***********************************************************************
John, I completely removed, uninstalled, all Norton stuff and made the
run I said I would. I'll try to show the results below. Note that
every hour, *some*thing is doing Auto Live Update.......but it ain't
Norton. Gotta go, but I'll try to patch the stuff in here.

> Service Name,Start Mode
> Alerter,Disabled,
> ALG,Manual,
> AppMgmt,Manual,
> aspnet_state,Manual,
> Ati HotKey Poller,Disabled,
> ATI Smart,Manual,
> AudioSrv,Auto,
> Automatic LiveUpdate Scheduler,Auto,
> BITS,Manual,
> Browser,Auto,
> CiSvc,Manual,
> ClipSrv,Disabled,
> clr_optimization_v2.0.50727_32,Manual,
> COMSysApp,Manual,
> CryptSvc,Auto,
> DcomLaunch,Auto,
> Dhcp,Auto,
> dmadmin,Manual,
> dmserver,Manual,
> Dnscache,Manual,
> ERSvc,Manual,
> Eventlog,Auto,
> EventSystem,Manual,
> FastUserSwitchingCompatibility,Manual,
> Fax,Manual,
> FontCache3.0.0.0,Manual,
> GEARSecurity,Disabled,
> helpsvc,Auto,
> HidServ,Disabled,
> HTTPFilter,Manual,
> IDriverT,Manual,
> idsvc,Manual,
> Imapi Helper,Manual,
> ImapiService,Manual,
> lanmanserver,Disabled,
> lanmanworkstation,Auto,
> LexBceS,Disabled,
> LiveUpdate,Manual,
> LmHosts,Manual,
> MBAMService,Disabled,
> MDM,Manual,
> Messenger,Disabled,
> mnmsrvc,Manual,
> MSIServer,Manual,
> NetDDE,Disabled,
> NetDDEdsdm,Disabled,
> Netlogon,Manual,
> Netman,Manual,
> NetTcpPortSharing,Disabled,
> Nla,Manual,
> NtLmSsp,Manual,
> NtmsSvc,Manual,
> ose,Manual,
> PlugPlay,Auto,
> PolicyAgent,Manual,
> ProtectedStorage,Auto,
> psqlWGE,Disabled,
> RasAuto,Disabled,
> RasMan,Manual,
> RDSessMgr,Manual,
> RemoteAccess,Disabled,
> RpcLocator,Manual,
> RpcSs,Auto,
> RSVP,Manual,
> SamSs,Auto,
> SCardSvr,Manual,
> Schedule,Manual,
> seclogon,Manual,
> SENS,Auto,
> SharedAccess,Auto,
> ShellHWDetection,Auto,
> Spooler,Manual,
> srservice,Auto,
> SSDPSRV,Manual,
> stisvc,Disabled,
> SwPrv,Manual,
> Symantec RemoteAssist,Manual,
> SysmonLog,Manual,
> TapiSrv,Manual,
> TermService,Auto,
> Themes,Auto,
> TrkWks,Manual,
> upnphost,Manual,
> UPS,Manual,
> Viewpoint Manager Service,Disabled,
> VSS,Manual,
> W32Time,Auto,
> WebClient,Manual,
> winmgmt,Auto,
> WmdmPmSN,Manual,
> WmiApSrv,Disabled,
> WMPNetworkSvc,Manual,
> wscsvc,Manual,
> wuauserv,Auto,
> WudfSvc,Manual,
> WZCSVC,Auto,
> xmlprov,Manual,


