Google Answers Logo
View Question
 
Q: Slow Booting of Windows XP ( Answered 4 out of 5 stars,   6 Comments )
Question  
Subject: Slow Booting of Windows XP
Category: Computers > Operating Systems
Asked by: rainman999-ga
List Price: $20.00
Posted: 14 May 2006 10:15 PDT
Expires: 13 Jun 2006 10:15 PDT
Question ID: 728719
Everything seems OK until I get to the "loading your preferences"
screen, then it goes "extremely" slow, I've tried the SFC windows
utility to check for corrupt windows files (all OK) I've tried
stopping ALL "start up" programs vis Msconfig to no avail, I've even
been in the BIOS, and I can not see anything out of the ordinary
there. I have a feeling it is something to do with the swap file
(commit charge is 650M / 2455)) but I can not figure how to correct
the problem.

Request for Question Clarification by sublime1-ga on 14 May 2006 14:31 PDT
rainman...

To check and see if it's your swapfile, one way to make things
simpler for Windows is to set both the minimum and maximum size
of your swapfile to the same amount = 2.5 times the amount of
installed RAM.

Your swapfile might also be fragmented. A utility that runs
prior to opening Windows and defragments your swapfile is
PageDefrag by Sysinternals:
http://www.sysinternals.com/Utilities/PageDefrag.html

Set it to run at next boot - you don't need to run it at every
boot.

Let me know where this takes you...

sublime1-ga

Request for Question Clarification by sublime1-ga on 18 May 2006 01:49 PDT
Perhaps you could post a clarification regarding the value
of my response to your question.

A user's guide on this topic is on skermit-ga's site, here: 
http://www.christopherwu.net/google_answers/answer_guide.html#how_clarify 
 
sublime1-ga

Clarification of Question by rainman999-ga on 19 May 2006 12:44 PDT
Sorry for the delay in replying, I thought I would get a email when
someone had an answer for me.
1) Downloaded and ran the PageDefrag by Sysinternals program you
recommended, it said that the swapfile was OK.
2) My pagefile size is 3072 (max & min)
3) Yes I have uninstalled a lot of programs. 
4) I am not connected to a work LAN.
5) Total paging file size for all drives
minimum allowed 2MB
recommended 1531MB
currently allocated 1532MB
I have two partitions C:\ & D:\

Any other information you need please ask, if you can tell me how to
show you screen shots I could add them, I have one in a word document
but unsure how to send it to you.

Paul.

Request for Question Clarification by sublime1-ga on 19 May 2006 17:31 PDT
Paul...

Auto-notifications by email are temporarily on the fritz.

From what you've noted, it doesn't seem like the swapfile
is a problem. I don't know that a screenshot would help,
but if you want to post one, you can get a free account
at eSnips, with 1GB of storage space, and post a public
folder with any files you like in it. Then post a link
to the folder.

The next couple of things I'd suggest would be:

- Try booting in safe mode (F8 before Windows starts).
  See if it's any faster.

- Boot normally, then r-click on My Computer and select
  'manage'. Expand Event Viewer on the left and look for
  error messages under the subheadings, especially System
  and Application.

- By any chance, do you have a wireless network card
  installed that's not in use? One user resolved this
  problem by removing it. Presumably Windows was looking
  for a network that didn't exist.

Let me know where this takes you...

sublime1-ga

Clarification of Question by rainman999-ga on 20 May 2006 02:40 PDT
No wireless network card
Booted up a LOT faster in Safe mode
"Where do I begin" on the error messages you told me to look for in
Event manager, there are tons of them in both the System and
Application sub headings; some red and some are yellow. A few of the
errors below:

Unable to open the Server service. Server performance data will not be
returned. Error code returned is in data DWORD 0.

Fault bucket 127634141.

The description for Event ID ( 0 ) in Source ( .NET Runtime ) cannot
be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following
information is part of the event: Unable to open shim database version
registry key - v2.0.50727.00000.

Product: Microsoft Office Professional Edition 2003 -- Error 1309.
Error reading from file: D:\SKU1E3.CAB.   System error 21.  Verify
that the file exists and that you can access it.

An error was detected on device \Device\CdRom0 during a paging operation.

The time service has not been able to synchronize the system time for
49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

The FileInfo service failed to start due to the following error: 
The system cannot find the file specified.

DCOM got error "This service cannot be started in Safe Mode "
attempting to start the service EventSystem with arguments "" in order
to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

The device, \Device\CdRom0, has a bad block.

CPLIB :: Close  MV7 Session ? Failed to close MV7 session

I have a horrible amount of the CD errors, not sure if that is relevant

Regards
Paul.

Clarification of Question by rainman999-ga on 20 May 2006 09:02 PDT
I've just had a horrible thought, although I do not have a network
card installed, this below wouldn't count would it?

--------[ EVEREST Home Edition (c) 2003, 2004 Lavalys, Inc.
]-----------------------------------------------------------

    Version                                           EVEREST v1.10.106
    Homepage                                          http://www.lavalys.com/
    Report Type                                       Report Wizard
    Computer                                          PAUL-5438989317 (The Cellar)
    Generator                                         Paul Evans
    Operating System                                  Microsoft
Windows XP Professional 5.1.2600 (WinXP Retail)
    Date                                              2006-05-20
    Time                                              16:57


--------[ Windows Network
]---------------------------------------------------------------------------------------------

  [ GlobeSpan USB ADSL LAN Modem ]

    Network Adapter Properties:
      Network Adapter                                   GlobeSpan USB
ADSL LAN Modem
      Interface Type                                    Ethernet
      Hardware Address                                  00-11-F5-07-05-AA
      Connection Name                                   Local Area Connection 3
      Connection Speed                                  2272 kbps
      MTU                                               1500 bytes
      DHCP Lease Obtained                               20/05/2006 13:52:28
      DHCP Lease Expires                                19/01/2038 04:14:07
      Bytes Received                                    93865270 (89.5 MB)
      Bytes Sent                                        80295 (78.4 KB)

    Network Adapter Addresses:
      IP / Subnet Mask                                  169.254.248.24
/ 255.255.0.0
      DHCP                                              255.255.255.255

  [ Intel(R) PRO/1000 PM Network Connection ]

    Network Adapter Properties:
      Network Adapter                                   Intel(R)
PRO/1000 PM Network Connection
      Interface Type                                    Ethernet
      Hardware Address                                  00-13-20-94-E7-E9
      Connection Name                                   Local Area Connection 4
      Connection Speed                                  1000 Mbps
      MTU                                               1500 bytes
      DHCP Lease Obtained                               01/01/1970 01:00:03
      DHCP Lease Expires                                01/01/1970 01:00:03
      Bytes Received                                    0
      Bytes Sent                                        0

    Network Adapter Addresses:

    Network Adapter Manufacturer:
      Company Name                                      Intel Corporation
      Product Information                              
http://www.intel.com/design/network/products/ethernet/linecard_ec.htm
      Driver Download                                  
http://support.intel.com/support/network

  [ WAN (PPP/SLIP) Interface ]

    Network Adapter Properties:
      Network Adapter                                   WAN (PPP/SLIP) Interface
      Interface Type                                    PPP
      Hardware Address                                  00-53-45-00-00-00
      Connection Speed                                  10 Mbps
      MTU                                               1500 bytes
      Bytes Received                                    92808827 (88.5 MB)
      Bytes Sent                                        78185128 (74.6 MB)

    Network Adapter Addresses:
      IP / Subnet Mask                                  172.209.60.35
/ 255.255.255.255
      Gateway                                           172.209.60.35
      DNS                                               205.188.146.145


--------[ PCI / PnP Network
]-------------------------------------------------------------------------------------------

    Intel(R) PRO/1000 PM Network Connection [NoDB]                    
               PCI


--------[ RAS ]---------------------------------------------------------------------------------------------------------

  [ AOL Dialler ]

    Connection Properties:
      Connection Name                                   AOL Dialler
      Status                                            Disconnected
      Device Type                                       vpn
      Device Name                                       WAN Miniport (L2TP)
      User Name                                         Not Specified
      Country / Area Code                               Not Specified
      Phone Number                                      555-5555
      Alternate Numbers                                 Not Specified
      IP Address                                        Dynamic
      DNS Addresses                                     Dynamic
      WINS Addresses                                    Dynamic
      Network Protocols                                 TCP/IP
      Framing Protocol                                  PPP
      Login Script File                                 Not Specified

    Connection Features:
      Use Current Username & Password                   No
      Use Remote Network Gateway                        Yes
      Log On To Network                                 Disabled
      IP Header Compression                             Disabled
      Software Compression                              Disabled
      PPP LCP Extensions                                Enabled
      Open Terminal Before Dial                         Disabled
      Open Terminal After Dial                          Disabled
      Encrypted Password Required                       No
      MS Encrypted Password Required                    No
      Data Encryption Required                          Yes
      Secure Local Files                                Disabled

    Problems & Suggestions:
      Suggestion                                        Enable IP
header compression to increase network speed.
      Suggestion                                        Enable
software compression to increase network speed.


--------[ IAM ]---------------------------------------------------------------------------------------------------------

  [ PaEv2 ]

    Account Properties:
      Account Name                                      PaEv2
      Account ID                                        00000001
      Account Type                                      Mail (Default)
      Connection Name                                   Not Specified (IE Default)
      IMAP Server                                       imap.uk.aol.com
      IMAP User Name                                    PaEv2
      IMAP/SMTP Server Timeout                          90 sec
      SMTP Display Name                                 Fat Bloke
      SMTP E-mail Address                               PaEv2@aol.com
      SMTP Server                                       smtp.uk.aol.com:587
      SMTP User Name                                    PaEv2

    Account Features:
      IMAP Prompt For Password                          No
      IMAP Secure Authentication                        No
      IMAP Secure Connection                            No
      SMTP Prompt For Password                          No
      SMTP Secure Authentication                        No
      SMTP Secure Connection                            No

  [ paulevans999 ]

    Account Properties:
      Account Name                                      paulevans999
      Account ID                                        00000002
      Account Type                                      Mail
      Connection Name                                   Not Specified (IE Default)
      IMAP Server                                       imap.uk.aol.com
      IMAP User Name                                    paulevans999
      IMAP/SMTP Server Timeout                          1 min
      SMTP Display Name                                 Paul Antoni Evans
      SMTP E-mail Address                               paulevans999@aol.com
      SMTP Server                                       smtp.uk.aol.com:587
      SMTP User Name                                    paulevans999

    Account Features:
      IMAP Prompt For Password                          No
      IMAP Secure Authentication                        No
      IMAP Secure Connection                            No
      SMTP Prompt For Password                          No
      SMTP Secure Authentication                        No
      SMTP Secure Connection                            No

  [ Active Directory ]

    Account Properties:
      Account Name                                      Active Directory
      Account ID                                        Active Directory GC
      Account Type                                      LDAP (Default)
      Connection Name                                   Not Specified (IE Default)
      LDAP Server                                       NULL:3268
      LDAP User Name                                    NULL
      LDAP Search Base                                  NULL
      LDAP Search Timeout                               1 min

    Account Features:
      LDAP Authentication Required                      Yes
      LDAP Secure Authentication                        Yes
      LDAP Secure Connection                            No
      LDAP Simple Search Filter                         No

  [ Bigfoot Internet Directory Service ]

    Account Properties:
      Account Name                                      Bigfoot
Internet Directory Service
      Account ID                                        Bigfoot
      Account Type                                      LDAP
      Connection Name                                   Not Specified (IE Default)
      LDAP Server                                       ldap.bigfoot.com
      LDAP URL                                          http://www.bigfoot.com
      LDAP Search Timeout                               1 min

    Account Features:
      LDAP Authentication Required                      No
      LDAP Secure Authentication                        No
      LDAP Secure Connection                            No
      LDAP Simple Search Filter                         Yes

  [ InfoSpace Business Directory Service ]

    Account Properties:
      Account Name                                      InfoSpace
Business Directory Service
      Account ID                                        InfoSpace Business
      Account Type                                      LDAP
      Connection Name                                   Not Specified (IE Default)
      LDAP Server                                       ldapbiz.infospace.com
      LDAP URL                                          http://www.infospace.com
      LDAP Search Timeout                               1 min

    Account Features:
      LDAP Authentication Required                      No
      LDAP Secure Authentication                        No
      LDAP Secure Connection                            No
      LDAP Simple Search Filter                         Yes

  [ InfoSpace Internet Directory Service ]

    Account Properties:
      Account Name                                      InfoSpace
Internet Directory Service
      Account ID                                        InfoSpace
      Account Type                                      LDAP
      Connection Name                                   Not Specified (IE Default)
      LDAP Server                                       ldap.infospace.com
      LDAP URL                                          http://www.infospace.com
      LDAP Search Timeout                               1 min

    Account Features:
      LDAP Authentication Required                      No
      LDAP Secure Authentication                        No
      LDAP Secure Connection                            No
      LDAP Simple Search Filter                         Yes

  [ VeriSign Internet Directory Service ]

    Account Properties:
      Account Name                                      VeriSign
Internet Directory Service
      Account ID                                        VeriSign
      Account Type                                      LDAP
      Connection Name                                   Not Specified (IE Default)
      LDAP Server                                       directory.verisign.com
      LDAP URL                                          http://www.verisign.com
      LDAP Search Base                                  NULL
      LDAP Search Timeout                               1 min

    Account Features:
      LDAP Authentication Required                      No
      LDAP Secure Authentication                        No
      LDAP Secure Connection                            No
      LDAP Simple Search Filter                         Yes

  [ WhoWhere Internet Directory Service ]

    Account Properties:
      Account Name                                      WhoWhere
Internet Directory Service
      Account ID                                        WhoWhere
      Account Type                                      LDAP
      Connection Name                                   Not Specified (IE Default)
      LDAP Server                                       ldap.whowhere.com
      LDAP URL                                          http://www.whowhere.com
      LDAP Search Timeout                               1 min

    Account Features:
      LDAP Authentication Required                      No
      LDAP Secure Authentication                        No
      LDAP Secure Connection                            No
      LDAP Simple Search Filter                         Yes

  [ Yahoo! People Search ]

    Account Properties:
      Account Name                                      Yahoo! People Search
      Account ID                                        Yahoo!
      Account Type                                      LDAP
      Connection Name                                   Not Specified (IE Default)
      LDAP Server                                       ldap.yahoo.com
      LDAP URL                                         
http://www.yahoo.com/search/people
      LDAP Search Timeout                               1 min

    Account Features:
      LDAP Authentication Required                      No
      LDAP Secure Authentication                        No
      LDAP Secure Connection                            No
      LDAP Simple Search Filter                         Yes


--------[ Internet ]----------------------------------------------------------------------------------------------------

    Internet Settings:
      Start Page                                       
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Search Page                                       ://www.google.com
      Download Folder                                   

    Current Proxy:
      Proxy Status                                      Disabled

    LAN Proxy:
      Proxy Status                                      Disabled

If it does count, how do I turn it off?

Regards
Paul

Request for Question Clarification by sublime1-ga on 21 May 2006 14:57 PDT
Paul...

Okay, the 'unable to open the server service' is not unusual.

What it looks like to me is that you have some auxiliary part
of MS Office, like Bookshelf Basics, or an encyclopedia that's
setup to load from CD when Windows starts, so it's trying to
access the CD ROM on the D drive, and findng nothing. This 
seems the likely cause of the delay. 

Since you started fast in Safe Mode, the entries you want to
get rid of can be found in msconfig. If you're not familiar
with that, I suggest you install the user-friendlier WinPatrol
program (freeware) to see your Windows Startup entries and 
disable the ones calling for the CD ROM drive.

WinPatrol
http://www.winpatrol.com/


As for the network entries in EVEREST, I'm not familiar with 
how you normally connect to the internet. If you're using
cable or DSL, you probably DO have a network card installed,
and the Intel(R) PRO/1000 PM Network Connection is normally
used with DSL connections. The GlobeSpan USB ADSL LAN Modem
looks like it is active, while the Intel(R) PRO/1000 PM looks
like it is not. You can uninstall the Intel PRO/1000 by going
into Device Manager and removing it under Network Adapters.

R-click My Computer -> Properties -> Hardware tab -> Device
Manager button -> expand Network Adapters, find the Intel
PRO, and r-click it to uninstall. If the adapter card is
still installed in your computer, shut down and remove it
with the power cord pulled, or Windows will try to reinstall
it when you boot back up.

If you're no longer using AOL you should uninstall the dialer,
but it's possible you're using the The GlobeSpan USB ADSL LAN
Modem with AOL high speed, so those two could be okay.

I doubt the presence of the Intel PRO network card is what's
slowing you down, but it would be best to remove it. I think
it's some startup entry looking for the CD ROM and not finding
the CD it wants.

Let me know where this takes you...

sublime1-ga

Clarification of Question by rainman999-ga on 22 May 2006 14:30 PDT
Hi sublime1-ga,

I just downloaded WinPatrol and tried to install it as you suggested,
but it came up with a box titled "16 bit Windows Subsystem" with the
message SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD.
Virtual Device Driver format in the registry is invalid. Chooes
'Close' to terminate the application.

As soon as I did that the installation cancelled itself :o(

Any suggestions on how I proceed?

Regards
Paul.

Request for Question Clarification by sublime1-ga on 22 May 2006 21:59 PDT
rainman...

I'm afraid that amounts to a completely different question which
would require research all to itself. Better stick with 'msconfig':

Click Start -> Run, type in msconfig and hit Enter. Go to the 
Startup tab and look for entries that call for the CD-ROM via the
D:\ in the path, under the Command column. Uncheck it or them and
reboot. When Windows starts up again, see if it doesn't take less
time. Ignore the message msconfig gives you about the disabled
startup items, and tell it not to bother you again.

Let me know where this takes you...

sublime1-ga

Clarification of Question by rainman999-ga on 22 May 2006 22:58 PDT
Hi, 

There are not any entries that call on the CD drive!

Paul.

Request for Question Clarification by sublime1-ga on 23 May 2006 12:10 PDT
Well then where are all the CD errors coming from? Or are you 
reading Error Messages that occurred at some time other than
bootup? If so, make a note of the timestamp of the messages, 
and focus on the ones that occur during the extended bootups.

---
Product: Microsoft Office Professional Edition 2003 -- Error 1309.
Error reading from file: D:\SKU1E3.CAB.   System error 21.  Verify
that the file exists and that you can access it.

An error was detected on device \Device\CdRom0 during a paging operation.

