InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Computer starts up with no action by me? |
| Answer» <html><body><p>I used to frequent this site and provide the help I could and learn from others on here. This problem I'm not sure how to approach. So as the title says my computer has been starting up by itself. I place the computer into sleep mode it will start back up periodically through the day. At first I thought someone scheduled multiple scheduled tasks to start my computer up as a gag, that was not the case, I've scanned multiple times for virus. I used the scanners that CH lists for scanning a system and <a href="https://interviewquestions.tuteehub.com/tag/came-248412" style="font-weight:bold;" target="_blank" title="Click to know more about CAME">CAME</a> up clean multiple times.<br/><br/><br/>Oh, I almost forgot, here are my specs.<br/><br/><br/>Help please, <br/><br/><br/>TalonTromper<br/><br/>[recovering disk space, attachment deleted by admin]It's either a scheduled task...or an app updating.<br/>Could also be your e-mail client phoning home.<br/>I don't use any Windows power saving features.If it was a scheduled task wouldn't it be listed inside the schedule tasks inside computer management?<br/><br/><br/>Also I've tried unplugging my network when I would leave, still happens.Check the event log<br/>In answer to your question...Yes...a scheduled Task would be listed.I've noticed that same thing with my laptop. Even though it's <a href="https://interviewquestions.tuteehub.com/tag/sleeping-1211724" style="font-weight:bold;" target="_blank" title="Click to know more about SLEEPING">SLEEPING</a> at times I hear the fan and the harddrive running.SalmonTrout I looked into the event viewer and the earliest thing that I could find entering an active state was "Window Image Acquisition" <br/><br/><br/><br/><br/><br/>Log Name: System<br/>Source: Service Control Manager<br/>Date: 7/27/2014 3:43:03 AM<br/>Event ID: 7036<br/>Task Category: None<br/>Level: Information<br/>Keywords: Classic<br/>User: N/A<br/>Computer: TomC-Comp_Room<br/>Description:<br/>The Windows Image Acquisition (WIA) service entered the running state.<br/>Event Xml:<br/>http://schemas.microsoft.com/win/2004/08/events/event"><br/> <br/> <br/> 7036<br/> 0<br/> 4<br/> 0<br/> 0<br/> 0x8080000000000000<br/> <br/> 119036<br/> <br/> <br/> System<br/> TomC-Comp_Room<br/> <br/> <br/> <br/> Windows Image Acquisition (WIA)<br/> running<br/> 7300740069007300760063002F0034000000<br/> <br/><br/><br/><br/><br/>Here is the exported version of the event log.<br/><br/><br/><br/><br/><br/><br/><strong>Am I reading this right??? My system was remotely activated? The key field says that for a "3" that it was a network logon to my system, am I reading this wrong?</strong><br/><br/><br/><br/><br/><br/>Log Name: Security<br/>Source: Microsoft-Windows-Security-Auditing<br/>Date: 7/27/2014 3:42:54 AM<br/>Event ID: 4624<br/>Task Category: Logon<br/>Level: Information<br/>Keywords: Audit Success<br/>User: N/A<br/>Computer: TomC-Comp_Room<br/>Description:<br/>An <a href="https://interviewquestions.tuteehub.com/tag/account-25640" style="font-weight:bold;" target="_blank" title="Click to know more about ACCOUNT">ACCOUNT</a> was successfully logged on.<br/><br/><br/>Subject:<br/> Security ID: SYSTEM<br/> Account Name: TOMC-COMP_ROOM$<br/> Account Domain: WORKGROUP<br/> Logon ID: 0x3e7<br/><br/><br/>Logon Type: 5<br/><br/><br/>New Logon:<br/> Security ID: SYSTEM<br/> Account Name: SYSTEM<br/> Account Domain: NT AUTHORITY<br/> Logon ID: 0x3e7<br/> Logon GUID: {00000000-0000-0000-0000-000000000000}<br/><br/><br/>Process Information:<br/> Process ID: 0x2d0<br/> Process Name: C:\Windows\System32\services.exe<br/><br/><br/>Network Information:<br/> Workstation Name: <br/> Source Network Address: -<br/> Source Port: -<br/><br/><br/>Detailed Authentication Information:<br/> Logon Process: Advapi <br/> Authentication Package: Negotiate<br/> Transited Services: -<br/> Package Name (NTLM only): -<br/> Key Length: 0<br/><br/><br/>This event is generated when a logon session is created. It is generated on the computer that was accessed.<br/><br/><br/>The subject fields indicate the account on the local system which requested the logon. This is most <a href="https://interviewquestions.tuteehub.com/tag/commonly-2530443" style="font-weight:bold;" target="_blank" title="Click to know more about COMMONLY">COMMONLY</a> a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.<br/><br/><br/>The logon type field <a href="https://interviewquestions.tuteehub.com/tag/indicates-248601" style="font-weight:bold;" target="_blank" title="Click to know more about INDICATES">INDICATES</a> the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).<br/><br/><br/>The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.<br/><br/><br/>The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.<br/><br/><br/>The authentication information fields provide detailed information about this specific logon request.<br/> - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.<br/> - Transited services indicate which intermediate services have participated in this logon request.<br/> - Package name indicates which sub-protocol was used among the NTLM protocols.<br/> - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.<br/>Event Xml:<br/>http://schemas.microsoft.com/win/2004/08/events/event"><br/> <br/> <br/> 4624<br/> 0<br/> 0<br/> 12544<br/> 0<br/> 0x8020000000000000<br/> <br/> 32930<br/> <br/> <br/> Security<br/> TomC-Comp_Room<br/> <br/> <br/> <br/> S-1-5-18<br/> TOMC-COMP_ROOM$<br/> WORKGROUP<br/> 0x3e7<br/> S-1-5-18<br/> SYSTEM<br/> NT AUTHORITY<br/> 0x3e7<br/> 5<br/> Advapi <br/> Negotiate<br/> <br/> <br/> {00000000-0000-0000-0000-000000000000}<br/> -<br/> -<br/> 0<br/> 0x2d0<br/> C:\Windows\System32\services.exe<br/> -<br/> -<br/> <br/><br/><br/><br/><br/><br/>Sorry for the wall of text.Why would at the same time as a log-on would a policy change be executed to the VSS.exe? Volume Shadow Service policy changes make no sense during a log-on.Just another reason to NOT use Win power saving features...just sayin.<br/>If you want the PC off ...turn it off...if you want it on...leave it on.If it's a remote magic packet wouldn't that start my system regardless of s1-4?<br/><br/><br/>But I will probably start leaving my system in a powered off state and see what happens.<br/><br/><br/> Quote</p><blockquote>If it's a remote magic packet wouldn't that start my system regardless of s1-4?</blockquote> <br/>No.Ok, so I just had my system turn on and I went to the CMD line and used "powercfg -lastwake" to see what turned my system on and it was a Media Center update. How do I disable Media Center from turning on my system?<br/><br/><br/>Update: I figured it out, thanks for the help. was under a task scheduler that I didn't check. It was running system maintenance programs during the night and starting the computer to do so.<br/><br/>[attachment deleted by admin to conserve space]</body></html> | |