HKLM\System\CurrentControlSet\Control\Terminal
Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.1.2600.2180
c:\windows\system32\rdpclip.exe
ab978e64b3cb5b78842bc2bdae19d0cd (MD5)
db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.1.2600.2180
c:\windows\system32\userinit.exe
39b1ffb03c2296323832acbae50d2aff (MD5)
e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.0.2900.3156
c:\windows\explorer.exe
97bd6515465659ff8f3b7be375b2ea87 (MD5)
972307a3ef93680afdd03603df20f2241047a934 (SHA-1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HPBootOp
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Boot Optimizer
Hewlett-Packard Company
3.0.0.0
c:\program files\hewlett-packard\hp boot optimizer\hpbootop.exe
a789b145f17fa5c2326907f4872fe173 (MD5)
f04982c1c82b75b38e5da0ef838b6b2e753b3e6c (SHA-1)
MSConfig
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
System Configuration Utility
Microsoft Corporation
5.1.2600.2764
c:\windows\pchealth\helpctr\binaries\msconfig.exe
3c60aefa68efa2c4d13ab6b68fe82b81 (MD5)
abdb5d622a86473732671f5d5d2d7ba458af656e (SHA-1)

> Type Date Time Source Category Event User Computer
> Information 4/14/2010 5:29:20 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 5:29:20 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 4:43:17 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 4:28:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 4:28:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 3:41:59 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 3:26:44 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 3:26:44 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 2:40:41 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 2:25:26 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 2:25:26 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:49:45 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:44:30 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:39:15 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:24:00 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:24:00 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:24:00 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:11:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:11:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:11:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Warning 4/14/2010 1:10:13 PM Userenv None 1517 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:09:46 PM MsiInstaller None 11724 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:46 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:09:46 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:09:46 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:09:29 PM MsiInstaller None 11724 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:23 PM MsiInstaller None 11724 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:17 PM NProtectService None 6 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:13 PM MsiInstaller None 11724 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:11 PM MsiInstaller None 11724 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:02 PM MsiInstaller None 11728 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:02 PM MsiInstaller None 11728 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:09:02 PM MsiInstaller None 11728 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:08:36 PM MsiInstaller None 1005 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:08:36 PM MsiInstaller None 11724 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:06:15 PM IDriverT None 0 N/A COMPAQ-2006
> Warning 4/14/2010 1:03:23 PM Userenv None 1517 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:02:39 PM MsiInstaller None 11725 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:00:04 PM IDriverT None 0 N/A COMPAQ-2006
> Information 4/14/2010 12:58:31 PM Norton AntiVirus None 37 SYSTEM COMPAQ-2006
> Information 4/14/2010 12:58:30 PM Norton AntiVirus None 36 SYSTEM COMPAQ-2006
> Information 4/14/2010 12:54:26 PM Norton AntiVirus None 35 SYSTEM COMPAQ-2006
> Information 4/14/2010 12:54:23 PM Norton AntiVirus None 34 SYSTEM COMPAQ-2006

> Event Type: Information
> Event Source: Automatic LiveUpdate Scheduler
> Event Category: Devices
> Event ID: 101
> Date: 4/14/2010
> Time: 4:43:17 PM
> User: NT AUTHORITY\SYSTEM
> Computer: COMPAQ-2006
> Description:
> Information Level: success
>
> Rolling back the schedule; execution will occur at approximately 4:48 PM.