The device, \Device\CdRom0, has a bad block.
---

In reading back, I see you have 2 partitions, and one of them is D,
so what drive letter is assigned to the CD-ROM? Did you see the 
entry in msconfig that is calling for D:\SKU1E3.CAB?

Does your CD-ROM appear to be seeking during the extended bootups?
Even if the reason for the slowness isn't the CD-ROM, it's most
certainly something visible in msconfig - otherwise, it wouldn't
be significantly quicker in Safe Mode - but you said you'd unchecked
ALL the startup files via msconfig, to no avail, so that leaves very
little to explore other than the system files like win.ini and
system.ini.

Also, you've not given me feedback on the network card issue.
Did you have a superfluous Intel PRO card installed? Did you
uninstall it? 

sublime1-ga

Clarification of Question by rainman999-ga on 25 May 2006 13:26 PDT
Microsoft Office Professional Edition 2003 -- Error 1309. Error
reading from file: D:\SKU1E3.CAB. That is now remedied, Office asked
me to install the Office CD and then corrected the problem for me.
I've disabled the Intel PRO/1000 by going into Device Manager.
My CD-ROM does not seek during the extended bootups?
Ran the registry (regseeker) scan and got rid of all the junk it found
(over 900 entries).
Ran the services.msc and removed all surplus entries.
Created a new account and called it troubleshooter, unfortunately
someone told me how to bypass entering the password on log-on, and now
I can not remember how to change it back to a choice of log-ons, so it
went straight to my old log-on! Any ideas how to make it give me the
choice of letting me choose the troubleshooter log-on you suggested me
to set up?
Still a 5 and a half minute log-on by the way.
Regards
Paul.

Clarification of Question by rainman999-ga on 27 May 2006 02:22 PDT
I'm on a stand alone PC.

I tried setting up a new log-on, it wouldn't even log-on at all.
It came up with a message "Sunserver.exe - Application Error" in the
title and told me to close it down!

No idea how to email it to you, so I' am going to have to paste it
into this box as I can not find a way of attaching it, so here goes.