Type Date Time Source Category Event User Computer
Error 4/14/2010 5:33:13 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
Error 4/14/2010 5:31:51 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
Information 4/14/2010 5:29:23 PM Tcpip None 4201 N/A COMPAQ-2006
Information 4/14/2010 4:28:07 PM Tcpip None 4201 N/A COMPAQ-2006
Information 4/14/2010 3:26:47 PM Tcpip None 4201 N/A COMPAQ-2006
Error 4/14/2010 3:26:44 PM Service Control Manager None 7011 N/A COMPAQ-2006
Information 4/14/2010 2:25:29 PM Tcpip None 4201 N/A COMPAQ-2006
Error 4/14/2010 1:28:51 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
Error 4/14/2010 1:27:25 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7035
Compaq_Owner COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7035
SYSTEM COMPAQ-2006
Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A
COMPAQ-2006
Error 4/14/2010 1:25:29 PM Service Control Manager None 7001 N/A COMPAQ-2006
Information 4/14/2010 1:23:40 PM Tcpip None 4201 N/A COMPAQ-2006
Information 4/14/2010 1:23:47 PM eventlog None 6005 N/A COMPAQ-2006
Information 4/14/2010 1:23:47 PM eventlog None 6009 N/A COMPAQ-2006>
Type Date Time Source Category Event User Computer
> Error 4/14/2010 5:33:13 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
> Error 4/14/2010 5:31:51 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 5:29:23 PM Tcpip None 4201 N/A COMPAQ-2006
> Information 4/14/2010 4:28:07 PM Tcpip None 4201 N/A COMPAQ-2006
> Information 4/14/2010 3:26:47 PM Tcpip None 4201 N/A COMPAQ-2006
> Error 4/14/2010 3:26:44 PM Service Control Manager None 7011 N/A COMPAQ-2006
> Information 4/14/2010 2:25:29 PM Tcpip None 4201 N/A COMPAQ-2006
> Error 4/14/2010 1:28:51 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
> Error 4/14/2010 1:27:25 PM DCOM None 10005 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7035 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Error 4/14/2010 1:25:29 PM Service Control Manager None 7001 N/A COMPAQ-2006
> Information 4/14/2010 1:23:40 PM Tcpip None 4201 N/A COMPAQ-2006
> Information 4/14/2010 1:23:47 PM eventlog None 6005 N/A COMPAQ-2006
> Information 4/14/2010 1:23:47 PM eventlog None 6009 N/A COMPAQ-2006

I think the last one was a duplicate, pasted differently.
Some of these are a lot longer but I didn't copy what was
still earlier. If you need fuller Event Logs, I have them

But I think it's telling a story, that Auto Live Update
is asking every hour........I don't know if you Disabled it and it
came back somehow, or what, but I hope you do.
Bill

From: William B. Lurie on 14 Apr 2010 23:46

---

William B. Lurie wrote:
> John John - MVP wrote:
>> William B. Lurie wrote:
>>
>>> Latest news, overnight runs (I was up with a bad cold anyway):
>>> Did first half of what was requested. Ran the .bat file and
>>> am posting interesting results below. Will do it again from
>>> Clean Boot later. See SCM/WIA involvement,
>>
>> Windows Image Acquisition (WIA) used by scanners, cameras and probably
>> your webcam, this is why I asked you to *completely* remove these
>> devices and all their associated software from your machine. In the
>> batch file the line:
>>
>> sc config stisvc start= Disabled
>>
>> will (should have) set the Windows Image Acquisition (WIA) to
>> *disabled*. A disabled service cannot start, trying to start it will
>> throw an error. Something in your startup applications is changing
>> the start status of the service an re-enabling it, these things don't
>> change by themselves alone. Run the batch file again to reset the
>> start values of the services then do a clean boot, don't reboot after
>> you run the batch file because the startup applications will just
>> change it again! Run the batch file then do the necessary steps to
>> clean boot then reboot.
>>
>>
>>> plus specifically the every-hour-events.
>>
>> You mean Norton stuff? That will be the next one to get its head
>> chopped off! It shouldn't run if you do the clean boot properly.
>>
>> John
> ***********************************************************************
> John, I completely removed, uninstalled, all Norton stuff and made the
> run I said I would. I'll try to show the results below. Note that
> every hour, *some*thing is doing Auto Live Update.......but it ain't
> Norton. Gotta go, but I'll try to patch the stuff in here.
>
>> Service Name,Start Mode
>> Alerter,Disabled,
>> ALG,Manual,
>> AppMgmt,Manual,
>> aspnet_state,Manual,
>> Ati HotKey Poller,Disabled,
>> ATI Smart,Manual,
>> AudioSrv,Auto,
>> Automatic LiveUpdate Scheduler,Auto,
>> BITS,Manual,
>> Browser,Auto,
>> CiSvc,Manual,
>> ClipSrv,Disabled,
>> clr_optimization_v2.0.50727_32,Manual,
>> COMSysApp,Manual,
>> CryptSvc,Auto,
>> DcomLaunch,Auto,
>> Dhcp,Auto,
>> dmadmin,Manual,
>> dmserver,Manual,
>> Dnscache,Manual,
>> ERSvc,Manual,
>> Eventlog,Auto,
>> EventSystem,Manual,
>> FastUserSwitchingCompatibility,Manual,
>> Fax,Manual,
>> FontCache3.0.0.0,Manual,
>> GEARSecurity,Disabled,
>> helpsvc,Auto,
>> HidServ,Disabled,
>> HTTPFilter,Manual,
>> IDriverT,Manual,
>> idsvc,Manual,
>> Imapi Helper,Manual,
>> ImapiService,Manual,
>> lanmanserver,Disabled,
>> lanmanworkstation,Auto,
>> LexBceS,Disabled,
>> LiveUpdate,Manual,
>> LmHosts,Manual,
>> MBAMService,Disabled,
>> MDM,Manual,
>> Messenger,Disabled,
>> mnmsrvc,Manual,
>> MSIServer,Manual,
>> NetDDE,Disabled,
>> NetDDEdsdm,Disabled,
>> Netlogon,Manual,
>> Netman,Manual,
>> NetTcpPortSharing,Disabled,
>> Nla,Manual,
>> NtLmSsp,Manual,
>> NtmsSvc,Manual,
>> ose,Manual,
>> PlugPlay,Auto,
>> PolicyAgent,Manual,
>> ProtectedStorage,Auto,
>> psqlWGE,Disabled,
>> RasAuto,Disabled,
>> RasMan,Manual,
>> RDSessMgr,Manual,
>> RemoteAccess,Disabled,
>> RpcLocator,Manual,
>> RpcSs,Auto,
>> RSVP,Manual,
>> SamSs,Auto,
>> SCardSvr,Manual,
>> Schedule,Manual,
>> seclogon,Manual,
>> SENS,Auto,
>> SharedAccess,Auto,
>> ShellHWDetection,Auto,
>> Spooler,Manual,
>> srservice,Auto,
>> SSDPSRV,Manual,
>> stisvc,Disabled,
>> SwPrv,Manual,
>> Symantec RemoteAssist,Manual,
>> SysmonLog,Manual,
>> TapiSrv,Manual,
>> TermService,Auto,
>> Themes,Auto,
>> TrkWks,Manual,
>> upnphost,Manual,
>> UPS,Manual,
>> Viewpoint Manager Service,Disabled,
>> VSS,Manual,
>> W32Time,Auto,
>> WebClient,Manual,
>> winmgmt,Auto,
>> WmdmPmSN,Manual,
>> WmiApSrv,Disabled,
>> WMPNetworkSvc,Manual,
>> wscsvc,Manual,
>> wuauserv,Auto,
>> WudfSvc,Manual,
>> WZCSVC,Auto,
>> xmlprov,Manual,
>
>
> HKLM\System\CurrentControlSet\Control\Terminal
> Server\Wds\rdpwd\StartupPrograms
> rdpclip
> rdpclip