USERENV(618.110) 10:02:42:218 ImpersonateUser: Failed to impersonate user with 5.
USERENV(618.110) 10:02:42:218 GetUserNameAndDomain Failed to impersonate user
USERENV(618.110) 10:02:42:218 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(e0.9e4) 10:02:57:125 ImpersonateUser: Failed to impersonate user with 5.
USERENV(e0.9e4) 10:02:57:140 GetUserNameAndDomain Failed to impersonate user
USERENV(e0.9e4) 10:02:57:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(544.7d8) 10:02:57:218 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(544.720) 10:02:57:328 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(544.7d8) 10:02:57:421 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(544.720) 10:02:57:593 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(838.860) 10:03:03:421 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(9c.4e4) 10:03:03:484 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(d6c.fbc) 10:03:08:359 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(e6c.7bc) 10:03:08:625 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(618.110) 10:03:14:234 ImpersonateUser: Failed to impersonate user with 5.
USERENV(618.110) 10:03:14:234 GetUserNameAndDomain Failed to impersonate user
USERENV(618.110) 10:03:14:234 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(c0.c1c) 10:03:14:359 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(9d8.d70) 10:03:15:078 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(834.2a8) 10:03:20:359 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(ef8.e5c) 10:03:20:546 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(d1c.c8) 10:03:24:953 LibMain: Process Name: 
C:\WINDOWS\system32\logonui.exe
USERENV(ad4.754) 10:03:30:093 UnloadUserProfile: Entering, hProfile = <0x29c>
USERENV(ad4.754) 10:03:30:093 GetInterface: Returning rpc binding handle
USERENV(3c8.30c) 10:03:30:093 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.30c) 10:03:30:093 DropClientContext: Got client token
0000069C, sid = S-1-5-18
USERENV(3c8.30c) 10:03:30:109 MIDL_user_allocate enter
USERENV(3c8.30c) 10:03:30:109 DropClientContext: load profile object
successfully made
USERENV(3c8.30c) 10:03:30:109 DropClientContext: Returning 0
USERENV(ad4.754) 10:03:30:109 UnLoadUserProfile: Calling
DropClientToken (as self) succeeded
USERENV(3c8.bb4) 10:03:30:109 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.bb4) 10:03:30:109 UnloadUserProfileP: Entering, hProfile = <0x658>
USERENV(3c8.bb4) 10:03:30:109 UnloadUserProfileP: ImpersonateUser
<0000069c>, old token is <00000000>
USERENV(3c8.bb4) 10:03:30:125 GetExclusionListFromRegistry: Policy
list is empty, returning user list = <Local Settings;Temporary
Internet Files;History;Temp>
USERENV(3c8.bb4) 10:03:30:125 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(3c8.bb4) 10:03:30:125 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.bb4) 10:03:30:125 CSyncManager::EnterLock: New entry created
USERENV(3c8.bb4) 10:03:30:125 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1003 added in bucket 14
USERENV(3c8.bb4) 10:03:30:125 UnloadUserProfileP: Wait succeeded.  In
critical section.
USERENV(3c8.bb4) 10:03:30:812 MyRegUnLoadKey: Returning 1.
USERENV(3c8.bb4) 10:03:30:812 UnloadUserProfileP:  Succesfully unloaded profile
USERENV(3c8.bb4) 10:03:30:828 MyRegUnLoadKey: Returning 1.
USERENV(3c8.bb4) 10:03:30:828 UnLoadClassHive: Successfully unmounted
S-1-5-21-117609710-1580818891-1417001333-1003_Classes
USERENV(3c8.bb4) 10:03:30:828 UnloadUserProfileP:  Successfully
unloaded user classes
USERENV(3c8.bb4) 10:03:30:828 UnloadUserProfileP: Impersonated user
USERENV(3c8.bb4) 10:03:30:828 UnloadUserProfileP: Writing local ini file
USERENV(3c8.bb4) 10:03:30:828 UnloadUserProfileP: Reverting to Self
USERENV(3c8.bb4) 10:03:30:828 UnloadUserProfileP: exitting and cleaning up
USERENV(3c8.bb4) 10:03:30:828 UnloadUserProfileP: Reverted back to user <00000000>
USERENV(3c8.bb4) 10:03:30:843 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(3c8.bb4) 10:03:30:843 CSyncManager::LeaveLock: Lock released
USERENV(3c8.bb4) 10:03:30:843 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1003 deleted
USERENV(3c8.bb4) 10:03:30:843 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.bb4) 10:03:30:843 UnloadUserProfileP: Leave critical section.
USERENV(3c8.bb4) 10:03:30:843 UnloadUserProfileP: Leaving with a return value of 1
USERENV(3c8.bb4) 10:03:30:843 UnloadUserProfileI: returning 0
USERENV(ad4.754) 10:03:30:843 UnloadUserProfile: Calling
UnloadUserProfileI succeeded
USERENV(3c8.37c) 10:03:30:843 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.37c) 10:03:30:843 ReleaseClientContext: Releasing context
USERENV(3c8.37c) 10:03:30:843 ReleaseClientContext_s: Releasing context
USERENV(3c8.37c) 10:03:30:859 MIDL_user_free enter
USERENV(ad4.754) 10:03:30:859 ReleaseInterface: Releasing rpc binding handle
USERENV(ad4.754) 10:03:30:859 UnloadUserProfile: returning 1
USERENV(8b0.af0) 10:03:30:984 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(a0c.97c) 10:03:31:265 LibMain: Process Name: 
C:\WINDOWS\system32\wuauclt.exe
USERENV(958.86c) 10:03:34:375 LibMain: Process Name: 
C:\WINDOWS\system32\logonui.exe
USERENV(544.720) 10:03:37:718 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.3cc) 10:03:42:015 UnloadUserProfile: Entering, hProfile = <0x578>
USERENV(3c8.3cc) 10:03:42:015 UnloadUserProfile: In console winlogon process
USERENV(3c8.3cc) 10:03:42:031 UnloadUserProfileP: Entering, hProfile = <0x578>
USERENV(3c8.3cc) 10:03:42:031 GetExclusionListFromRegistry: Policy
list is empty, returning user list = <Local Settings;Temporary
Internet Files;History;Temp>
USERENV(3c8.3cc) 10:03:42:031 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1008>
USERENV(3c8.3cc) 10:03:42:031 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:03:42:031 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:03:42:031 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1008 added in bucket 19
USERENV(3c8.3cc) 10:03:42:031 UnloadUserProfileP: Wait succeeded.  In
critical section.
USERENV(3c8.3cc) 10:03:42:453 MyRegUnLoadKey: Returning 1.
USERENV(3c8.3cc) 10:03:42:453 UnloadUserProfileP:  Succesfully unloaded profile
USERENV(3c8.3cc) 10:03:42:453 MyRegUnLoadKey: Returning 1.
USERENV(3c8.3cc) 10:03:42:453 UnLoadClassHive: Successfully unmounted
S-1-5-21-117609710-1580818891-1417001333-1008_Classes
USERENV(3c8.3cc) 10:03:42:453 UnloadUserProfileP:  Successfully
unloaded user classes
USERENV(3c8.3cc) 10:03:42:453 UnloadUserProfileP: Impersonated user
USERENV(3c8.3cc) 10:03:42:453 UnloadUserProfileP: Writing local ini file
USERENV(3c8.3cc) 10:03:42:468 UnloadUserProfileP: Reverting to Self
USERENV(3c8.3cc) 10:03:42:468 UnloadUserProfileP: exitting and cleaning up
USERENV(3c8.3cc) 10:03:42:468 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1008>
USERENV(3c8.3cc) 10:03:42:468 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:03:42:468 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1008 deleted
USERENV(3c8.3cc) 10:03:42:468 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:03:42:468 UnloadUserProfileP: Leave critical section.
USERENV(3c8.3cc) 10:03:42:468 UnloadUserProfileP: Leaving with a return value of 1
USERENV(3c8.3cc) 10:03:42:468 UnloadUserProfile: UnloadUserProfileP succeeded
USERENV(3c8.3cc) 10:03:42:484 UnloadUserProfile: returning 1
USERENV(618.110) 10:03:45:015 ImpersonateUser: Failed to impersonate user with 5.
USERENV(618.110) 10:03:45:015 GetUserNameAndDomain Failed to impersonate user
USERENV(618.110) 10:03:45:015 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(618.110) 10:03:45:015 ImpersonateUser: Failed to impersonate user with 5.
USERENV(618.110) 10:03:45:015 GetUserNameAndDomain Failed to impersonate user
USERENV(618.110) 10:03:45:015 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.3cc) 10:04:22:625 InitializePolicyProcessing: Initialised
Machine Mutex/Events
USERENV(3c8.3cc) 10:04:22:671 InitializePolicyProcessing: Initialised
User Mutex/Events
USERENV(3c8.3cc) 10:04:22:671 LibMain: Process Name: 
\??\C:\WINDOWS\system32\winlogon.exe
USERENV(3c8.3cc) 10:04:23:453 Entering CUserProfile::Initialize ...
USERENV(3c8.3cc) 10:04:23:453 CUserProfile::Initialize called by winlogon
USERENV(3c8.3cc) 10:04:23:453 CUserProfile::Initialize: critical
section initialized
USERENV(3c8.3cc) 10:04:23:453 CSyncManager::Initialize: critical
section initialized
USERENV(3c8.3cc) 10:04:23:468 CUserProfile::Initialize: registry key
Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened
USERENV(3c8.3cc) 10:04:23:468 CUserProfile::Initialize: Proccessing
S-1-5-21-117609710-1580818891-1417001333-500
USERENV(3c8.3cc) 10:04:23:468 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-500>
USERENV(3c8.3cc) 10:04:23:468 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:04:23:468 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:04:23:468 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-500 added in bucket 13
USERENV(3c8.3cc) 10:04:23:468 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(3c8.3cc) 10:04:23:468 CUserProfile::GetRefCountAndFlags: Ref
count is 1, state is 00000104
USERENV(3c8.3cc) 10:04:23:468 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(3c8.3cc) 10:04:23:468 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-500>
USERENV(3c8.3cc) 10:04:23:468 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:04:23:484 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-500 deleted
USERENV(3c8.3cc) 10:04:23:484 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:04:23:484 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(3c8.3cc) 10:04:23:484 CUserProfile::Initialize: Proccessing
S-1-5-21-117609710-1580818891-1417001333-1008
USERENV(3c8.3cc) 10:04:23:484 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1008>
USERENV(3c8.3cc) 10:04:23:484 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:04:23:484 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:04:23:484 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1008 added in bucket 19
USERENV(3c8.3cc) 10:04:23:484 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(3c8.3cc) 10:04:23:484 CUserProfile::GetRefCountAndFlags: Ref
count is 0, state is 00000000
USERENV(3c8.3cc) 10:04:23:484 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1008>
USERENV(3c8.3cc) 10:04:23:484 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:04:23:500 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1008 deleted
USERENV(3c8.3cc) 10:04:23:500 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:04:23:500 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(3c8.3cc) 10:04:23:500 CUserProfile::Initialize: Proccessing
S-1-5-21-117609710-1580818891-1417001333-1003
USERENV(3c8.3cc) 10:04:23:500 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(3c8.3cc) 10:04:23:500 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:04:23:500 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:04:23:500 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1003 added in bucket 14
USERENV(3c8.3cc) 10:04:23:500 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(3c8.3cc) 10:04:23:500 CUserProfile::GetRefCountAndFlags: Ref
count is 0, state is 00000100
USERENV(3c8.3cc) 10:04:23:500 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(3c8.3cc) 10:04:23:515 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:04:23:515 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1003 deleted
USERENV(3c8.3cc) 10:04:23:515 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:04:23:515 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(3c8.3cc) 10:04:23:515 CUserProfile::Initialize: Proccessing S-1-5-20
USERENV(3c8.3cc) 10:04:23:515 CSyncManager::EnterLock <S-1-5-20>
USERENV(3c8.3cc) 10:04:23:515 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:04:23:515 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:04:23:515 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(3c8.3cc) 10:04:23:515 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(3c8.3cc) 10:04:23:515 CUserProfile::GetRefCountAndFlags: Ref
count is 2, state is 00000000
USERENV(3c8.3cc) 10:04:23:531 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(3c8.3cc) 10:04:23:531 CSyncManager::LeaveLock <S-1-5-20>
USERENV(3c8.3cc) 10:04:23:531 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:04:23:531 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(3c8.3cc) 10:04:23:531 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:04:23:531 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(3c8.3cc) 10:04:23:531 CUserProfile::Initialize: Proccessing S-1-5-19
USERENV(3c8.3cc) 10:04:23:531 CSyncManager::EnterLock <S-1-5-19>
USERENV(3c8.3cc) 10:04:23:531 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:04:23:531 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:04:23:531 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(3c8.3cc) 10:04:23:546 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(3c8.3cc) 10:04:23:546 CUserProfile::GetRefCountAndFlags: Ref
count is 1, state is 00000000
USERENV(3c8.3cc) 10:04:23:546 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(3c8.3cc) 10:04:23:546 CSyncManager::LeaveLock <S-1-5-19>
USERENV(3c8.3cc) 10:04:23:546 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:04:23:546 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(3c8.3cc) 10:04:23:546 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:04:23:546 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(3c8.3cc) 10:04:23:546 CUserProfile::Initialize: Proccessing S-1-5-18
USERENV(3c8.3cc) 10:04:23:546 CSyncManager::EnterLock <S-1-5-18>
USERENV(3c8.3cc) 10:04:23:562 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:04:23:562 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:04:23:562 CHashTable::HashAdd: S-1-5-18 added in bucket 11
USERENV(3c8.3cc) 10:04:23:562 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(3c8.3cc) 10:04:23:562 CUserProfile::GetRefCountAndFlags: Ref
count is 1, state is 00000000
USERENV(3c8.3cc) 10:04:23:562 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(3c8.3cc) 10:04:23:562 CSyncManager::LeaveLock <S-1-5-18>
USERENV(3c8.3cc) 10:04:23:562 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:04:23:562 CHashTable::HashDelete: S-1-5-18 deleted
USERENV(3c8.3cc) 10:04:23:562 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:04:23:562 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(3c8.3cc) 10:04:23:593 CUserProfile::Initialize:
RpcServerRegisterIfEx successful
USERENV(3c8.3cc) 10:04:23:593 Exiting CUserProfile::Initialize, successful
USERENV(3f8.3fc) 10:04:27:015 LibMain: Process Name: 
C:\WINDOWS\system32\services.exe
USERENV(404.408) 10:04:27:375 LibMain: Process Name:  C:\WINDOWS\system32\lsass.exe
USERENV(3c8.3cc) 10:04:27:625 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(4b4.4b8) 10:04:28:640 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(4d0.4d4) 10:04:29:437 LibMain: Process Name: 
C:\WINDOWS\system32\logonui.exe
USERENV(3f8.3fc) 10:04:30:312 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(3f8.3fc) 10:04:30:312
=========================================================
USERENV(3f8.3fc) 10:04:30:312 LoadUserProfile: Entering, hToken =
<0x2dc>, lpProfileInfo = 0x7fcf8
USERENV(3f8.3fc) 10:04:30:312 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(3f8.3fc) 10:04:30:312 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(3f8.3fc) 10:04:30:312 LoadUserProfile: NULL central profile path
USERENV(3f8.3fc) 10:04:30:312 LoadUserProfile: NULL default profile path
USERENV(3f8.3fc) 10:04:30:312 LoadUserProfile: NULL server name
USERENV(3f8.3fc) 10:04:30:312 GetInterface: Returning rpc binding handle
USERENV(3c8.3e4) 10:04:30:328 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.3e4) 10:04:30:328 DropClientContext: Got client token
00000450, sid = S-1-5-18
USERENV(3c8.3e4) 10:04:30:328 MIDL_user_allocate enter
USERENV(3c8.3e4) 10:04:30:328 DropClientContext: load profile object
successfully made
USERENV(3c8.3e4) 10:04:30:328 DropClientContext: Returning 0
USERENV(3f8.3fc) 10:04:30:328 LoadUserProfile: Calling DropClientToken
(as self) succeeded
USERENV(3c8.500) 10:04:30:328 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.500) 10:04:30:328 In LoadUserProfileP
USERENV(3c8.500) 10:04:30:343 LoadUserProfile: Running as client
USERENV(3c8.500) 10:04:30:343
=========================================================
USERENV(3c8.500) 10:04:30:343 LoadUserProfile: Entering, hToken =
<0x454>, lpProfileInfo = 0xe3f8c0
USERENV(3c8.500) 10:04:30:343 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(3c8.500) 10:04:30:343 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(3c8.500) 10:04:30:343 LoadUserProfile: NULL central profile path
USERENV(3c8.500) 10:04:30:343 LoadUserProfile: NULL default profile path
USERENV(3c8.500) 10:04:30:343 LoadUserProfile: NULL server name
USERENV(3c8.500) 10:04:30:343 LoadUserProfile: User sid: S-1-5-20
USERENV(3c8.500) 10:04:30:343 CSyncManager::EnterLock <S-1-5-20>
USERENV(3c8.500) 10:04:30:359 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.500) 10:04:30:359 CSyncManager::EnterLock: New entry created
USERENV(3c8.500) 10:04:30:359 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(3c8.500) 10:04:30:359 LoadUserProfile: Wait succeeded. In critical section.
USERENV(3c8.500) 10:04:30:359 RestoreUserProfile:  Entering
USERENV(3c8.500) 10:04:30:359 IsCentralProfileReachable:  Entering
USERENV(3c8.500) 10:04:30:359 IsCentralProfileReachable:  Null path.  Leaving
USERENV(3c8.500) 10:04:30:359 RestoreUserProfile:  Profile path = <>
USERENV(3c8.500) 10:04:30:359 ExtractProfileFromBackup:  A profile already exists
USERENV(3c8.500) 10:04:30:359 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(3c8.500) 10:04:30:375 CreateLocalProfileKey:  Not setting
additional Security
USERENV(3c8.500) 10:04:30:375 GetExistingLocalProfileImage:  Found
entry in profile list for existing local profile
USERENV(3c8.500) 10:04:30:375 GetExistingLocalProfileImage:  Local
profile image filename = <%SystemDrive%\Documents and
Settings\NetworkService>
USERENV(3c8.500) 10:04:30:375 GetExistingLocalProfileImage:  Expanded
local profile image filename = <C:\Documents and
Settings\NetworkService>
USERENV(3c8.500) 10:04:30:375 GetExistingLocalProfileImage:  No local
mandatory profile.  Error = 2
USERENV(3c8.500) 10:04:30:375 GetExistingLocalProfileImage:  Found
local profile image file ok <C:\Documents and
Settings\NetworkService\ntuser.dat>
USERENV(3c8.500) 10:04:30:375 GetExistingLocalProfileImage:  Failed to
query low profile unload time with error 2
USERENV(3c8.500) 10:04:30:375 Local Existing Profile Image is reachable
USERENV(3c8.500) 10:04:30:375 Local profile name is <C:\Documents and
Settings\NetworkService>
USERENV(3c8.500) 10:04:30:390 RestoreUserProfile:  No central profile.
 Attempting to load local profile.
USERENV(3c8.500) 10:04:30:421 MyRegLoadKey: Returning 00000000
USERENV(3c8.500) 10:04:30:468 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.500) 10:04:30:578 MyRegLoadKey: Returning 00000000
USERENV(3c8.500) 10:04:30:578 CreateClassHive: existing user classes hive found
USERENV(3c8.500) 10:04:30:578 RestoreUserProfile:  About to Leave. 
Final Information follows:
USERENV(3c8.500) 10:04:30:578 Profile was successfully loaded.
USERENV(3c8.500) 10:04:30:578 lpProfile->lpRoamingProfile = <>
USERENV(3c8.500) 10:04:30:593 lpProfile->lpLocalProfile =
<C:\Documents and Settings\NetworkService>
USERENV(3c8.500) 10:04:30:593 lpProfile->dwInternalFlags = 0x0
USERENV(3c8.500) 10:04:30:593 RestoreUserProfile:  Leaving.
USERENV(3c8.500) 10:04:30:609 UpgradeProfile: Entering
USERENV(3c8.500) 10:04:30:609 UpgradeProfile: Build numbers match
USERENV(3c8.500) 10:04:30:609 UpgradeProfile: Leaving Successfully
USERENV(3c8.500) 10:04:30:734 GetProfileType:  Profile already loaded.
USERENV(3c8.500) 10:04:30:734 LoadProfileInfo:  Failed to query
central profile with error 2
USERENV(3c8.500) 10:04:30:734 GetProfileType: ProfileFlags is 0
USERENV(3c8.500) 10:04:30:765 Profile Ref Count is 1
USERENV(3c8.500) 10:04:30:781 LoadUserProfile: Leaving critical Section.
USERENV(3c8.500) 10:04:30:781 CSyncManager::LeaveLock <S-1-5-20>
USERENV(3c8.500) 10:04:30:781 CSyncManager::LeaveLock: Lock released
USERENV(3c8.500) 10:04:30:781 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(3c8.500) 10:04:30:781 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.500) 10:04:30:781 LoadUserProfile: Impersonated user:
00000454, 00000460
USERENV(404.440) 10:04:30:781 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(404.440) 10:04:30:796 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.500) 10:04:30:812 LoadUserProfile: Reverted to user: 00000000
USERENV(3c8.500) 10:04:30:812 LoadUserProfile: Reverted back to user <00000000>
USERENV(3c8.500) 10:04:30:828 LoadUserProfile: Leaving with a value of 1.
USERENV(3c8.500) 10:04:30:828
=========================================================
USERENV(3c8.500) 10:04:30:828 LoadUserProfileI: returning 0
USERENV(3f8.3fc) 10:04:30:828 LoadUserProfile: Running as self
USERENV(3f8.3fc) 10:04:30:828 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(3f8.3fc) 10:04:30:828 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(3f8.3fc) 10:04:30:828 lpProfileInfo->UserName = <NetworkService>
USERENV(3f8.3fc) 10:04:30:828 lpProfileInfo->lpProfilePath = <>
USERENV(3f8.3fc) 10:04:30:828 lpProfileInfo->dwFlags = 0x9
USERENV(3c8.3e4) 10:04:30:843 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.3e4) 10:04:30:843 ReleaseClientContext: Releasing context
USERENV(3c8.3e4) 10:04:30:843 ReleaseClientContext_s: Releasing context
USERENV(3c8.3e4) 10:04:30:843 MIDL_user_free enter
USERENV(3f8.3fc) 10:04:30:843 ReleaseInterface: Releasing rpc binding handle
USERENV(3f8.3fc) 10:04:30:843 LoadUserProfile: Returning TRUE. hProfile = <0x350>
USERENV(3f8.3fc) 10:04:30:843 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(510.514) 10:04:30:984 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(580.584) 10:04:31:859 LibMain: Process Name: 
C:\WINDOWS\System32\svchost.exe
USERENV(3f8.3fc) 10:04:31:921 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(3f8.3fc) 10:04:31:921
=========================================================
USERENV(3f8.3fc) 10:04:31:921 LoadUserProfile: Entering, hToken =
<0x390>, lpProfileInfo = 0x7fcf8
USERENV(3f8.3fc) 10:04:31:921 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(3f8.3fc) 10:04:31:921 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(3f8.3fc) 10:04:31:937 LoadUserProfile: NULL central profile path
USERENV(3f8.3fc) 10:04:31:937 LoadUserProfile: NULL default profile path
USERENV(3f8.3fc) 10:04:31:937 LoadUserProfile: NULL server name
USERENV(3f8.3fc) 10:04:31:937 GetInterface: Returning rpc binding handle
USERENV(3c8.500) 10:04:31:937 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.500) 10:04:31:937 DropClientContext: Got client token
00000464, sid = S-1-5-18
USERENV(3c8.500) 10:04:31:937 MIDL_user_allocate enter