> RDP Clip Monitor
> Microsoft Corporation
> 5.1.2600.2180
> c:\windows\system32\rdpclip.exe
> ab978e64b3cb5b78842bc2bdae19d0cd (MD5)
> db49bb6158d12ea7dc9b28ef2ee857edb6015138 (SHA-1)
>
> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
> C:\WINDOWS\system32\userinit.exe
> C:\WINDOWS\system32\userinit.exe
> Userinit Logon Application
> Microsoft Corporation
> 5.1.2600.2180
> c:\windows\system32\userinit.exe
> 39b1ffb03c2296323832acbae50d2aff (MD5)
> e5aedcbe25a97c89101f1f3860ff846e94d70445 (SHA-1)
>
> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
> Explorer.exe
> Explorer.exe
> Windows Explorer
> Microsoft Corporation
> 6.0.2900.3156
> c:\windows\explorer.exe
> 97bd6515465659ff8f3b7be375b2ea87 (MD5)
> 972307a3ef93680afdd03603df20f2241047a934 (SHA-1)
>
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> HPBootOp
> "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
> HP Boot Optimizer
> Hewlett-Packard Company
> 3.0.0.0
> c:\program files\hewlett-packard\hp boot optimizer\hpbootop.exe
> a789b145f17fa5c2326907f4872fe173 (MD5)
> f04982c1c82b75b38e5da0ef838b6b2e753b3e6c (SHA-1)
> MSConfig
> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
> System Configuration Utility
> Microsoft Corporation
> 5.1.2600.2764
> c:\windows\pchealth\helpctr\binaries\msconfig.exe
> 3c60aefa68efa2c4d13ab6b68fe82b81 (MD5)
> abdb5d622a86473732671f5d5d2d7ba458af656e (SHA-1)
>
>> Type Date Time Source Category Event User Computer
>> Information 4/14/2010 5:29:20 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 5:29:20 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 4:43:17 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 4:28:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 4:28:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 3:41:59 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 3:26:44 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 3:26:44 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 2:40:41 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 2:25:26 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 2:25:26 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:49:45 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:44:30 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:39:15 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:24:00 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:24:00 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:24:00 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:11:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:11:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:11:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Warning 4/14/2010 1:10:13 PM Userenv None 1517
>> SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:09:46 PM MsiInstaller None
>> 11724 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:46 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:09:46 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:09:46 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:09:29 PM MsiInstaller None
>> 11724 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:23 PM MsiInstaller None
>> 11724 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:17 PM NProtectService None
>> 6 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:13 PM MsiInstaller None
>> 11724 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:11 PM MsiInstaller None
>> 11724 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:02 PM MsiInstaller None
>> 11728 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:02 PM MsiInstaller None
>> 11728 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:09:02 PM MsiInstaller None
>> 11728 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:08:36 PM MsiInstaller None
>> 1005 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:08:36 PM MsiInstaller None
>> 11724 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:06:15 PM IDriverT None 0
>> N/A COMPAQ-2006
>> Warning 4/14/2010 1:03:23 PM Userenv None 1517
>> SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:02:39 PM MsiInstaller None
>> 11725 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:00:04 PM IDriverT None 0
>> N/A COMPAQ-2006
>> Information 4/14/2010 12:58:31 PM Norton AntiVirus None
>> 37 SYSTEM COMPAQ-2006
>> Information 4/14/2010 12:58:30 PM Norton AntiVirus None
>> 36 SYSTEM COMPAQ-2006
>> Information 4/14/2010 12:54:26 PM Norton AntiVirus None
>> 35 SYSTEM COMPAQ-2006
>> Information 4/14/2010 12:54:23 PM Norton AntiVirus None
>> 34 SYSTEM COMPAQ-2006
>
>> Event Type: Information
>> Event Source: Automatic LiveUpdate Scheduler
>> Event Category: Devices Event ID: 101
>> Date: 4/14/2010
>> Time: 4:43:17 PM
>> User: NT AUTHORITY\SYSTEM
>> Computer: COMPAQ-2006
>> Description:
>> Information Level: success
>>
>> Rolling back the schedule; execution will occur at approximately 4:48 PM.
>
> Type Date Time Source Category Event User Computer
> Error 4/14/2010 5:33:13 PM DCOM None 10005
> Compaq_Owner COMPAQ-2006
> Error 4/14/2010 5:31:51 PM DCOM None 10005
> Compaq_Owner COMPAQ-2006
> Information 4/14/2010 5:29:23 PM Tcpip None 4201
> N/A COMPAQ-2006
> Information 4/14/2010 4:28:07 PM Tcpip None 4201
> N/A COMPAQ-2006
> Information 4/14/2010 3:26:47 PM Tcpip None 4201
> N/A COMPAQ-2006
> Error 4/14/2010 3:26:44 PM Service Control Manager None
> 7011 N/A COMPAQ-2006
> Information 4/14/2010 2:25:29 PM Tcpip None 4201
> N/A COMPAQ-2006
> Error 4/14/2010 1:28:51 PM DCOM None 10005
> Compaq_Owner COMPAQ-2006
> Error 4/14/2010 1:27:25 PM DCOM None 10005
> Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7035 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 1:25:29 PM Service Control Manager
> None 7036 N/A COMPAQ-2006
> Error 4/14/2010 1:25:29 PM Service Control Manager None
> 7001 N/A COMPAQ-2006
> Information 4/14/2010 1:23:40 PM Tcpip None 4201
> N/A COMPAQ-2006
> Information 4/14/2010 1:23:47 PM eventlog None 6005
> N/A COMPAQ-2006
> Information 4/14/2010 1:23:47 PM eventlog None 6009
> N/A COMPAQ-2006> Type Date Time Source Category
> Event User Computer
>> Error 4/14/2010 5:33:13 PM DCOM None 10005
>> Compaq_Owner COMPAQ-2006
>> Error 4/14/2010 5:31:51 PM DCOM None 10005
>> Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 5:29:23 PM Tcpip None 4201
>> N/A COMPAQ-2006
>> Information 4/14/2010 4:28:07 PM Tcpip None 4201
>> N/A COMPAQ-2006
>> Information 4/14/2010 3:26:47 PM Tcpip None 4201
>> N/A COMPAQ-2006
>> Error 4/14/2010 3:26:44 PM Service Control Manager None
>> 7011 N/A COMPAQ-2006
>> Information 4/14/2010 2:25:29 PM Tcpip None 4201
>> N/A COMPAQ-2006
>> Error 4/14/2010 1:28:51 PM DCOM None 10005
>> Compaq_Owner COMPAQ-2006
>> Error 4/14/2010 1:27:25 PM DCOM None 10005
>> Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7035 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7035 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7035 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7035 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7035 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7035 SYSTEM COMPAQ-2006
>> Information 4/14/2010 1:25:29 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Error 4/14/2010 1:25:29 PM Service Control Manager None
>> 7001 N/A COMPAQ-2006
>> Information 4/14/2010 1:23:40 PM Tcpip None 4201
>> N/A COMPAQ-2006
>> Information 4/14/2010 1:23:47 PM eventlog None 6005
>> N/A COMPAQ-2006
>> Information 4/14/2010 1:23:47 PM eventlog None 6009
>> N/A COMPAQ-2006
>
> I think the last one was a duplicate, pasted differently.
> Some of these are a lot longer but I didn't copy what was
> still earlier. If you need fuller Event Logs, I have them
>
> But I think it's telling a story, that Auto Live Update
> is asking every hour........I don't know if you Disabled it and it
> came back somehow, or what, but I hope you do.
> Bill
****************************************************
I should snip the above but that can wait.