USERENV(3c8.500) 10:04:31:937 DropClientContext: load profile object
successfully made
USERENV(3c8.500) 10:04:31:953 DropClientContext: Returning 0
USERENV(3f8.3fc) 10:04:31:953 LoadUserProfile: Calling DropClientToken
(as self) succeeded
USERENV(3c8.3e4) 10:04:31:953 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.3e4) 10:04:31:953 In LoadUserProfileP
USERENV(3c8.3e4) 10:04:31:953 LoadUserProfile: Running as client
USERENV(3c8.3e4) 10:04:31:953
=========================================================
USERENV(3c8.3e4) 10:04:31:953 LoadUserProfile: Entering, hToken =
<0x488>, lpProfileInfo = 0xe36d50
USERENV(3c8.3e4) 10:04:31:953 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(3c8.3e4) 10:04:31:953 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(3c8.3e4) 10:04:31:968 LoadUserProfile: NULL central profile path
USERENV(3c8.3e4) 10:04:31:968 LoadUserProfile: NULL default profile path
USERENV(3c8.3e4) 10:04:31:968 LoadUserProfile: NULL server name
USERENV(3c8.3e4) 10:04:31:968 LoadUserProfile: User sid: S-1-5-20
USERENV(3c8.3e4) 10:04:31:968 CSyncManager::EnterLock <S-1-5-20>
USERENV(3c8.3e4) 10:04:31:968 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3e4) 10:04:31:968 CSyncManager::EnterLock: New entry created
USERENV(3c8.3e4) 10:04:31:968 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(3c8.3e4) 10:04:31:968 LoadUserProfile: Wait succeeded. In critical section.
USERENV(3c8.3e4) 10:04:31:984 TestIfUserProfileLoaded:  Profile already loaded.
USERENV(3c8.3e4) 10:04:31:984 Profile Ref Count is 2
USERENV(3c8.3e4) 10:04:31:984 LoadUserProfile: Leaving critical Section.
USERENV(3c8.3e4) 10:04:31:984 CSyncManager::LeaveLock <S-1-5-20>
USERENV(3c8.3e4) 10:04:31:984 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3e4) 10:04:31:984 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(3c8.3e4) 10:04:31:984 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3e4) 10:04:31:984 LoadUserProfile: Impersonated user:
00000488, 0000048c
USERENV(3c8.3e4) 10:04:32:000 LoadUserProfile: Reverted to user: 00000000
USERENV(3c8.3e4) 10:04:32:000 LoadUserProfile: Reverted back to user <00000000>
USERENV(3c8.3e4) 10:04:32:000 LoadUserProfile: Leaving with a value of 1.
USERENV(3c8.3e4) 10:04:32:000
=========================================================
USERENV(3c8.3e4) 10:04:32:000 LoadUserProfileI: returning 0
USERENV(3f8.3fc) 10:04:32:000 LoadUserProfile: Running as self
USERENV(3f8.3fc) 10:04:32:000 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(3f8.3fc) 10:04:32:000 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(3f8.3fc) 10:04:32:000 lpProfileInfo->UserName = <NetworkService>
USERENV(3f8.3fc) 10:04:32:015 lpProfileInfo->lpProfilePath = <>
USERENV(3f8.3fc) 10:04:32:015 lpProfileInfo->dwFlags = 0x9
USERENV(3c8.500) 10:04:32:015 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.500) 10:04:32:015 ReleaseClientContext: Releasing context
USERENV(3c8.500) 10:04:32:015 ReleaseClientContext_s: Releasing context
USERENV(3c8.500) 10:04:32:031 MIDL_user_free enter
USERENV(3f8.3fc) 10:04:32:031 ReleaseInterface: Releasing rpc binding handle
USERENV(3f8.3fc) 10:04:32:031 LoadUserProfile: Returning TRUE. hProfile = <0x38c>
USERENV(3f8.3fc) 10:04:32:031 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.5a4) 10:04:32:062 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(5b8.5bc) 10:04:32:218 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(3f8.3fc) 10:04:32:234 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(3f8.3fc) 10:04:32:234
=========================================================
USERENV(3f8.3fc) 10:04:32:234 LoadUserProfile: Entering, hToken =
<0x3ac>, lpProfileInfo = 0x7fcf8
USERENV(3f8.3fc) 10:04:32:234 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(3f8.3fc) 10:04:32:234 LoadUserProfile:
lpProfileInfo->lpUserName = <LocalService>
USERENV(3f8.3fc) 10:04:32:234 LoadUserProfile: NULL central profile path
USERENV(3f8.3fc) 10:04:32:234 LoadUserProfile: NULL default profile path
USERENV(3f8.3fc) 10:04:32:250 LoadUserProfile: NULL server name
USERENV(3f8.3fc) 10:04:32:250 GetInterface: Returning rpc binding handle
USERENV(3c8.3e4) 10:04:32:250 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.3e4) 10:04:32:250 DropClientContext: Got client token
0000050C, sid = S-1-5-18
USERENV(3c8.3e4) 10:04:32:250 MIDL_user_allocate enter
USERENV(3c8.3e4) 10:04:32:250 DropClientContext: load profile object
successfully made
USERENV(3c8.3e4) 10:04:32:250 DropClientContext: Returning 0
USERENV(3f8.3fc) 10:04:32:265 LoadUserProfile: Calling DropClientToken
(as self) succeeded
USERENV(3c8.500) 10:04:32:265 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.500) 10:04:32:265 In LoadUserProfileP
USERENV(3c8.500) 10:04:32:265 LoadUserProfile: Running as client
USERENV(3c8.500) 10:04:32:265
=========================================================
USERENV(3c8.500) 10:04:32:265 LoadUserProfile: Entering, hToken =
<0x518>, lpProfileInfo = 0xe44570
USERENV(3c8.500) 10:04:32:265 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(3c8.500) 10:04:32:281 LoadUserProfile:
lpProfileInfo->lpUserName = <LocalService>
USERENV(3c8.500) 10:04:32:281 LoadUserProfile: NULL central profile path
USERENV(3c8.500) 10:04:32:281 LoadUserProfile: NULL default profile path
USERENV(3c8.500) 10:04:32:281 LoadUserProfile: NULL server name
USERENV(3c8.500) 10:04:32:281 LoadUserProfile: User sid: S-1-5-19
USERENV(3c8.500) 10:04:32:281 CSyncManager::EnterLock <S-1-5-19>
USERENV(3c8.500) 10:04:32:281 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.500) 10:04:32:296 CSyncManager::EnterLock: New entry created
USERENV(3c8.500) 10:04:32:296 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(3c8.500) 10:04:32:296 LoadUserProfile: Wait succeeded. In critical section.
USERENV(3c8.500) 10:04:32:296 RestoreUserProfile:  Entering
USERENV(3c8.500) 10:04:32:312 IsCentralProfileReachable:  Entering
USERENV(3c8.500) 10:04:32:312 IsCentralProfileReachable:  Null path.  Leaving
USERENV(3c8.500) 10:04:32:312 RestoreUserProfile:  Profile path = <>
USERENV(3c8.500) 10:04:32:312 ExtractProfileFromBackup:  A profile already exists
USERENV(3c8.500) 10:04:32:312 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(3c8.500) 10:04:32:328 CreateLocalProfileKey:  Not setting
additional Security
USERENV(3c8.500) 10:04:32:328 GetExistingLocalProfileImage:  Found
entry in profile list for existing local profile
USERENV(3c8.500) 10:04:32:328 GetExistingLocalProfileImage:  Local
profile image filename = <%SystemDrive%\Documents and
Settings\LocalService>
USERENV(3c8.500) 10:04:32:328 GetExistingLocalProfileImage:  Expanded
local profile image filename = <C:\Documents and
Settings\LocalService>
USERENV(3c8.500) 10:04:32:359 GetExistingLocalProfileImage:  No local
mandatory profile.  Error = 2
USERENV(3c8.500) 10:04:32:359 GetExistingLocalProfileImage:  Found
local profile image file ok <C:\Documents and
Settings\LocalService\ntuser.dat>
USERENV(3c8.500) 10:04:32:375 GetExistingLocalProfileImage:  Failed to
query low profile unload time with error 2
USERENV(3c8.500) 10:04:32:375 Local Existing Profile Image is reachable
USERENV(3c8.500) 10:04:32:375 Local profile name is <C:\Documents and
Settings\LocalService>
USERENV(3c8.500) 10:04:32:375 RestoreUserProfile:  No central profile.
 Attempting to load local profile.
USERENV(3c8.500) 10:04:32:562 MyRegLoadKey: Returning 00000000
USERENV(3c8.500) 10:04:32:578 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.500) 10:04:32:765 MyRegLoadKey: Returning 00000000
USERENV(3c8.500) 10:04:32:765 CreateClassHive: existing user classes hive found
USERENV(3c8.500) 10:04:32:765 RestoreUserProfile:  About to Leave. 
Final Information follows:
USERENV(3c8.500) 10:04:32:765 Profile was successfully loaded.
USERENV(3c8.500) 10:04:32:765 lpProfile->lpRoamingProfile = <>
USERENV(3c8.500) 10:04:32:765 lpProfile->lpLocalProfile =
<C:\Documents and Settings\LocalService>
USERENV(3c8.500) 10:04:32:781 lpProfile->dwInternalFlags = 0x0
USERENV(3c8.500) 10:04:32:796 RestoreUserProfile:  Leaving.
USERENV(3c8.500) 10:04:32:890 UpgradeProfile: Entering
USERENV(3c8.500) 10:04:32:890 UpgradeProfile: Build numbers match
USERENV(3c8.500) 10:04:32:890 UpgradeProfile: Leaving Successfully
USERENV(3c8.500) 10:04:32:890 GetProfileType:  Profile already loaded.
USERENV(3c8.500) 10:04:32:890 LoadProfileInfo:  Failed to query
central profile with error 2
USERENV(3c8.500) 10:04:32:906 GetProfileType: ProfileFlags is 0
USERENV(3c8.500) 10:04:32:906 Profile Ref Count is 1
USERENV(3c8.500) 10:04:32:921 LoadUserProfile: Leaving critical Section.
USERENV(3c8.500) 10:04:32:921 CSyncManager::LeaveLock <S-1-5-19>
USERENV(3c8.500) 10:04:32:921 CSyncManager::LeaveLock: Lock released
USERENV(3c8.500) 10:04:32:921 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(3c8.500) 10:04:32:921 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.500) 10:04:32:921 LoadUserProfile: Impersonated user:
00000518, 0000060c
USERENV(404.45c) 10:04:32:921 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(404.45c) 10:04:32:937 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.500) 10:04:32:953 LoadUserProfile: Reverted to user: 00000000
USERENV(3c8.500) 10:04:32:953 LoadUserProfile: Reverted back to user <00000000>
USERENV(3c8.500) 10:04:32:953 LoadUserProfile: Leaving with a value of 1.
USERENV(3c8.500) 10:04:32:953
=========================================================
USERENV(3c8.500) 10:04:32:953 LoadUserProfileI: returning 0
USERENV(3f8.3fc) 10:04:32:968 LoadUserProfile: Running as self
USERENV(3f8.3fc) 10:04:32:968 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(3f8.3fc) 10:04:32:968 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(3f8.3fc) 10:04:32:968 lpProfileInfo->UserName = <LocalService>
USERENV(3f8.3fc) 10:04:32:968 lpProfileInfo->lpProfilePath = <>
USERENV(3f8.3fc) 10:04:32:968 lpProfileInfo->dwFlags = 0x9
USERENV(3c8.3e4) 10:04:32:968 IProfileSecurityCallBack: client authenticated.
USERENV(3c8.3e4) 10:04:32:968 ReleaseClientContext: Releasing context
USERENV(3c8.3e4) 10:04:32:968 ReleaseClientContext_s: Releasing context
USERENV(3c8.3e4) 10:04:32:968 MIDL_user_free enter
USERENV(3f8.3fc) 10:04:32:984 ReleaseInterface: Releasing rpc binding handle
USERENV(3f8.3fc) 10:04:32:984 LoadUserProfile: Returning TRUE. hProfile = <0x3b0>
USERENV(3f8.3fc) 10:04:33:000 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(64c.650) 10:04:33:156 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(690.69c) 10:04:35:015 LibMain: Process Name: 
C:\WINDOWS\system32\spoolsv.exe
USERENV(3c8.5a4) 10:04:35:562 ApplyGroupPolicy: Entering. Flags = b
USERENV(3c8.5a4) 10:04:35:562 ProcessGPOs:
USERENV(3c8.5a4) 10:04:35:562 ProcessGPOs:
USERENV(3c8.5a4) 10:04:35:562 ProcessGPOs:  Starting computer Group
Policy (Async forground) processing...
USERENV(3c8.5a4) 10:04:35:562 ProcessGPOs:
USERENV(3c8.5a4) 10:04:35:578 ProcessGPOs:
USERENV(3c8.5a4) 10:04:35:578 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(3c8.5a4) 10:04:35:578 EnterCriticalPolicySectionEx: Machine
critical section has been claimed.  Handle = 0x5bc
USERENV(3c8.5a4) 10:04:35:578 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(3c8.5a4) 10:04:35:578 ProcessGPOs:  Machine role is 0.
USERENV(3c8.5a4) 10:04:35:578 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(3c8.5a4) 10:04:35:578 ReadGPExtensions: Rsop entry point not
found for dskquota.dll.
USERENV(3c8.5a4) 10:04:35:578 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(3c8.5a4) 10:04:35:578 ReadGPExtensions: Rsop entry point not
found for iedkcs32.dll.
USERENV(3c8.5a4) 10:04:35:578 ReadGPExtensions: Rsop entry point not
found for scecli.dll.
USERENV(3c8.5a4) 10:04:35:578 ReadGPExtensions: Rsop entry point not
found for C:\WINDOWS\System32\cscui.dll.
USERENV(3c8.5a4) 10:04:35:593 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(3c8.5a4) 10:04:35:593 ReadStatus: Read Extension's Previous
status successfully.
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(3c8.5a4) 10:04:35:593 ReadExtStatus: Reading Previous Status
for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(3c8.5a4) 10:04:35:609 ReadExtStatus: Reading Previous Status
for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(3c8.5a4) 10:04:35:609 ReadExtStatus: Reading Previous Status
for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(3c8.5a4) 10:04:35:609 ReadExtStatus: Reading Previous Status
for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(3c8.5a4) 10:04:35:609 ProcessGPOs:  No site name defined. 
Skipping site policy.
USERENV(3c8.5a4) 10:04:35:609 ProcessGPOs: Calling GetGPOInfo for
normal policy mode
USERENV(3c8.5a4) 10:04:35:609 GetGPOInfo:  ********************************
USERENV(3c8.5a4) 10:04:35:609 GetGPOInfo:  Entering...
USERENV(3c8.5a4) 10:04:35:609 GetGPOInfo:  lpHostName or lpDNName is
NULL.  Skipping DS stuff.
USERENV(3c8.5a4) 10:04:35:640 GetGPOInfo:  Leaving with 1
USERENV(3c8.5a4) 10:04:35:640 GetGPOInfo:  ********************************
USERENV(3c8.5a4) 10:04:35:656 ProcessGPOs: Logging Data for Target
<PAUL-5438989317>.
USERENV(3c8.5a4) 10:04:35:796 ProcessGPOs: OpenThreadToken failed with
error 1008, assuming thread is not impersonating
USERENV(3c8.5a4) 10:04:35:796 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:35:796 ProcessGPOs: Processing extension Registry
USERENV(3c8.5a4) 10:04:35:796 ReadStatus: Read Extension's Previous
status successfully.
USERENV(3c8.5a4) 10:04:35:796 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:35:796 CheckGPOs: No GPO changes and no
security group membership change and extension Registry has
NoGPOChanges set.
USERENV(3c8.5a4) 10:04:35:796 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: Processing extension Wireless
USERENV(3c8.5a4) 10:04:35:812 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:35:812 CheckGPOs: No GPO changes but couldn't
read extension Wireless's status or policy time.
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: Extension Wireless skipped
because both deleted and changed GPO lists are empty.
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: Processing extension Folder Redirection
USERENV(3c8.5a4) 10:04:35:812 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:35:812 CheckGPOs: No GPO changes but couldn't
read extension Folder Redirection's status or policy time.
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: Extension Folder
Redirection skipped with flags 0x1000b.
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:35:812 ProcessGPOs: Processing extension
Microsoft Disk Quota
USERENV(3c8.5a4) 10:04:35:828 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:35:828 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Disk Quota's status or policy time.
USERENV(3c8.5a4) 10:04:35:828 ProcessGPOs: Extension Microsoft Disk
Quota skipped with flags 0x1000b.
USERENV(3c8.5a4) 10:04:35:828 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:35:828 ProcessGPOs: Processing extension QoS
Packet Scheduler
USERENV(3c8.5a4) 10:04:35:828 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:35:828 CheckGPOs: No GPO changes but couldn't
read extension QoS Packet Scheduler's status or policy time.
USERENV(3c8.5a4) 10:04:35:828 ProcessGPOs: Extension QoS Packet
Scheduler skipped because both deleted and changed GPO lists are
empty.
USERENV(3c8.5a4) 10:04:35:828 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:35:828 ProcessGPOs: Processing extension Scripts
USERENV(3c8.5a4) 10:04:36:046 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:046 CheckGPOs: No GPO changes but couldn't
read extension Scripts's status or policy time.
USERENV(3c8.5a4) 10:04:36:046 ProcessGPOs: Extension Scripts skipped
because both deleted and changed GPO lists are empty.
USERENV(3c8.5a4) 10:04:36:046 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:36:046 ProcessGPOs: Processing extension
Internet Explorer Zonemapping
USERENV(3c8.5a4) 10:04:36:187 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:203 CheckGPOs: No GPO changes but couldn't
read extension Internet Explorer Zonemapping's status or policy time.
USERENV(3c8.5a4) 10:04:36:203 ProcessGPOs: Extension Internet Explorer
Zonemapping skipped because both deleted and changed GPO lists are
empty.
USERENV(3c8.5a4) 10:04:36:203 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:36:203 ProcessGPOs: Processing extension Security
USERENV(3c8.5a4) 10:04:36:203 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:203 CheckGPOs: No GPO changes but couldn't
read extension Security's status or policy time.
USERENV(3c8.5a4) 10:04:36:203 ProcessGPOs: Extension Security skipped
because both deleted and changed GPO lists are empty.
USERENV(3c8.5a4) 10:04:36:203 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:36:203 ProcessGPOs: Processing extension
Internet Explorer Branding
USERENV(3c8.5a4) 10:04:36:203 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:203 CheckGPOs: No GPO changes but couldn't
read extension Internet Explorer Branding's status or policy time.
USERENV(3c8.5a4) 10:04:36:203 ProcessGPOs: Extension Internet Explorer
Branding skipped with flags 0x1000b.
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: Processing extension EFS recovery
USERENV(3c8.5a4) 10:04:36:218 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:218 CheckGPOs: No GPO changes but couldn't
read extension EFS recovery's status or policy time.
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: Extension EFS recovery
skipped because both deleted and changed GPO lists are empty.
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: Processing extension
Microsoft Offline Files
USERENV(3c8.5a4) 10:04:36:218 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:218 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Offline Files's status or policy time.
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: Extension Microsoft Offline
Files skipped because both deleted and changed GPO lists are empty.
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:36:218 ProcessGPOs: Processing extension
Software Installation
USERENV(3c8.5a4) 10:04:36:234 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:234 CheckGPOs: No GPO changes but couldn't
read extension Software Installation's status or policy time.
USERENV(3c8.5a4) 10:04:36:234 ProcessGPOs: Extension Software
Installation skipped because both deleted and changed GPO lists are
empty.
USERENV(3c8.5a4) 10:04:36:234 ProcessGPOs: -----------------------
USERENV(3c8.5a4) 10:04:36:234 ProcessGPOs: Processing extension IP Security
USERENV(3c8.5a4) 10:04:36:265 CompareGPOLists:  The lists are the same.
USERENV(3c8.5a4) 10:04:36:265 CheckGPOs: No GPO changes but couldn't
read extension IP Security's status or policy time.
USERENV(3c8.5a4) 10:04:36:265 ProcessGPOs: Extension IP Security
skipped because both deleted and changed GPO lists are empty.
USERENV(3c8.5a4) 10:04:36:406 SetFgRefreshInfo: Previous Machine Fg
policy Asynchronous, Reason: NoNeedForSync.
USERENV(3c8.5a4) 10:04:36:406 ProcessGPOs: No WMI logging done in this
policy cycle.
USERENV(3c8.5a4) 10:04:36:421 LeaveCriticalPolicySection: Critical
section 0x5bc has been released.
USERENV(3c8.5a4) 10:04:36:421 ProcessGPOs: Computer Group Policy has been applied.
USERENV(3c8.5a4) 10:04:36:421 ProcessGPOs: Leaving with 1.
USERENV(3c8.5a4) 10:04:36:421 ApplyGroupPolicy: Leaving successfully.
USERENV(3c8.6e4) 10:04:36:421 GPOThread:  Next refresh will happen in 90 minutes
USERENV(3c8.3cc) 10:04:37:000 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(3c8.3cc) 10:04:37:000
=========================================================
USERENV(3c8.3cc) 10:04:37:000 LoadUserProfile: Entering, hToken =
<0x59c>, lpProfileInfo = 0x6e3e0
USERENV(3c8.3cc) 10:04:37:000 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(3c8.3cc) 10:04:37:000 LoadUserProfile:
lpProfileInfo->lpUserName = <Paul Evans>
USERENV(3c8.3cc) 10:04:37:000 LoadUserProfile: NULL central profile path
USERENV(3c8.3cc) 10:04:37:000 LoadUserProfile: NULL default profile path
USERENV(3c8.3cc) 10:04:37:000 LoadUserProfile: NULL server name
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile: In console winlogon process
USERENV(3c8.3cc) 10:04:37:015 In LoadUserProfileP
USERENV(3c8.3cc) 10:04:37:015
=========================================================
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile: Entering, hToken =
<0x59c>, lpProfileInfo = 0x6e3e0
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile:
lpProfileInfo->lpUserName = <Paul Evans>
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile: NULL central profile path
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile: NULL default profile path
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile: NULL server name
USERENV(3c8.3cc) 10:04:37:015 LoadUserProfile: User sid:
S-1-5-21-117609710-1580818891-1417001333-1003
USERENV(3c8.3cc) 10:04:37:015 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(3c8.3cc) 10:04:37:015 CSyncManager::EnterLock: No existing entry found
USERENV(3c8.3cc) 10:04:37:015 CSyncManager::EnterLock: New entry created
USERENV(3c8.3cc) 10:04:37:031 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1003 added in bucket 14
USERENV(3c8.3cc) 10:04:37:031 LoadUserProfile: Wait succeeded. In critical section.
USERENV(3c8.3cc) 10:04:37:031 RestoreUserProfile:  Entering
USERENV(3c8.3cc) 10:04:37:031 RestoreUserProfile:  User is a Admin
USERENV(3c8.3cc) 10:04:37:031 IsCentralProfileReachable:  Entering
USERENV(3c8.3cc) 10:04:37:031 IsCentralProfileReachable:  Null path.  Leaving
USERENV(3c8.3cc) 10:04:37:031 RestoreUserProfile:  Profile path = <>
USERENV(3c8.3cc) 10:04:37:031 ExtractProfileFromBackup:  A profile already exists
USERENV(3c8.3cc) 10:04:37:031 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(3c8.3cc) 10:04:37:031 CreateLocalProfileKey:  Not setting
additional Security
USERENV(3c8.3cc) 10:04:37:031 GetExistingLocalProfileImage:  Found
entry in profile list for existing local profile
USERENV(3c8.3cc) 10:04:37:031 GetExistingLocalProfileImage:  Local
profile image filename = <%SystemDrive%\Documents and Settings\Paul
Evans>
USERENV(3c8.3cc) 10:04:37:046 GetExistingLocalProfileImage:  Expanded
local profile image filename = <C:\Documents and Settings\Paul Evans>
USERENV(3c8.3cc) 10:04:37:046 GetExistingLocalProfileImage:  No local
mandatory profile.  Error = 2
USERENV(3c8.3cc) 10:04:37:046 GetExistingLocalProfileImage:  Found
local profile image file ok <C:\Documents and Settings\Paul
Evans\ntuser.dat>
USERENV(3c8.3cc) 10:04:37:046 GetExistingLocalProfileImage:  Failed to
query low profile unload time with error 2
USERENV(3c8.3cc) 10:04:37:046 Local Existing Profile Image is reachable
USERENV(3c8.3cc) 10:04:37:046 Local profile name is <C:\Documents and
Settings\Paul Evans>
USERENV(3c8.3cc) 10:04:37:046 RestoreUserProfile:  No central profile.
 Attempting to load local profile.
USERENV(3c8.3cc) 10:04:37:281 MyRegLoadKey: Returning 00000000
USERENV(3c8.3cc) 10:04:37:281 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.3cc) 10:04:37:343 MyRegLoadKey: Returning 00000000
USERENV(3c8.3cc) 10:04:37:343 CreateClassHive: existing user classes hive found
USERENV(3c8.3cc) 10:04:37:343 RestoreUserProfile:  About to Leave. 
Final Information follows:
USERENV(3c8.3cc) 10:04:37:343 Profile was successfully loaded.
USERENV(3c8.3cc) 10:04:37:343 lpProfile->lpRoamingProfile = <>
USERENV(3c8.3cc) 10:04:37:359 lpProfile->lpLocalProfile =
<C:\Documents and Settings\Paul Evans>
USERENV(3c8.3cc) 10:04:37:359 lpProfile->dwInternalFlags = 0x100
USERENV(3c8.3cc) 10:04:37:359 RestoreUserProfile:  Leaving.
USERENV(3c8.3cc) 10:04:37:359 UpgradeProfile: Entering
USERENV(3c8.3cc) 10:04:37:359 UpgradeProfile: Build numbers match
USERENV(3c8.3cc) 10:04:37:359 UpgradeProfile: Leaving Successfully
USERENV(3c8.3cc) 10:04:37:359 GetProfileType:  Profile already loaded.
USERENV(3c8.3cc) 10:04:37:359 LoadProfileInfo:  Failed to query
central profile with error 2
USERENV(3c8.3cc) 10:04:37:359 GetProfileType: ProfileFlags is 0
USERENV(3c8.3cc) 10:04:37:375 Profile Ref Count is 1
USERENV(3c8.3cc) 10:04:37:375 LoadUserProfile: Leaving critical Section.
USERENV(3c8.3cc) 10:04:37:375 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(3c8.3cc) 10:04:37:375 CSyncManager::LeaveLock: Lock released
USERENV(3c8.3cc) 10:04:37:375 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1003 deleted
USERENV(3c8.3cc) 10:04:37:375 CSyncManager::LeaveLock: Lock deleted
USERENV(3c8.3cc) 10:04:37:375 LoadUserProfile: Impersonated user:
0000059c, 00000000
USERENV(404.45c) 10:04:37:375 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(404.45c) 10:04:37:390 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.3cc) 10:04:37:406 LoadUserProfile: Reverted to user: 00000000
USERENV(3c8.3cc) 10:04:37:406 LoadUserProfile: Leaving with a value of 1.
USERENV(3c8.3cc) 10:04:37:406
=========================================================
USERENV(3c8.3cc) 10:04:37:406 LoadUserProfile: LoadUserProfileP succeeded
USERENV(3c8.3cc) 10:04:37:406 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(3c8.3cc) 10:04:37:406 lpProfileInfo->UserName = <Paul Evans>
USERENV(3c8.3cc) 10:04:37:406 lpProfileInfo->lpProfilePath = <>
USERENV(3c8.3cc) 10:04:37:406 lpProfileInfo->dwFlags = 0x0
USERENV(3c8.3cc) 10:04:37:406 LoadUserProfile: Returning TRUE. hProfile = <0x58c>
USERENV(3c8.3cc) 10:04:37:406 ApplySystemPolicy: Entering
USERENV(3c8.3cc) 10:04:37:406 ApplySystemPolicy:  Policy is turned off
on this machine.
USERENV(3c8.3cc) 10:04:37:421 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3c8.3cc) 10:04:38:453 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(3c8.704) 10:04:38:453 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(3c8.704) 10:04:38:468 ApplyGroupPolicy: Entering. Flags = a
USERENV(3c8.704) 10:04:38:468 ProcessGPOs:
USERENV(3c8.704) 10:04:38:468 ProcessGPOs:
USERENV(3c8.704) 10:04:38:468 ProcessGPOs: Starting user Group Policy
(Async forground) processing...
USERENV(3c8.704) 10:04:38:468 ProcessGPOs:
USERENV(3c8.704) 10:04:38:468 ProcessGPOs:
USERENV(3c8.704) 10:04:38:468 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(3c8.704) 10:04:38:468 EnterCriticalPolicySectionEx: User
critical section has been claimed.  Handle = 0x50c
USERENV(3c8.704) 10:04:38:468 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(3c8.704) 10:04:38:468 ProcessGPOs:  Machine role is 0.
USERENV(3c8.704) 10:04:38:468 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(3c8.704) 10:04:38:468 ReadGPExtensions: Rsop entry point not
found for dskquota.dll.
USERENV(3c8.704) 10:04:38:484 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(3c8.704) 10:04:38:484 ReadGPExtensions: Rsop entry point not
found for iedkcs32.dll.
USERENV(3c8.704) 10:04:38:484 ReadGPExtensions: Rsop entry point not
found for scecli.dll.
USERENV(3c8.704) 10:04:38:484 ReadGPExtensions: Rsop entry point not
found for C:\WINDOWS\System32\cscui.dll.
USERENV(3c8.704) 10:04:38:484 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(3c8.704) 10:04:38:484 ReadExtStatus: Reading Previous Status
for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(3c8.704) 10:04:38:484 ReadStatus: Read Extension's Previous
status successfully.
USERENV(3c8.704) 10:04:38:484 ReadExtStatus: Reading Previous Status
for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(3c8.704) 10:04:38:484 ReadExtStatus: Reading Previous Status
for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(3c8.704) 10:04:38:500 ReadStatus: Read Extension's Previous
status successfully.
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(3c8.704) 10:04:38:500 ReadExtStatus: Reading Previous Status
for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(3c8.704) 10:04:38:500 ProcessGPOs:  No site name defined. 
Skipping site policy.
USERENV(3c8.704) 10:04:38:515 ProcessGPOs: Calling GetGPOInfo for
normal policy mode
USERENV(3c8.704) 10:04:38:515 GetGPOInfo:  ********************************
USERENV(3c8.704) 10:04:38:515 GetGPOInfo:  Entering...
USERENV(3c8.704) 10:04:38:515 GetGPOInfo:  lpHostName or lpDNName is
NULL.  Skipping DS stuff.
USERENV(3c8.704) 10:04:38:515 GetGPOInfo:  Leaving with 1
USERENV(3c8.704) 10:04:38:515 GetGPOInfo:  ********************************
USERENV(3c8.704) 10:04:38:515 ProcessGPOs: Logging Data for Target <Paul Evans>.
USERENV(3c8.704) 10:04:38:515 ProcessGPOs: OpenThreadToken failed with
error 1008, assuming thread is not impersonating
USERENV(3c8.704) 10:04:38:531 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:531 ProcessGPOs: Processing extension Registry
USERENV(3c8.704) 10:04:38:531 ReadStatus: Read Extension's Previous
status successfully.
USERENV(3c8.704) 10:04:38:531 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:531 CheckGPOs: No GPO changes and no
security group membership change and extension Registry has
NoGPOChanges set.
USERENV(3c8.704) 10:04:38:531 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:531 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:531 ProcessGPOs: Processing extension Wireless
USERENV(3c8.704) 10:04:38:531 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:531 CheckGPOs: No GPO changes but couldn't
read extension Wireless's status or policy time.
USERENV(3c8.704) 10:04:38:531 ProcessGPOs: Extension Wireless skipped
with flags 0x1000a.
USERENV(3c8.704) 10:04:38:546 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:546 ProcessGPOs: Processing extension Folder Redirection
USERENV(3c8.704) 10:04:38:546 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:546 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:546 CheckGPOs: No GPO changes but couldn't
read extension Folder Redirection's status or policy time.
USERENV(3c8.704) 10:04:38:546 ProcessGPOs: Extension Folder
Redirection skipped because both deleted and changed GPO lists are
empty.
USERENV(3c8.704) 10:04:38:546 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:546 ProcessGPOs: Processing extension
Microsoft Disk Quota
USERENV(3c8.704) 10:04:38:546 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:546 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Disk Quota's status or policy time.
USERENV(3c8.704) 10:04:38:546 ProcessGPOs: Extension Microsoft Disk
Quota skipped with flags 0x1000a.
USERENV(3c8.704) 10:04:38:546 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:562 ProcessGPOs: Processing extension QoS
Packet Scheduler
USERENV(3c8.704) 10:04:38:562 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:562 CheckGPOs: No GPO changes but couldn't
read extension QoS Packet Scheduler's status or policy time.
USERENV(3c8.704) 10:04:38:562 ProcessGPOs: Extension QoS Packet
Scheduler skipped with flags 0x1000a.
USERENV(3c8.704) 10:04:38:562 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:562 ProcessGPOs: Processing extension Scripts
USERENV(3c8.704) 10:04:38:562 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:562 CheckGPOs: No GPO changes but couldn't
read extension Scripts's status or policy time.
USERENV(3c8.704) 10:04:38:562 ProcessGPOs: Extension Scripts skipped
because both deleted and changed GPO lists are empty.
USERENV(3c8.704) 10:04:38:562 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:562 ProcessGPOs: Processing extension
Internet Explorer Zonemapping
USERENV(3c8.704) 10:04:38:562 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:578 CheckGPOs: No GPO changes but couldn't
read extension Internet Explorer Zonemapping's status or policy time.
USERENV(3c8.704) 10:04:38:578 ProcessGPOs: Extension Internet Explorer
Zonemapping skipped because both deleted and changed GPO lists are
empty.
USERENV(3c8.704) 10:04:38:578 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:578 ProcessGPOs: Processing extension Security
USERENV(3c8.704) 10:04:38:578 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:578 CheckGPOs: No GPO changes but couldn't
read extension Security's status or policy time.
USERENV(3c8.704) 10:04:38:578 ProcessGPOs: Extension Security skipped
with flags 0x1000a.
USERENV(3c8.704) 10:04:38:578 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:578 ProcessGPOs: Processing extension
Internet Explorer Branding
USERENV(3c8.704) 10:04:38:578 ReadStatus: Read Extension's Previous
status successfully.
USERENV(3c8.704) 10:04:38:578 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:593 CheckGPOs: No GPO changes and no
security group membership change and extension Internet Explorer
Branding has NoGPOChanges set.
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: Processing extension EFS recovery
USERENV(3c8.704) 10:04:38:593 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:593 CheckGPOs: No GPO changes but couldn't
read extension EFS recovery's status or policy time.
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: Extension EFS recovery
skipped with flags 0x1000a.
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: Processing extension
Microsoft Offline Files
USERENV(3c8.704) 10:04:38:593 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:593 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Offline Files's status or policy time.
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: Extension Microsoft Offline
Files skipped with flags 0x1000a.
USERENV(3c8.704) 10:04:38:593 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:609 ProcessGPOs: Processing extension
Software Installation
USERENV(3c8.704) 10:04:38:609 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:609 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:609 CheckGPOs: No GPO changes but couldn't
read extension Software Installation's status or policy time.
USERENV(3c8.704) 10:04:38:609 ProcessGPOs: Extension Software
Installation skipped because both deleted and changed GPO lists are
empty.
USERENV(3c8.704) 10:04:38:609 ProcessGPOs: -----------------------
USERENV(3c8.704) 10:04:38:609 ProcessGPOs: Processing extension IP Security
USERENV(3c8.704) 10:04:38:609 CompareGPOLists:  The lists are the same.
USERENV(3c8.704) 10:04:38:609 CheckGPOs: No GPO changes but couldn't
read extension IP Security's status or policy time.
USERENV(3c8.704) 10:04:38:609 ProcessGPOs: Extension IP Security
skipped with flags 0x1000a.
USERENV(3c8.704) 10:04:38:609 SetFgRefreshInfo: Previous User Fg
policy Asynchronous, Reason: NoNeedForSync.
USERENV(3c8.704) 10:04:38:609 ProcessGPOs: No WMI logging done in this
policy cycle.
USERENV(3c8.704) 10:04:38:625 LeaveCriticalPolicySection: Critical
section 0x50c has been released.
USERENV(3c8.704) 10:04:38:625 ProcessGPOs: User Group Policy has been applied.
USERENV(3c8.704) 10:04:38:625 ProcessGPOs: Leaving with 1.
USERENV(3c8.704) 10:04:38:625 ApplyGroupPolicy: Leaving successfully.
USERENV(3c8.748) 10:04:38:625 GPOThread:  Next refresh will happen in 103 minutes
USERENV(3c8.3cc) 10:04:39:187 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(79c.7a0) 10:04:39:250 LibMain: Process Name: 
C:\WINDOWS\system32\Ati2evxx.exe
USERENV(7cc.7d0) 10:04:40:031 LibMain: Process Name: 
C:\WINDOWS\system32\userinit.exe
USERENV(404.424) 10:04:40:093 ImpersonateUser: Failed to impersonate user with 5.
USERENV(404.424) 10:04:40:093 GetUserNameAndDomain Failed to impersonate user
USERENV(404.424) 10:04:40:093 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(404.424) 10:04:40:140 ImpersonateUser: Failed to impersonate user with 5.
USERENV(404.424) 10:04:40:140 GetUserNameAndDomain Failed to impersonate user
USERENV(404.424) 10:04:40:140 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(404.424) 10:04:40:171 ImpersonateUser: Failed to impersonate user with 5.
USERENV(404.424) 10:04:40:171 GetUserNameAndDomain Failed to impersonate user
USERENV(404.424) 10:04:40:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(7fc.98) 10:04:40:484 LibMain: Process Name:  C:\WINDOWS\Explorer.EXE
USERENV(36c.370) 10:05:14:234 LibMain: Process Name: 
C:\WINDOWS\system32\taskmgr.exe
USERENV(2b4.2b8) 10:07:41:828 LibMain: Process Name:  C:\Program
Files\Utilities\Executive Software\Diskeeper\DkService.exe
USERENV(2b4.2c8) 10:07:42:468 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(2b4.2c8) 10:07:42:468 EnterCriticalPolicySectionEx: Machine
critical section has been claimed.  Handle = 0x2d0
USERENV(2b4.2c8) 10:07:42:484 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(2b4.2c8) 10:07:42:484 LeaveCriticalPolicySection: Critical
section 0x2d0 has been released.
USERENV(3f8.3fc) 10:08:12:218 UnloadUserProfile: Entering, hProfile = <0x0>
USERENV(3f8.3fc) 10:08:12:218 UnloadUserProfile: received a NULL hProfile.
USERENV(3f8.3fc) 10:08:12:218 UnloadUserProfile: returning 0
USERENV(5d8.5e0) 10:08:17:906 LibMain: Process Name: 
C:\WINDOWS\system32\taskmgr.exe
USERENV(620.624) 10:08:19:031 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(65c.678) 10:08:20:281 LibMain: Process Name:  C:\Program
Files\Utilities\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
USERENV(718.cc) 10:08:25:531 LibMain: Process Name: 
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
USERENV(718.cc) 10:08:25:531 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:08:25:531 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:08:25:546 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(7fc.d0) 10:08:29:640 GetProfileType:  Profile already loaded.
USERENV(7fc.d0) 10:08:29:640 GetProfileType: ProfileFlags is 0
USERENV(580.808) 10:08:30:078 GetProfileType:  Profile already loaded.
USERENV(580.808) 10:08:30:078 LoadProfileInfo:  Failed to query
central profile with error 2
USERENV(580.808) 10:08:30:078 GetProfileType: ProfileFlags is 0
USERENV(580.18c) 10:08:30:390 GetProfileType:  Profile already loaded.
USERENV(580.18c) 10:08:30:421 GetProfileType: ProfileFlags is 0
USERENV(718.cc) 10:08:33:781 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:08:33:796 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:08:33:796 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(978.97c) 10:08:35:890 LibMain: Process Name: 
C:\WINDOWS\system32\RUNDLL32.EXE
USERENV(978.97c) 10:08:37:781 GetProfileType:  Profile already loaded.
USERENV(978.97c) 10:08:37:796 GetProfileType: ProfileFlags is 0
USERENV(94c.950) 10:08:38:015 LibMain: Process Name:  C:\Program
Files\Prevx1\PXConsole.exe
USERENV(3c8.35c) 10:08:40:984 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(b7c.b88) 10:08:49:562 LibMain: Process Name:  C:\WINDOWS\system32\imapi.exe
USERENV(c7c.c80) 10:08:51:609 LibMain: Process Name:  C:\Program
Files\Microsoft IntelliPoint\ipoint.exe
USERENV(580.6a4) 10:08:52:296 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(580.6a4) 10:08:52:453 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(580.6a4) 10:08:53:140 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(b18.b1c) 10:08:58:750 LibMain: Process Name:  C:\Program
Files\Misc\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
USERENV(718.cc) 10:09:00:609 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:09:00:609 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:09:00:609 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:09:00:625 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:09:00:625 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:09:00:625 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3fc.5f0) 10:09:14:593 LibMain: Process Name: 
C:\WINDOWS\system32\wuauclt.exe
USERENV(704.c38) 10:09:21:468 LibMain: Process Name: 
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(dc4.dc8) 10:09:24:812 LibMain: Process Name: 
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(de8.df8) 10:09:25:421 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(254.d94) 10:09:25:531 LibMain: Process Name:  C:\Program
Files\Common Files\AOL\ACS\AOLAcsd.exe
USERENV(254.d94) 10:09:25:546 ImpersonateUser: Failed to impersonate user with 5.
USERENV(254.d94) 10:09:25:546 GetUserNameAndDomain Failed to impersonate user
USERENV(254.d94) 10:09:25:546 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(254.d94) 10:09:25:953 ImpersonateUser: Failed to impersonate user with 5.
USERENV(254.d94) 10:09:25:953 GetUserNameAndDomain Failed to impersonate user
USERENV(254.d94) 10:09:25:968 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(b3c.e28) 10:09:28:046 LibMain: Process Name:  c:\program
files\common files\aol\1140894295\ee\aolsoftware.exe
USERENV(718.cc) 10:09:35:625 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:09:35:625 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:09:35:625 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(254.164) 10:09:39:203 ImpersonateUser: Failed to impersonate user with 5.
USERENV(254.164) 10:09:39:203 GetUserNameAndDomain Failed to impersonate user
USERENV(254.164) 10:09:39:203 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(254.164) 10:09:39:250 ImpersonateUser: Failed to impersonate user with 5.
USERENV(254.164) 10:09:39:250 GetUserNameAndDomain Failed to impersonate user
USERENV(254.164) 10:09:39:265 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(eb8.370) 10:09:44:515 LibMain: Process Name:  C:\Program
Files\Common Files\AOL\1140894295\ee\AOLSoftware.exe
USERENV(eb8.370) 10:09:44:515 ImpersonateUser: Failed to impersonate user with 5.
USERENV(eb8.370) 10:09:44:515 GetUserNameAndDomain Failed to impersonate user
USERENV(eb8.370) 10:09:44:531 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(d90.d8c) 10:09:57:265 LibMain: Process Name:  C:\WINDOWS\explorer.exe
USERENV(f98.dd4) 10:09:57:421 LibMain: Process Name:  C:\Program
Files\Common Files\AOL\ACS\AOLDial.exe
USERENV(f98.dd4) 10:09:57:437 ImpersonateUser: Failed to impersonate user with 5.
USERENV(f98.dd4) 10:09:57:437 GetUserNameAndDomain Failed to impersonate user
USERENV(f98.dd4) 10:09:57:453 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(d90.c50) 10:09:58:218 GetProfileType:  Profile already loaded.
USERENV(d90.c50) 10:09:58:234 GetProfileType: ProfileFlags is 0
USERENV(718.cc) 10:10:06:812 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:10:06:828 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:10:06:828 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:10:38:671 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:10:38:671 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:10:38:687 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(138.11c) 10:10:43:218 LibMain: Process Name: 
C:\PROGRA~1\UTILIT~1\BILLPS~1\WINPAT~1\winpatrol.exe
USERENV(718.cc) 10:11:09:750 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:11:09:750 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:11:09:765 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:11:48:609 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:11:48:625 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:11:48:625 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:12:28:640 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:12:28:640 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:12:28:640 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:13:08:671 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:13:08:671 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:13:08:671 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:13:48:687 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:13:48:703 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:13:48:703 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:14:28:718 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:14:28:718 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:14:28:718 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:15:03:375 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:15:03:375 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:15:03:375 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:15:35:187 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:15:35:187 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:15:35:187 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:16:11:296 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:16:11:296 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:16:11:312 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(c24.ea8) 10:16:11:937 LibMain: Process Name:  C:\WINDOWS\explorer.exe
USERENV(c24.c8c) 10:16:12:171 GetProfileType:  Profile already loaded.
USERENV(c24.c8c) 10:16:12:171 GetProfileType: ProfileFlags is 0
USERENV(580.9c) 10:16:15:046 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(580.eb4) 10:16:15:500 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:16:48:968 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:16:48:968 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:16:48:984 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:17:19:000 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:17:19:000 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:17:19:015 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:17:59:031 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:17:59:031 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:17:59:031 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(718.cc) 10:18:39:046 ImpersonateUser: Failed to impersonate user with 5.
USERENV(718.cc) 10:18:39:062 GetUserNameAndDomain Failed to impersonate user
USERENV(718.cc) 10:18:39:062 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(bbc.cc4) 10:18:52:156 LibMain: Process Name: 
C:\PROGRA~1\UTILIT~1\ZONEAL~1\MAILFR~1\mantispm.exe
USERENV(bbc.cc4) 10:18:52:156 ImpersonateUser: Failed to impersonate user with 5.
USERENV(bbc.cc4) 10:18:52:156 GetUserNameAndDomain Failed to impersonate user
USERENV(bbc.cc4) 10:18:52:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(bbc.cc4) 10:18:52:375 ImpersonateUser: Failed to impersonate user with 5.
USERENV(bbc.cc4) 10:18:52:375 GetUserNameAndDomain Failed to impersonate user
USERENV(bbc.cc4) 10:18:52:390 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(338.938) 10:19:01:875 LibMain: Process Name: 
C:\WINDOWS\system32\NOTEPAD.EXE