I just finished what might be the most positive indicating
run yet. Same conditions as last run, except this time I did

Clean Boot
Disabled Auto Live Update
Disabled WIA and started at 9:12 P.M.

2.5 hours later, it had not hibernated, but I think
there is just one reason clearly shown. I'll send you
the files in the morning to look at, John.

What I see is just *one* event, but it happened at 10:35 .....
Tcpip... Type 4201 ......."SCM" I think.

Bill

From: William B. Lurie on 15 Apr 2010 06:38

---

William B. Lurie wrote:
<snip>
> I just finished what might be the most positive indicating
> run yet. Same conditions as last run, except this time I did
>
> Clean Boot
> Disabled Auto Live Update
> Disabled WIA and started at 9:12 P.M.
>
> 2.5 hours later, it had not hibernated, but I think
> there is just one reason clearly shown. I'll send you
> the files in the morning to look at, John.
>
> What I see is just *one* event, but it happened at 10:35 .....
> Tcpip... Type 4201 ......."SCM" I think.
>
> Bill
See these:

> Type Date Time Source Category Event User Computer
> Information 4/14/2010 9:05:01 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 9:04:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 9:04:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 9:04:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 6:03:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006
> Information 4/14/2010 6:03:02 PM Automatic LiveUpdate Scheduler Devices 101 SYSTEM COMPAQ-2006

Type Date
Success Audit 4/14/2010 11:34:34 PM Security System Event 513 SYSTEM
COMPAQ-2006
Success Audit 4/14/2010 11:34:28 PM Security Logon/Logoff 551
Compaq_Owner COMPAQ-2006
Success Audit 4/14/2010 9:11:04 PM Security Privilege Use 576 NETWORK
SERVICE COMPAQ-2006
Success Audit 4/14/2010 9:11:04 PM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
Success Audit 4/14/2010 9:10:24 PM Security Privilege Use 576 NETWORK
SERVICE COMPAQ-2006
Success Audit 4/14/2010 9:10:24 PM Security Logon/Logoff 528 NETWORK
SERVICE COMPAQ-2006
Success Audit 4/14/2010 9:10:24 PM Security System Event 515 SYSTEM
COMPAQ-2006
Success Audit 4/14/2010 9:10:22 PM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 4/14/2010 9:10:22 PM Security Policy Change 850 SYSTEM
COMPAQ-2006
Success Audit 4/14/2010 9:10:22 PM Security Policy Change 850 SYSTEM
COMPAQ-2006

> Type Date Time Source Cate
> Information 4/14/2010 11:34:34 PM eventlog None 6006 N/A COMPAQ-2006
> Information 4/14/2010 11:34:33 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 11:30:33 PM Tcpip None 4201 N/A COMPAQ-2006
> Information 4/14/2010 10:35:53 PM Tcpip None 4201 N/A COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7035 Compaq_Owner COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7036 N/A COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7035 SYSTEM COMPAQ-2006
> Information 4/14/2010 9:11:40 PM Service Control Manager None 7036 N/A COMPAQ-2006
>
> Event Type: Information
> Event Source: Tcpip
> Event Category: None
> Event ID: 4201
> Date: 4/14/2010
> Time: 10:35:53 PM
> User: N/A
> Computer: COMPAQ-2006
> Description:
> The system detected that network adapter \DEVICE\TCPIP_{D5E50A75-4A1C-4421-A5B4-569C9FE131B8} was connected to the network, and has initiated normal operation over the network adapter.
>
> For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 00 00 00 00 02 00 50 00 ......P.
> 0008: 00 00 00 00 69 10 00 40 ....i..@
> 0010: 02 00 00 00 00 00 00 00 ........
> 0018: 00 00 00 00 00 00 00 00 ........
> 0020: 00 00 00 00 00 00 00 00 ........

I think that 10:35 PM event was the killer........
Our old friend Tcpip again. I have the feeling that, if I let it
run on past 11:30. it would repeat every hour or so.

I'm ready to clean out the Event Logs on the Clone
system, and Clean Boot, and do whatever you tell me to,
John, to track it down. I don't know what Network Adapter they're
referring to in the Event Description.....
Bill