Hope this helps.
Paul.

Request for Question Clarification by sublime1-ga on 27 May 2006 15:59 PDT
rainman...

The following post on TechSpot suggests that Sunserver is
a nuisance, and provides directions for removing it:
http://www.techspot.com/vb/all/windows/t-34789-Need-Help-with-Hijackthis-Log-File.html

You might want to remove this anti-spyware program and see
if you can then set up an alternate login. You can always
reinstall it later.

Also, research suggests that "Failed to impersonate user with 5"
is basically an "access denied" message.

sublime1-ga

Clarification of Question by rainman999-ga on 28 May 2006 10:43 PDT
Hi sublime1-ga
I followed your recommendation to the letter and removed Sunserver,
and then set up an alternate login, still the same problem with BOTH
log-ins, after your suggesting removing CounterSpy It occured to me
that it could have been another program I installed (Prevx, Webpatrol
and SpyHunter) recently, so I uninstalled them as well. Unfortunately
it still made no difference!

I must be honest I'm getting awfully tempted to re-format my hard
drive and start again (quicker) while I'm still on my "Bank holiday"
break.

Regards
Paul.

Request for Question Clarification by sublime1-ga on 28 May 2006 12:14 PDT
Reinstalling Windows is almost always an effective fix.
Most people don't like to do it because of the tremendous
amount of personalization they're likely to lose, but if
you're of a mind to do so, and your system isn't going to
be painfully difficult to reproduce, it may be the best
way to go.

As a long shot, before you try that, try this:

R-click My Computer and select Manage. At the bottom of the
list on the left, expand Services and Applications. Select
Services. Find DNS Client in the alphabetical list. R-click
it and select Properties. Then set the Startup type to
Disabled, and reboot. See if that makes a difference.

sublime1-ga

Clarification of Question by rainman999-ga on 29 May 2006 09:42 PDT
Hi sublime1-ga

I Right clicked My Computer and selected Manage as you suggested, (at
the bottom of the list on the left, expand Services and Applications.
Select Services. Find DNS Client in the alphabetical list. R-click it
and select Properties. Then set the Start-up type to Disabled, and
reboot).

It made a difference of loading in 4.0 minutes instead of 5.5 minutes.

After that my wife reminded me that I had an Image (Drive Image) of my
drive from a month ago when everything was OK, so I re-installed that
over the C:\ drive.

Now this is where it gets strange, it is STILL taking 5.5 minutes to
go from showing ?loading your preferences? on the screen to being
ready to use!!!

I'm wondering if it is a BIOS change I did when I was (merry) under
the weather, I've looked in the BIOS and can not see anything obvious,
but then the BIOS is not that familiar to me.

I'm getting really p****d off now :o(

HELP ME BEFORE I GO NUTS, OR MY WIFE KILLS ME FOR SWEARING AT "THAT" MACHINE.
Reagrds
Paul.

Request for Question Clarification by sublime1-ga on 29 May 2006 13:22 PDT
Paul...

I can't think of anything in the BIOS which would account for a
delay at the 'loading preferences' point of bootup. The BIOS is
responsible for setting the parameters by which the hardware
in your system communicates with the mobo (motherboard), such
as RAM, IDE, hard drives, power supply, etc.

If you want to test to see if it has to do with the BIOS, most
BIOSs have an option to 'Restore default settings'. This will
reset all settings to factory conditions, which is how they 
were when the mobo was new, and first installed in the computer.
This is usually a very safe thing to do, in that they will be
the default settings designed to work with most hardware
configurations.

If you want to be sure you don't lose any of your current settings
in the process, the only way I know is to walk through all the 
settings and write them down somewhere. Then, if resetting to 
defaults doesn't help, you can walk through again, and reset them
all by hand.

Since your USERENV log shows the activity taking from 10:02 to
10:19, this seems to be where the hangup is. The problem is,
there are so many of what seem to be errors in the log that I
don't know what to research, and I'm not natively familiar with
the language of the file. Logs like this one and the boot log
can sometimes contain messages that look like errors, but are
just part of a normal bootup.

Let me know where this takes you...

sublime1-ga

Clarification of Question by rainman999-ga on 30 May 2006 13:23 PDT
Hello sublime1-ga,
I set the BIOS to its default settings like you suggested, it brought
the boot time down to 3 minutes, still not where it used to be, but a
LOT better.

I deleted the old USERENV log, and made a new (just one boot-up) log, see below:

USERENV(db4.ea0) 21:02:37:984 LibMain: Process Name:  C:\Program
Files\Applications\JGsoft\EditPadLite\EditPad.exe
USERENV(488.d54) 21:03:37:734 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(fc4.bdc) 21:03:43:562 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(a6c.ef8) 21:03:49:453 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(864.ec8) 21:03:56:015 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(af8.f00) 21:04:01:484 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(dcc.740) 21:04:07:484 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(a90.a88) 21:04:28:578 LibMain: Process Name: 
C:\WINDOWS\system32\logonui.exe
USERENV(538.53c) 21:04:38:937 MyRegUnLoadKey:  Failed to unmount hive 00000005
USERENV(538.53c) 21:04:38:937 DumpOpenRegistryHandle: 2 user registry
Handles leaked from \Registry\User\S-1-5-21-117609710-1580818891-1417001333-1003
USERENV(538.53c) 21:04:38:937 UnloadUserProfileP: Didn't unload user
profile <err = 5>
USERENV(538.53c) 21:04:49:921 UnloadUserProfile: UnloadUserProfileP failed with 0
USERENV(4ac.3fc) 21:04:50:906 LibMain: Process Name: 
C:\WINDOWS\system32\wuauclt.exe
USERENV(524.528) 21:05:27:937 InitializePolicyProcessing: Initialised
Machine Mutex/Events
USERENV(524.528) 21:05:27:937 InitializePolicyProcessing: Initialised
User Mutex/Events
USERENV(524.528) 21:05:27:937 LibMain: Process Name: 
\??\C:\WINDOWS\system32\winlogon.exe
USERENV(524.528) 21:05:28:312 Entering CUserProfile::Initialize ...
USERENV(524.528) 21:05:28:312 CUserProfile::Initialize called by winlogon
USERENV(524.528) 21:05:28:312 CUserProfile::Initialize: critical
section initialized
USERENV(524.528) 21:05:28:312 CSyncManager::Initialize: critical
section initialized
USERENV(524.528) 21:05:28:312 CUserProfile::Initialize: registry key
Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened
USERENV(524.528) 21:05:28:312 CUserProfile::Initialize: Proccessing
S-1-5-21-117609710-1580818891-1417001333-500
USERENV(524.528) 21:05:28:312 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-500>
USERENV(524.528) 21:05:28:312 CSyncManager::EnterLock: No existing entry found
USERENV(524.528) 21:05:28:312 CSyncManager::EnterLock: New entry created
USERENV(524.528) 21:05:28:312 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-500 added in bucket 13
USERENV(524.528) 21:05:28:312 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(524.528) 21:05:28:328 CUserProfile::GetRefCountAndFlags: Ref
count is 1, state is 00000104
USERENV(524.528) 21:05:28:328 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(524.528) 21:05:28:328 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-500>
USERENV(524.528) 21:05:28:328 CSyncManager::LeaveLock: Lock released
USERENV(524.528) 21:05:28:328 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-500 deleted
USERENV(524.528) 21:05:28:328 CSyncManager::LeaveLock: Lock deleted
USERENV(524.528) 21:05:28:328 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(524.528) 21:05:28:328 CUserProfile::Initialize: Proccessing
S-1-5-21-117609710-1580818891-1417001333-1003
USERENV(524.528) 21:05:28:328 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(524.528) 21:05:28:328 CSyncManager::EnterLock: No existing entry found
USERENV(524.528) 21:05:28:328 CSyncManager::EnterLock: New entry created
USERENV(524.528) 21:05:28:328 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1003 added in bucket 14
USERENV(524.528) 21:05:28:328 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(524.528) 21:05:28:328 CUserProfile::GetRefCountAndFlags: Ref
count is 0, state is 00000100
USERENV(524.528) 21:05:28:343 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(524.528) 21:05:28:343 CSyncManager::LeaveLock: Lock released
USERENV(524.528) 21:05:28:343 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1003 deleted
USERENV(524.528) 21:05:28:343 CSyncManager::LeaveLock: Lock deleted
USERENV(524.528) 21:05:28:343 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(524.528) 21:05:28:343 CUserProfile::Initialize: Proccessing S-1-5-20
USERENV(524.528) 21:05:28:343 CSyncManager::EnterLock <S-1-5-20>
USERENV(524.528) 21:05:28:343 CSyncManager::EnterLock: No existing entry found
USERENV(524.528) 21:05:28:343 CSyncManager::EnterLock: New entry created
USERENV(524.528) 21:05:28:343 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(524.528) 21:05:28:343 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(524.528) 21:05:28:343 CUserProfile::GetRefCountAndFlags: Ref
count is 2, state is 00000000
USERENV(524.528) 21:05:28:343 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(524.528) 21:05:28:343 CSyncManager::LeaveLock <S-1-5-20>
USERENV(524.528) 21:05:28:359 CSyncManager::LeaveLock: Lock released
USERENV(524.528) 21:05:28:359 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(524.528) 21:05:28:359 CSyncManager::LeaveLock: Lock deleted
USERENV(524.528) 21:05:28:359 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(524.528) 21:05:28:359 CUserProfile::Initialize: Proccessing S-1-5-19
USERENV(524.528) 21:05:28:359 CSyncManager::EnterLock <S-1-5-19>
USERENV(524.528) 21:05:28:359 CSyncManager::EnterLock: No existing entry found
USERENV(524.528) 21:05:28:359 CSyncManager::EnterLock: New entry created
USERENV(524.528) 21:05:28:359 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(524.528) 21:05:28:359 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(524.528) 21:05:28:359 CUserProfile::GetRefCountAndFlags: Ref
count is 1, state is 00000000
USERENV(524.528) 21:05:28:359 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(524.528) 21:05:28:359 CSyncManager::LeaveLock <S-1-5-19>
USERENV(524.528) 21:05:28:375 CSyncManager::LeaveLock: Lock released
USERENV(524.528) 21:05:28:375 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(524.528) 21:05:28:375 CSyncManager::LeaveLock: Lock deleted
USERENV(524.528) 21:05:28:375 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(524.528) 21:05:28:375 CUserProfile::Initialize: Proccessing S-1-5-18
USERENV(524.528) 21:05:28:375 CSyncManager::EnterLock <S-1-5-18>
USERENV(524.528) 21:05:28:375 CSyncManager::EnterLock: No existing entry found
USERENV(524.528) 21:05:28:375 CSyncManager::EnterLock: New entry created
USERENV(524.528) 21:05:28:375 CHashTable::HashAdd: S-1-5-18 added in bucket 11
USERENV(524.528) 21:05:28:375 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(524.528) 21:05:28:375 CUserProfile::GetRefCountAndFlags: Ref
count is 1, state is 00000000
USERENV(524.528) 21:05:28:375 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(524.528) 21:05:28:375 CSyncManager::LeaveLock <S-1-5-18>
USERENV(524.528) 21:05:28:390 CSyncManager::LeaveLock: Lock released
USERENV(524.528) 21:05:28:390 CHashTable::HashDelete: S-1-5-18 deleted
USERENV(524.528) 21:05:28:390 CSyncManager::LeaveLock: Lock deleted
USERENV(524.528) 21:05:28:390 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(524.528) 21:05:28:390 CUserProfile::Initialize:
RpcServerRegisterIfEx successful
USERENV(524.528) 21:05:28:390 Exiting CUserProfile::Initialize, successful
USERENV(590.594) 21:05:29:484 LibMain: Process Name: 
C:\WINDOWS\system32\services.exe
USERENV(59c.5a0) 21:05:29:671 LibMain: Process Name:  C:\WINDOWS\system32\lsass.exe
USERENV(524.528) 21:05:29:796 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(668.66c) 21:05:30:500 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(590.594) 21:05:30:921 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(590.594) 21:05:30:921
=========================================================
USERENV(590.594) 21:05:30:921 LoadUserProfile: Entering, hToken =
<0x2e0>, lpProfileInfo = 0x7fcf8
USERENV(590.594) 21:05:30:921 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(590.594) 21:05:30:921 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(590.594) 21:05:30:921 LoadUserProfile: NULL central profile path
USERENV(590.594) 21:05:30:921 LoadUserProfile: NULL default profile path
USERENV(590.594) 21:05:30:921 LoadUserProfile: NULL server name
USERENV(590.594) 21:05:30:937 GetInterface: Returning rpc binding handle
USERENV(524.6b4) 21:05:30:937 IProfileSecurityCallBack: client authenticated.
USERENV(524.6b4) 21:05:30:937 DropClientContext: Got client token
00000410, sid = S-1-5-18
USERENV(524.6b4) 21:05:30:937 MIDL_user_allocate enter
USERENV(524.6b4) 21:05:30:937 DropClientContext: load profile object
successfully made
USERENV(524.6b4) 21:05:30:937 DropClientContext: Returning 0
USERENV(590.594) 21:05:30:937 LoadUserProfile: Calling DropClientToken
(as self) succeeded
USERENV(524.57c) 21:05:30:937 IProfileSecurityCallBack: client authenticated.
USERENV(524.57c) 21:05:30:937 In LoadUserProfileP
USERENV(524.57c) 21:05:30:937 LoadUserProfile: Running as client
USERENV(524.57c) 21:05:30:953
=========================================================
USERENV(524.57c) 21:05:30:953 LoadUserProfile: Entering, hToken =
<0x414>, lpProfileInfo = 0xe2eac8
USERENV(524.57c) 21:05:30:953 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(524.57c) 21:05:30:953 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(524.57c) 21:05:30:953 LoadUserProfile: NULL central profile path
USERENV(524.57c) 21:05:30:953 LoadUserProfile: NULL default profile path
USERENV(524.57c) 21:05:30:953 LoadUserProfile: NULL server name
USERENV(524.57c) 21:05:30:953 LoadUserProfile: User sid: S-1-5-20
USERENV(524.57c) 21:05:30:953 CSyncManager::EnterLock <S-1-5-20>
USERENV(524.57c) 21:05:30:953 CSyncManager::EnterLock: No existing entry found
USERENV(524.57c) 21:05:30:953 CSyncManager::EnterLock: New entry created
USERENV(524.57c) 21:05:30:953 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(524.57c) 21:05:30:968 LoadUserProfile: Wait succeeded. In critical section.
USERENV(524.57c) 21:05:30:968 RestoreUserProfile:  Entering
USERENV(524.57c) 21:05:30:968 IsCentralProfileReachable:  Entering
USERENV(524.57c) 21:05:30:968 IsCentralProfileReachable:  Null path.  Leaving
USERENV(524.57c) 21:05:30:968 RestoreUserProfile:  Profile path = <>
USERENV(524.57c) 21:05:30:968 ExtractProfileFromBackup:  A profile already exists
USERENV(524.57c) 21:05:30:968 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(524.57c) 21:05:30:968 CreateLocalProfileKey:  Not setting
additional Security
USERENV(524.57c) 21:05:30:968 GetExistingLocalProfileImage:  Found
entry in profile list for existing local profile
USERENV(524.57c) 21:05:30:968 GetExistingLocalProfileImage:  Local
profile image filename = <%SystemDrive%\Documents and
Settings\NetworkService>
USERENV(524.57c) 21:05:30:968 GetExistingLocalProfileImage:  Expanded
local profile image filename = <C:\Documents and
Settings\NetworkService>
USERENV(524.57c) 21:05:30:984 GetExistingLocalProfileImage:  No local
mandatory profile.  Error = 2
USERENV(524.57c) 21:05:31:000 GetExistingLocalProfileImage:  Found
local profile image file ok <C:\Documents and
Settings\NetworkService\ntuser.dat>
USERENV(524.57c) 21:05:31:000 GetExistingLocalProfileImage:  Failed to
query low profile unload time with error 2
USERENV(524.57c) 21:05:31:000 Local Existing Profile Image is reachable
USERENV(524.57c) 21:05:31:000 Local profile name is <C:\Documents and
Settings\NetworkService>
USERENV(524.57c) 21:05:31:000 RestoreUserProfile:  No central profile.
 Attempting to load local profile.
USERENV(524.57c) 21:05:31:046 MyRegLoadKey: Returning 00000000
USERENV(524.57c) 21:05:31:046 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(524.57c) 21:05:31:109 MyRegLoadKey: Returning 00000000
USERENV(524.57c) 21:05:31:109 CreateClassHive: existing user classes hive found
USERENV(524.57c) 21:05:31:109 RestoreUserProfile:  About to Leave. 
Final Information follows:
USERENV(524.57c) 21:05:31:109 Profile was successfully loaded.
USERENV(524.57c) 21:05:31:109 lpProfile->lpRoamingProfile = <>
USERENV(524.57c) 21:05:31:109 lpProfile->lpLocalProfile =
<C:\Documents and Settings\NetworkService>
USERENV(524.57c) 21:05:31:109 lpProfile->dwInternalFlags = 0x0
USERENV(524.57c) 21:05:31:109 RestoreUserProfile:  Leaving.
USERENV(524.57c) 21:05:31:125 UpgradeProfile: Entering
USERENV(524.57c) 21:05:31:125 UpgradeProfile: Build numbers match
USERENV(524.57c) 21:05:31:125 UpgradeProfile: Leaving Successfully
USERENV(524.57c) 21:05:31:125 Profile Ref Count is 1
USERENV(524.57c) 21:05:31:140 LoadUserProfile: Leaving critical Section.
USERENV(524.57c) 21:05:31:140 CSyncManager::LeaveLock <S-1-5-20>
USERENV(524.57c) 21:05:31:140 CSyncManager::LeaveLock: Lock released
USERENV(524.57c) 21:05:31:140 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(524.57c) 21:05:31:140 CSyncManager::LeaveLock: Lock deleted
USERENV(524.57c) 21:05:31:140 LoadUserProfile: Impersonated user:
00000414, 00000420
USERENV(59c.608) 21:05:31:140 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(59c.608) 21:05:31:140 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(524.57c) 21:05:31:187 LoadUserProfile: Reverted to user: 00000000
USERENV(524.57c) 21:05:31:187 LoadUserProfile: Reverted back to user <00000000>
USERENV(524.57c) 21:05:31:187 LoadUserProfile: Leaving with a value of 1.
USERENV(524.57c) 21:05:31:187
=========================================================
USERENV(524.57c) 21:05:31:187 LoadUserProfileI: returning 0
USERENV(590.594) 21:05:31:187 LoadUserProfile: Running as self
USERENV(590.594) 21:05:31:187 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(590.594) 21:05:31:187 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(590.594) 21:05:31:187 lpProfileInfo->UserName = <NetworkService>
USERENV(590.594) 21:05:31:187 lpProfileInfo->lpProfilePath = <>
USERENV(590.594) 21:05:31:203 lpProfileInfo->dwFlags = 0x9
USERENV(524.6b4) 21:05:31:203 IProfileSecurityCallBack: client authenticated.
USERENV(524.6b4) 21:05:31:203 ReleaseClientContext: Releasing context
USERENV(524.6b4) 21:05:31:203 ReleaseClientContext_s: Releasing context
USERENV(524.6b4) 21:05:31:203 MIDL_user_free enter
USERENV(590.594) 21:05:31:203 ReleaseInterface: Releasing rpc binding handle
USERENV(590.594) 21:05:31:218 LoadUserProfile: Returning TRUE. hProfile = <0x358>
USERENV(590.594) 21:05:31:218 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(6bc.6c0) 21:05:31:375 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(6d4.6d8) 21:05:32:218 LibMain: Process Name: 
C:\WINDOWS\system32\logonui.exe
USERENV(788.78c) 21:05:34:750 LibMain: Process Name: 
C:\WINDOWS\System32\svchost.exe
USERENV(590.594) 21:05:34:828 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(590.594) 21:05:34:828
=========================================================
USERENV(590.594) 21:05:34:828 LoadUserProfile: Entering, hToken =
<0x384>, lpProfileInfo = 0x7fcf8
USERENV(590.594) 21:05:34:828 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(590.594) 21:05:34:828 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(590.594) 21:05:34:828 LoadUserProfile: NULL central profile path
USERENV(590.594) 21:05:34:828 LoadUserProfile: NULL default profile path
USERENV(590.594) 21:05:34:828 LoadUserProfile: NULL server name
USERENV(590.594) 21:05:34:828 GetInterface: Returning rpc binding handle
USERENV(524.57c) 21:05:34:843 IProfileSecurityCallBack: client authenticated.
USERENV(524.57c) 21:05:34:843 DropClientContext: Got client token
00000474, sid = S-1-5-18
USERENV(524.57c) 21:05:34:843 MIDL_user_allocate enter
USERENV(524.57c) 21:05:34:843 DropClientContext: load profile object
successfully made
USERENV(524.57c) 21:05:34:843 DropClientContext: Returning 0
USERENV(590.594) 21:05:34:843 LoadUserProfile: Calling DropClientToken
(as self) succeeded
USERENV(524.6b4) 21:05:34:843 IProfileSecurityCallBack: client authenticated.
USERENV(524.6b4) 21:05:34:843 In LoadUserProfileP
USERENV(524.6b4) 21:05:34:843 LoadUserProfile: Running as client
USERENV(524.6b4) 21:05:34:843
=========================================================
USERENV(524.6b4) 21:05:34:859 LoadUserProfile: Entering, hToken =
<0x478>, lpProfileInfo = 0xe33650
USERENV(524.6b4) 21:05:34:859 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(524.6b4) 21:05:34:859 LoadUserProfile:
lpProfileInfo->lpUserName = <NetworkService>
USERENV(524.6b4) 21:05:34:859 LoadUserProfile: NULL central profile path
USERENV(524.6b4) 21:05:34:859 LoadUserProfile: NULL default profile path
USERENV(524.6b4) 21:05:34:859 LoadUserProfile: NULL server name
USERENV(524.6b4) 21:05:34:859 LoadUserProfile: User sid: S-1-5-20
USERENV(524.6b4) 21:05:34:859 CSyncManager::EnterLock <S-1-5-20>
USERENV(524.6b4) 21:05:34:859 CSyncManager::EnterLock: No existing entry found
USERENV(524.6b4) 21:05:34:859 CSyncManager::EnterLock: New entry created
USERENV(524.6b4) 21:05:34:875 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(524.6b4) 21:05:34:875 LoadUserProfile: Wait succeeded. In critical section.
USERENV(524.6b4) 21:05:34:875 TestIfUserProfileLoaded:  Profile already loaded.
USERENV(524.6b4) 21:05:34:875 Profile Ref Count is 2
USERENV(524.6b4) 21:05:34:875 LoadUserProfile: Leaving critical Section.
USERENV(524.6b4) 21:05:34:875 CSyncManager::LeaveLock <S-1-5-20>
USERENV(524.6b4) 21:05:34:875 CSyncManager::LeaveLock: Lock released
USERENV(524.6b4) 21:05:34:875 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(524.6b4) 21:05:34:875 CSyncManager::LeaveLock: Lock deleted
USERENV(524.6b4) 21:05:34:875 LoadUserProfile: Impersonated user:
00000478, 00000480
USERENV(524.6b4) 21:05:34:890 LoadUserProfile: Reverted to user: 00000000
USERENV(524.6b4) 21:05:34:890 LoadUserProfile: Reverted back to user <00000000>
USERENV(524.6b4) 21:05:34:890 LoadUserProfile: Leaving with a value of 1.
USERENV(524.6b4) 21:05:34:890
=========================================================
USERENV(524.6b4) 21:05:34:890 LoadUserProfileI: returning 0
USERENV(590.594) 21:05:34:890 LoadUserProfile: Running as self
USERENV(590.594) 21:05:34:890 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(590.594) 21:05:34:890 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(590.594) 21:05:34:890 lpProfileInfo->UserName = <NetworkService>
USERENV(590.594) 21:05:34:890 lpProfileInfo->lpProfilePath = <>
USERENV(590.594) 21:05:34:906 lpProfileInfo->dwFlags = 0x9
USERENV(524.57c) 21:05:34:906 IProfileSecurityCallBack: client authenticated.
USERENV(524.57c) 21:05:34:906 ReleaseClientContext: Releasing context
USERENV(524.57c) 21:05:34:906 ReleaseClientContext_s: Releasing context
USERENV(524.57c) 21:05:34:906 MIDL_user_free enter
USERENV(590.594) 21:05:34:906 ReleaseInterface: Releasing rpc binding handle
USERENV(590.594) 21:05:34:906 LoadUserProfile: Returning TRUE. hProfile = <0x3a0>
USERENV(590.594) 21:05:34:906 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(524.7bc) 21:05:34:937 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(7d0.7d4) 21:05:35:046 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(590.594) 21:05:35:062 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(590.594) 21:05:35:062
=========================================================
USERENV(590.594) 21:05:35:078 LoadUserProfile: Entering, hToken =
<0x36c>, lpProfileInfo = 0x7fcf8
USERENV(590.594) 21:05:35:078 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(590.594) 21:05:35:078 LoadUserProfile:
lpProfileInfo->lpUserName = <LocalService>
USERENV(590.594) 21:05:35:078 LoadUserProfile: NULL central profile path
USERENV(590.594) 21:05:35:078 LoadUserProfile: NULL default profile path
USERENV(590.594) 21:05:35:078 LoadUserProfile: NULL server name
USERENV(590.594) 21:05:35:078 GetInterface: Returning rpc binding handle
USERENV(524.6b4) 21:05:35:078 IProfileSecurityCallBack: client authenticated.
USERENV(524.6b4) 21:05:35:093 DropClientContext: Got client token
000004CC, sid = S-1-5-18
USERENV(524.6b4) 21:05:35:093 MIDL_user_allocate enter
USERENV(524.6b4) 21:05:35:093 DropClientContext: load profile object
successfully made
USERENV(524.6b4) 21:05:35:093 DropClientContext: Returning 0
USERENV(590.594) 21:05:35:093 LoadUserProfile: Calling DropClientToken
(as self) succeeded
USERENV(524.57c) 21:05:35:093 IProfileSecurityCallBack: client authenticated.
USERENV(524.57c) 21:05:35:093 In LoadUserProfileP
USERENV(524.57c) 21:05:35:093 LoadUserProfile: Running as client
USERENV(524.57c) 21:05:35:109
=========================================================
USERENV(524.57c) 21:05:35:109 LoadUserProfile: Entering, hToken =
<0x104>, lpProfileInfo = 0xe33650
USERENV(524.57c) 21:05:35:109 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(524.57c) 21:05:35:109 LoadUserProfile:
lpProfileInfo->lpUserName = <LocalService>
USERENV(524.57c) 21:05:35:109 LoadUserProfile: NULL central profile path
USERENV(524.57c) 21:05:35:109 LoadUserProfile: NULL default profile path
USERENV(524.57c) 21:05:35:109 LoadUserProfile: NULL server name
USERENV(524.57c) 21:05:35:125 LoadUserProfile: User sid: S-1-5-19
USERENV(524.57c) 21:05:35:125 CSyncManager::EnterLock <S-1-5-19>
USERENV(524.57c) 21:05:35:125 CSyncManager::EnterLock: No existing entry found
USERENV(524.57c) 21:05:35:125 CSyncManager::EnterLock: New entry created
USERENV(524.57c) 21:05:35:125 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(524.57c) 21:05:35:125 LoadUserProfile: Wait succeeded. In critical section.
USERENV(524.57c) 21:05:35:125 RestoreUserProfile:  Entering
USERENV(524.57c) 21:05:35:125 IsCentralProfileReachable:  Entering
USERENV(524.57c) 21:05:35:125 IsCentralProfileReachable:  Null path.  Leaving
USERENV(524.57c) 21:05:35:125 RestoreUserProfile:  Profile path = <>
USERENV(524.57c) 21:05:35:140 ExtractProfileFromBackup:  A profile already exists
USERENV(524.57c) 21:05:35:140 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(524.57c) 21:05:35:140 CreateLocalProfileKey:  Not setting
additional Security
USERENV(524.57c) 21:05:35:140 GetExistingLocalProfileImage:  Found
entry in profile list for existing local profile
USERENV(524.57c) 21:05:35:140 GetExistingLocalProfileImage:  Local
profile image filename = <%SystemDrive%\Documents and
Settings\LocalService>
USERENV(524.57c) 21:05:35:140 GetExistingLocalProfileImage:  Expanded
local profile image filename = <C:\Documents and
Settings\LocalService>
USERENV(524.57c) 21:05:35:140 GetExistingLocalProfileImage:  No local
mandatory profile.  Error = 2
USERENV(524.57c) 21:05:35:140 GetExistingLocalProfileImage:  Found
local profile image file ok <C:\Documents and
Settings\LocalService\ntuser.dat>
USERENV(524.57c) 21:05:35:140 GetExistingLocalProfileImage:  Failed to
query low profile unload time with error 2
USERENV(524.57c) 21:05:35:140 Local Existing Profile Image is reachable
USERENV(524.57c) 21:05:35:156 Local profile name is <C:\Documents and
Settings\LocalService>
USERENV(524.57c) 21:05:35:156 RestoreUserProfile:  No central profile.
 Attempting to load local profile.
USERENV(524.57c) 21:05:35:281 MyRegLoadKey: Returning 00000000
USERENV(524.57c) 21:05:35:281 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(524.57c) 21:05:35:375 MyRegLoadKey: Returning 00000000
USERENV(524.57c) 21:05:35:375 CreateClassHive: existing user classes hive found
USERENV(524.57c) 21:05:35:375 RestoreUserProfile:  About to Leave. 
Final Information follows:
USERENV(524.57c) 21:05:35:375 Profile was successfully loaded.
USERENV(524.57c) 21:05:35:390 lpProfile->lpRoamingProfile = <>
USERENV(524.57c) 21:05:35:406 lpProfile->lpLocalProfile =
<C:\Documents and Settings\LocalService>
USERENV(524.57c) 21:05:35:406 lpProfile->dwInternalFlags = 0x0
USERENV(524.57c) 21:05:35:406 RestoreUserProfile:  Leaving.
USERENV(524.57c) 21:05:35:406 UpgradeProfile: Entering
USERENV(524.57c) 21:05:35:406 UpgradeProfile: Build numbers match
USERENV(524.57c) 21:05:35:421 UpgradeProfile: Leaving Successfully
USERENV(524.57c) 21:05:35:437 Profile Ref Count is 1
USERENV(524.57c) 21:05:35:437 LoadUserProfile: Leaving critical Section.
USERENV(524.57c) 21:05:35:437 CSyncManager::LeaveLock <S-1-5-19>
USERENV(524.57c) 21:05:35:437 CSyncManager::LeaveLock: Lock released
USERENV(524.57c) 21:05:35:437 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(524.57c) 21:05:35:437 CSyncManager::LeaveLock: Lock deleted
USERENV(524.57c) 21:05:35:437 LoadUserProfile: Impersonated user:
00000104, 000005e0
USERENV(59c.624) 21:05:35:453 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(59c.624) 21:05:35:484 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(524.57c) 21:05:35:500 LoadUserProfile: Reverted to user: 00000000
USERENV(524.57c) 21:05:35:500 LoadUserProfile: Reverted back to user <00000000>
USERENV(524.57c) 21:05:35:515 LoadUserProfile: Leaving with a value of 1.
USERENV(524.57c) 21:05:35:515
=========================================================
USERENV(524.57c) 21:05:35:515 LoadUserProfileI: returning 0
USERENV(590.594) 21:05:35:515 LoadUserProfile: Running as self