From: John John - MVP on 15 Apr 2010 07:23

---

William B. Lurie wrote:
> William B. Lurie wrote:
> <snip>
>> I just finished what might be the most positive indicating
>> run yet. Same conditions as last run, except this time I did
>>
>> Clean Boot
>> Disabled Auto Live Update
>> Disabled WIA and started at 9:12 P.M.
>>
>> 2.5 hours later, it had not hibernated, but I think
>> there is just one reason clearly shown. I'll send you
>> the files in the morning to look at, John.
>>
>> What I see is just *one* event, but it happened at 10:35 .....
>> Tcpip... Type 4201 ......."SCM" I think.
>>
>> Bill
> See these:
>
>> Type Date Time Source Category Event User Computer
>> Information 4/14/2010 9:05:01 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 9:04:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 9:04:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 9:04:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 6:03:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>> Information 4/14/2010 6:03:02 PM Automatic LiveUpdate
>> Scheduler Devices 101 SYSTEM COMPAQ-2006
>
> Type Date
> Success Audit 4/14/2010 11:34:34 PM Security System
> Event 513 SYSTEM COMPAQ-2006
> Success Audit 4/14/2010 11:34:28 PM Security
> Logon/Logoff 551 Compaq_Owner COMPAQ-2006
> Success Audit 4/14/2010 9:11:04 PM Security Privilege
> Use 576 NETWORK SERVICE COMPAQ-2006
> Success Audit 4/14/2010 9:11:04 PM Security Logon/Logoff
> 528 NETWORK SERVICE COMPAQ-2006
> Success Audit 4/14/2010 9:10:24 PM Security Privilege
> Use 576 NETWORK SERVICE COMPAQ-2006
> Success Audit 4/14/2010 9:10:24 PM Security Logon/Logoff
> 528 NETWORK SERVICE COMPAQ-2006
> Success Audit 4/14/2010 9:10:24 PM Security System Event
> 515 SYSTEM COMPAQ-2006
> Success Audit 4/14/2010 9:10:22 PM Security Policy
> Change 850 SYSTEM COMPAQ-2006
> Success Audit 4/14/2010 9:10:22 PM Security Policy
> Change 850 SYSTEM COMPAQ-2006
> Success Audit 4/14/2010 9:10:22 PM Security Policy
> Change 850 SYSTEM COMPAQ-2006
>
>> Type Date Time Source Cate
>> Information 4/14/2010 11:34:34 PM eventlog None 6006
>> N/A COMPAQ-2006
>> Information 4/14/2010 11:34:33 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 11:30:33 PM Tcpip None 4201
>> N/A COMPAQ-2006
>> Information 4/14/2010 10:35:53 PM Tcpip None 4201
>> N/A COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7035 SYSTEM COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7035 Compaq_Owner COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7035 SYSTEM COMPAQ-2006
>> Information 4/14/2010 9:11:40 PM Service Control Manager
>> None 7036 N/A COMPAQ-2006
>>
>> Event Type: Information
>> Event Source: Tcpip
>> Event Category: None
>> Event ID: 4201
>> Date: 4/14/2010
>> Time: 10:35:53 PM
>> User: N/A
>> Computer: COMPAQ-2006
>> Description:
>> The system detected that network adapter
>> \DEVICE\TCPIP_{D5E50A75-4A1C-4421-A5B4-569C9FE131B8} was connected to
>> the network, and has initiated normal operation over the network adapter.
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>> Data:
>> 0000: 00 00 00 00 02 00 50 00 ......P.
>> 0008: 00 00 00 00 69 10 00 40 ....i..@
>> 0010: 02 00 00 00 00 00 00 00 ........
>> 0018: 00 00 00 00 00 00 00 00 ........
>> 0020: 00 00 00 00 00 00 00 00 ........
>
> I think that 10:35 PM event was the killer........
> Our old friend Tcpip again. I have the feeling that, if I let it
> run on past 11:30. it would repeat every hour or so.
>
> I'm ready to clean out the Event Logs on the Clone
> system, and Clean Boot, and do whatever you tell me to,
> John, to track it down. I don't know what Network Adapter they're
> referring to in the Event Description.....

Please do the clean boot.

John

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5 6 7 8 9 10
Prev: modem & AVG
Next: Just-In-Time Debugging