USERENV(590.594) 21:05:35:515 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(590.594) 21:05:35:515 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(590.594) 21:05:35:515 lpProfileInfo->UserName = <LocalService>
USERENV(590.594) 21:05:35:515 lpProfileInfo->lpProfilePath = <>
USERENV(590.594) 21:05:35:515 lpProfileInfo->dwFlags = 0x9
USERENV(524.6b4) 21:05:35:531 IProfileSecurityCallBack: client authenticated.
USERENV(524.6b4) 21:05:35:531 ReleaseClientContext: Releasing context
USERENV(524.6b4) 21:05:35:531 ReleaseClientContext_s: Releasing context
USERENV(524.6b4) 21:05:35:531 MIDL_user_free enter
USERENV(590.594) 21:05:35:546 ReleaseInterface: Releasing rpc binding handle
USERENV(590.594) 21:05:35:546 LoadUserProfile: Returning TRUE. hProfile = <0x3b4>
USERENV(590.594) 21:05:35:546 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(b0.d0) 21:05:35:687 LibMain: Process Name:  C:\WINDOWS\system32\svchost.exe
USERENV(120.124) 21:05:36:328 LibMain: Process Name: 
C:\WINDOWS\system32\spoolsv.exe
USERENV(524.528) 21:05:36:812 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(524.528) 21:05:36:828
=========================================================
USERENV(524.528) 21:05:36:828 LoadUserProfile: Entering, hToken =
<0x5d4>, lpProfileInfo = 0x6e3e0
USERENV(524.528) 21:05:36:828 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(524.528) 21:05:36:828 LoadUserProfile:
lpProfileInfo->lpUserName = <Paul Evans>
USERENV(524.528) 21:05:36:828 LoadUserProfile: NULL central profile path
USERENV(524.528) 21:05:36:828 LoadUserProfile: NULL default profile path
USERENV(524.528) 21:05:36:828 LoadUserProfile: NULL server name
USERENV(524.528) 21:05:36:828 LoadUserProfile: In console winlogon process
USERENV(524.528) 21:05:36:828 In LoadUserProfileP
USERENV(524.528) 21:05:36:843
=========================================================
USERENV(524.528) 21:05:36:843 LoadUserProfile: Entering, hToken =
<0x5d4>, lpProfileInfo = 0x6e3e0
USERENV(524.528) 21:05:36:843 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(524.528) 21:05:36:843 LoadUserProfile:
lpProfileInfo->lpUserName = <Paul Evans>
USERENV(524.528) 21:05:36:843 LoadUserProfile: NULL central profile path
USERENV(524.528) 21:05:36:843 LoadUserProfile: NULL default profile path
USERENV(524.528) 21:05:36:843 LoadUserProfile: NULL server name
USERENV(524.528) 21:05:36:843 LoadUserProfile: User sid:
S-1-5-21-117609710-1580818891-1417001333-1003
USERENV(524.528) 21:05:36:843 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(524.528) 21:05:36:859 CSyncManager::EnterLock: No existing entry found
USERENV(524.528) 21:05:36:859 CSyncManager::EnterLock: New entry created
USERENV(524.528) 21:05:36:859 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1003 added in bucket 14
USERENV(524.528) 21:05:36:859 LoadUserProfile: Wait succeeded. In critical section.
USERENV(524.528) 21:05:36:859 RestoreUserProfile:  Entering
USERENV(524.528) 21:05:36:859 RestoreUserProfile:  User is a Admin
USERENV(524.528) 21:05:36:859 IsCentralProfileReachable:  Entering
USERENV(524.528) 21:05:36:859 IsCentralProfileReachable:  Null path.  Leaving
USERENV(524.528) 21:05:36:859 RestoreUserProfile:  Profile path = <>
USERENV(524.528) 21:05:36:875 ExtractProfileFromBackup:  A profile already exists
USERENV(524.528) 21:05:36:875 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(524.528) 21:05:36:875 CreateLocalProfileKey:  Not setting
additional Security
USERENV(524.528) 21:05:36:875 GetExistingLocalProfileImage:  Found
entry in profile list for existing local profile
USERENV(524.528) 21:05:36:875 GetExistingLocalProfileImage:  Local
profile image filename = <%SystemDrive%\Documents and Settings\Paul
Evans>
USERENV(524.528) 21:05:36:875 GetExistingLocalProfileImage:  Expanded
local profile image filename = <C:\Documents and Settings\Paul Evans>
USERENV(524.528) 21:05:36:875 GetExistingLocalProfileImage:  No local
mandatory profile.  Error = 2
USERENV(524.528) 21:05:36:875 GetExistingLocalProfileImage:  Found
local profile image file ok <C:\Documents and Settings\Paul
Evans\ntuser.dat>
USERENV(524.528) 21:05:36:875 GetExistingLocalProfileImage:  Failed to
query low profile unload time with error 2
USERENV(524.528) 21:05:36:890 Local Existing Profile Image is reachable
USERENV(524.528) 21:05:36:890 Local profile name is <C:\Documents and
Settings\Paul Evans>
USERENV(524.528) 21:05:36:890 RestoreUserProfile:  No central profile.
 Attempting to load local profile.
USERENV(524.7bc) 21:05:36:937 ApplyGroupPolicy: Entering. Flags = b
USERENV(524.528) 21:05:37:218 MyRegLoadKey: Returning 00000000
USERENV(524.7bc) 21:05:37:218 ProcessGPOs:
USERENV(524.7bc) 21:05:37:218 ProcessGPOs:
USERENV(524.7bc) 21:05:37:234 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(524.7bc) 21:05:37:234 EnterCriticalPolicySectionEx: Machine
critical section has been claimed.  Handle = 0x590
USERENV(524.7bc) 21:05:37:234 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(524.7bc) 21:05:37:234 ProcessGPOs:  Machine role is 0.
USERENV(524.7bc) 21:05:37:234 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(524.7bc) 21:05:37:234 ReadGPExtensions: Rsop entry point not
found for dskquota.dll.
USERENV(524.7bc) 21:05:37:234 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(524.7bc) 21:05:37:234 ReadGPExtensions: Rsop entry point not
found for iedkcs32.dll.
USERENV(524.7bc) 21:05:37:250 ReadGPExtensions: Rsop entry point not
found for scecli.dll.
USERENV(524.7bc) 21:05:37:250 ReadGPExtensions: Rsop entry point not
found for C:\WINDOWS\System32\cscui.dll.
USERENV(524.7bc) 21:05:37:250 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(524.7bc) 21:05:37:250 ReadExtStatus: Reading Previous Status
for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(524.7bc) 21:05:37:250 ReadStatus: Read Extension's Previous
status successfully.
USERENV(524.7bc) 21:05:37:250 ReadExtStatus: Reading Previous Status
for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(524.7bc) 21:05:37:250 ReadExtStatus: Reading Previous Status
for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(524.7bc) 21:05:37:250 ReadExtStatus: Reading Previous Status
for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(524.7bc) 21:05:37:265 ReadExtStatus: Reading Previous Status
for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(524.7bc) 21:05:37:265 ProcessGPOs:  No site name defined. 
Skipping site policy.
USERENV(524.7bc) 21:05:37:265 ProcessGPOs: Calling GetGPOInfo for
normal policy mode
USERENV(524.7bc) 21:05:37:281 GetGPOInfo:  ********************************
USERENV(524.7bc) 21:05:37:281 GetGPOInfo:  Entering...
USERENV(524.7bc) 21:05:37:296 GetGPOInfo:  lpHostName or lpDNName is
NULL.  Skipping DS stuff.
USERENV(524.528) 21:05:37:375 MyRegLoadKey: Returning 00000000
USERENV(524.528) 21:05:37:375 CreateClassHive: existing user classes hive found
USERENV(524.528) 21:05:37:375 RestoreUserProfile:  About to Leave. 
Final Information follows:
USERENV(524.528) 21:05:37:375 Profile was successfully loaded.
USERENV(524.528) 21:05:37:390 lpProfile->lpRoamingProfile = <>
USERENV(524.528) 21:05:37:390 lpProfile->lpLocalProfile =
<C:\Documents and Settings\Paul Evans>
USERENV(524.7bc) 21:05:37:390 GetGPOInfo:  Leaving with 1
USERENV(524.7bc) 21:05:37:390 GetGPOInfo:  ********************************
USERENV(524.7bc) 21:05:37:390 ProcessGPOs: Logging Data for Target
<PAUL-5438989317>.
USERENV(524.7bc) 21:05:37:390 ProcessGPOs: OpenThreadToken failed with
error 1008, assuming thread is not impersonating
USERENV(524.7bc) 21:05:37:390 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:390 ProcessGPOs: Processing extension Registry
USERENV(524.7bc) 21:05:37:390 ReadStatus: Read Extension's Previous
status successfully.
USERENV(524.7bc) 21:05:37:406 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:406 CheckGPOs: No GPO changes and no
security group membership change and extension Registry has
NoGPOChanges set.
USERENV(524.7bc) 21:05:37:406 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:406 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:406 ProcessGPOs: Processing extension Wireless
USERENV(524.7bc) 21:05:37:406 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:406 CheckGPOs: No GPO changes but couldn't
read extension Wireless's status or policy time.
USERENV(524.7bc) 21:05:37:406 ProcessGPOs: Extension Wireless skipped
because both deleted and changed GPO lists are empty.
USERENV(524.7bc) 21:05:37:406 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:406 ProcessGPOs: Processing extension Folder Redirection
USERENV(524.7bc) 21:05:37:406 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:421 CheckGPOs: No GPO changes but couldn't
read extension Folder Redirection's status or policy time.
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: Extension Folder
Redirection skipped with flags 0x1000b.
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: Processing extension
Microsoft Disk Quota
USERENV(524.7bc) 21:05:37:421 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:421 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Disk Quota's status or policy time.
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: Extension Microsoft Disk
Quota skipped with flags 0x1000b.
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: Processing extension QoS
Packet Scheduler
USERENV(524.7bc) 21:05:37:421 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:421 CheckGPOs: No GPO changes but couldn't
read extension QoS Packet Scheduler's status or policy time.
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: Extension QoS Packet
Scheduler skipped because both deleted and changed GPO lists are
empty.
USERENV(524.7bc) 21:05:37:421 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: Processing extension Scripts
USERENV(524.7bc) 21:05:37:437 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:437 CheckGPOs: No GPO changes but couldn't
read extension Scripts's status or policy time.
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: Extension Scripts skipped
because both deleted and changed GPO lists are empty.
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: Processing extension
Internet Explorer Zonemapping
USERENV(524.7bc) 21:05:37:437 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:437 CheckGPOs: No GPO changes but couldn't
read extension Internet Explorer Zonemapping's status or policy time.
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: Extension Internet Explorer
Zonemapping skipped because both deleted and changed GPO lists are
empty.
USERENV(524.528) 21:05:37:437 LoadUserProfile: Leaving with a value of 1.
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: -----------------------
USERENV(524.528) 21:05:37:437 lpProfileInfo->UserName = <Paul Evans>
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:437 ProcessGPOs: Processing extension EFS recovery
USERENV(524.7bc) 21:05:37:437 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:437 CheckGPOs: No GPO changes but couldn't
read extension EFS recovery's status or policy time.
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: Extension EFS recovery
skipped because both deleted and changed GPO lists are empty.
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: Processing extension
Microsoft Offline Files
USERENV(524.7bc) 21:05:37:453 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:453 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Offline Files's status or policy time.
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: Extension Microsoft Offline
Files skipped because both deleted and changed GPO lists are empty.
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: Processing extension
Software Installation
USERENV(524.7bc) 21:05:37:453 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:453 CheckGPOs: No GPO changes but couldn't
read extension Software Installation's status or policy time.
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: Extension Software
Installation skipped because both deleted and changed GPO lists are
empty.
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: -----------------------
USERENV(524.7bc) 21:05:37:453 ProcessGPOs: Processing extension IP Security
USERENV(524.7bc) 21:05:37:468 CompareGPOLists:  The lists are the same.
USERENV(524.7bc) 21:05:37:468 CheckGPOs: No GPO changes but couldn't
read extension IP Security's status or policy time.
USERENV(524.7bc) 21:05:37:468 ProcessGPOs: Extension IP Security
skipped because both deleted and changed GPO lists are empty.
USERENV(524.7bc) 21:05:37:468 SetFgRefreshInfo: Previous Machine Fg
policy Asynchronous, Reason: NoNeedForSync.
USERENV(524.7bc) 21:05:37:468 ProcessGPOs: No WMI logging done in this
policy cycle.
USERENV(524.7bc) 21:05:37:484 LeaveCriticalPolicySection: Critical
section 0x590 has been released.
USERENV(524.7bc) 21:05:37:484 ProcessGPOs: Computer Group Policy has been applied.
USERENV(524.7bc) 21:05:37:484 ProcessGPOs: Leaving with 1.
USERENV(524.7bc) 21:05:37:484 ApplyGroupPolicy: Leaving successfully.
USERENV(524.528) 21:05:38:546 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(524.234) 21:05:38:546 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(524.234) 21:05:38:546 ApplyGroupPolicy: Entering. Flags = a
USERENV(524.234) 21:05:38:546 ProcessGPOs:
USERENV(524.234) 21:05:38:562 ProcessGPOs:
USERENV(524.234) 21:05:38:562 ProcessGPOs: Starting user Group Policy
(Async forground) processing...
USERENV(524.234) 21:05:38:562 ProcessGPOs:
USERENV(524.234) 21:05:38:562 ProcessGPOs:
USERENV(524.234) 21:05:38:562 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(524.234) 21:05:38:562 EnterCriticalPolicySectionEx: User
critical section has been claimed.  Handle = 0x608
USERENV(524.234) 21:05:38:562 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(524.234) 21:05:38:562 ProcessGPOs:  Machine role is 0.
USERENV(524.234) 21:05:38:562 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(524.234) 21:05:38:562 ReadGPExtensions: Rsop entry point not
found for dskquota.dll.
USERENV(524.234) 21:05:38:562 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(524.234) 21:05:38:562 ReadGPExtensions: Rsop entry point not
found for iedkcs32.dll.
USERENV(524.234) 21:05:38:578 ReadGPExtensions: Rsop entry point not
found for scecli.dll.
USERENV(524.234) 21:05:38:578 ReadGPExtensions: Rsop entry point not
found for C:\WINDOWS\System32\cscui.dll.
USERENV(524.234) 21:05:38:578 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(524.234) 21:05:38:578 ReadStatus: Read Extension's Previous
status successfully.
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(524.234) 21:05:38:578 ReadExtStatus: Reading Previous Status
for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(524.234) 21:05:38:593 ReadStatus: Read Extension's Previous
status successfully.
USERENV(524.234) 21:05:38:593 ReadExtStatus: Reading Previous Status
for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(524.234) 21:05:38:593 ReadExtStatus: Reading Previous Status
for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(524.234) 21:05:38:593 ReadExtStatus: Reading Previous Status
for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(524.234) 21:05:38:593 ReadExtStatus: Reading Previous Status
for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(524.234) 21:05:38:593 ProcessGPOs:  No site name defined. 
Skipping site policy.
USERENV(524.234) 21:05:38:593 ProcessGPOs: Calling GetGPOInfo for
normal policy mode
USERENV(524.234) 21:05:38:593 GetGPOInfo:  ********************************
USERENV(524.234) 21:05:38:593 GetGPOInfo:  Entering...
USERENV(524.234) 21:05:38:593 GetGPOInfo:  lpHostName or lpDNName is
NULL.  Skipping DS stuff.
USERENV(524.234) 21:05:38:593 GetGPOInfo:  Leaving with 1
USERENV(524.234) 21:05:38:609 GetGPOInfo:  ********************************
USERENV(524.234) 21:05:38:609 ProcessGPOs: Logging Data for Target <Paul Evans>.
USERENV(524.234) 21:05:38:609 ProcessGPOs: OpenThreadToken failed with
error 1008, assuming thread is not impersonating
USERENV(524.234) 21:05:38:609 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:609 ProcessGPOs: Processing extension Registry
USERENV(524.234) 21:05:38:609 ReadStatus: Read Extension's Previous
status successfully.
USERENV(524.234) 21:05:38:609 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:609 CheckGPOs: No GPO changes and no
security group membership change and extension Registry has
NoGPOChanges set.
USERENV(524.234) 21:05:38:609 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:609 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:609 ProcessGPOs: Processing extension Wireless
USERENV(524.234) 21:05:38:640 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:640 CheckGPOs: No GPO changes but couldn't
read extension Wireless's status or policy time.
USERENV(524.234) 21:05:38:640 ProcessGPOs: Extension Wireless skipped
with flags 0x1000a.
USERENV(524.234) 21:05:38:640 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:640 ProcessGPOs: Processing extension Folder Redirection
USERENV(524.234) 21:05:38:640 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:640 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:640 CheckGPOs: No GPO changes but couldn't
read extension Folder Redirection's status or policy time.
USERENV(524.234) 21:05:38:640 ProcessGPOs: Extension Folder
Redirection skipped because both deleted and changed GPO lists are
empty.
USERENV(524.234) 21:05:38:640 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:656 ProcessGPOs: Processing extension
Microsoft Disk Quota
USERENV(524.234) 21:05:38:656 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:656 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Disk Quota's status or policy time.
USERENV(524.234) 21:05:38:656 ProcessGPOs: Extension Microsoft Disk
Quota skipped with flags 0x1000a.
USERENV(524.234) 21:05:38:656 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:656 ProcessGPOs: Processing extension QoS
Packet Scheduler
USERENV(524.234) 21:05:38:656 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:656 CheckGPOs: No GPO changes but couldn't
read extension QoS Packet Scheduler's status or policy time.
USERENV(524.234) 21:05:38:656 ProcessGPOs: Extension QoS Packet
Scheduler skipped with flags 0x1000a.
USERENV(524.234) 21:05:38:656 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:656 ProcessGPOs: Processing extension Scripts
USERENV(524.234) 21:05:38:656 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:656 CheckGPOs: No GPO changes but couldn't
read extension Scripts's status or policy time.
USERENV(524.234) 21:05:38:656 ProcessGPOs: Extension Scripts skipped
because both deleted and changed GPO lists are empty.
USERENV(524.234) 21:05:38:671 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:671 ProcessGPOs: Processing extension
Internet Explorer Zonemapping
USERENV(524.234) 21:05:38:671 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:671 CheckGPOs: No GPO changes but couldn't
read extension Internet Explorer Zonemapping's status or policy time.
USERENV(524.234) 21:05:38:671 ProcessGPOs: Extension Internet Explorer
Zonemapping skipped because both deleted and changed GPO lists are
empty.
USERENV(524.234) 21:05:38:671 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:671 ProcessGPOs: Processing extension Security
USERENV(524.234) 21:05:38:687 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:687 CheckGPOs: No GPO changes but couldn't
read extension Security's status or policy time.
USERENV(524.234) 21:05:38:687 ProcessGPOs: Extension Security skipped
with flags 0x1000a.
USERENV(524.234) 21:05:38:687 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:703 ProcessGPOs: Processing extension
Internet Explorer Branding
USERENV(524.234) 21:05:38:703 ReadStatus: Read Extension's Previous
status successfully.
USERENV(524.234) 21:05:38:703 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:703 CheckGPOs: No GPO changes and no
security group membership change and extension Internet Explorer
Branding has NoGPOChanges set.
USERENV(524.234) 21:05:38:703 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:703 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:718 ProcessGPOs: Processing extension EFS recovery
USERENV(524.234) 21:05:38:718 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:718 CheckGPOs: No GPO changes but couldn't
read extension EFS recovery's status or policy time.
USERENV(524.234) 21:05:38:718 ProcessGPOs: Extension EFS recovery
skipped with flags 0x1000a.
USERENV(524.234) 21:05:38:718 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:718 ProcessGPOs: Processing extension
Microsoft Offline Files
USERENV(524.234) 21:05:38:718 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:718 CheckGPOs: No GPO changes but couldn't
read extension Microsoft Offline Files's status or policy time.
USERENV(524.234) 21:05:38:718 ProcessGPOs: Extension Microsoft Offline
Files skipped with flags 0x1000a.
USERENV(524.234) 21:05:38:718 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:718 ProcessGPOs: Processing extension
Software Installation
USERENV(524.234) 21:05:38:718 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:718 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:718 CheckGPOs: No GPO changes but couldn't
read extension Software Installation's status or policy time.
USERENV(524.234) 21:05:38:734 ProcessGPOs: Extension Software
Installation skipped because both deleted and changed GPO lists are
empty.
USERENV(524.234) 21:05:38:734 ProcessGPOs: -----------------------
USERENV(524.234) 21:05:38:734 ProcessGPOs: Processing extension IP Security
USERENV(524.234) 21:05:38:734 CompareGPOLists:  The lists are the same.
USERENV(524.234) 21:05:38:734 CheckGPOs: No GPO changes but couldn't
read extension IP Security's status or policy time.
USERENV(524.234) 21:05:38:734 ProcessGPOs: Extension IP Security
skipped with flags 0x1000a.
USERENV(524.234) 21:05:38:734 SetFgRefreshInfo: Previous User Fg
policy Asynchronous, Reason: NoNeedForSync.
USERENV(524.234) 21:05:38:734 ProcessGPOs: No WMI logging done in this
policy cycle.
USERENV(524.234) 21:05:38:734 LeaveCriticalPolicySection: Critical
section 0x608 has been released.
USERENV(524.234) 21:05:38:734 ProcessGPOs: User Group Policy has been applied.
USERENV(524.234) 21:05:38:734 ProcessGPOs: Leaving with 1.
USERENV(524.234) 21:05:38:750 ApplyGroupPolicy: Leaving successfully.
USERENV(524.260) 21:05:38:750 GPOThread:  Next refresh will happen in 98 minutes
USERENV(524.528) 21:05:39:484 IsSyncForegroundPolicyRefresh:
Asynchronous, Reason: NoNeedForSync
USERENV(3c4.3cc) 21:05:39:953 LibMain: Process Name: 
C:\WINDOWS\system32\userinit.exe
USERENV(59c.5e4) 21:05:40:031 ImpersonateUser: Failed to impersonate user with 5.
USERENV(59c.5e4) 21:05:40:031 GetUserNameAndDomain Failed to impersonate user
USERENV(59c.5e4) 21:05:40:031 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(59c.5e4) 21:05:40:078 ImpersonateUser: Failed to impersonate user with 5.
USERENV(59c.5e4) 21:05:40:093 GetUserNameAndDomain Failed to impersonate user
USERENV(59c.5e4) 21:05:40:093 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(59c.5e4) 21:05:40:125 ImpersonateUser: Failed to impersonate user with 5.
USERENV(59c.5e4) 21:05:40:125 GetUserNameAndDomain Failed to impersonate user
USERENV(59c.5e4) 21:05:40:125 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(59c.5e4) 21:05:40:156 ImpersonateUser: Failed to impersonate user with 5.
USERENV(59c.5e4) 21:05:40:156 GetUserNameAndDomain Failed to impersonate user
USERENV(59c.5e4) 21:05:40:156 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3f8.3fc) 21:05:40:515 LibMain: Process Name:  C:\WINDOWS\Explorer.EXE
USERENV(74c.4a8) 21:07:07:171 LibMain: Process Name: 
C:\WINDOWS\system32\taskmgr.exe
USERENV(420.448) 21:07:59:484 LibMain: Process Name:  C:\Program
Files\Utilities\Executive Software\Diskeeper\DkService.exe
USERENV(420.484) 21:07:59:921 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(420.484) 21:07:59:937 EnterCriticalPolicySectionEx: Machine
critical section has been claimed.  Handle = 0x2b8
USERENV(420.484) 21:07:59:937 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(420.484) 21:07:59:937 LeaveCriticalPolicySection: Critical
section 0x2b8 has been released.
USERENV(590.594) 21:08:00:031 UnloadUserProfile: Entering, hProfile = <0x0>
USERENV(590.594) 21:08:00:031 UnloadUserProfile: received a NULL hProfile.
USERENV(590.594) 21:08:00:031 UnloadUserProfile: returning 0
USERENV(6e0.6d8) 21:08:04:968 LibMain: Process Name: 
C:\WINDOWS\system32\svchost.exe
USERENV(200.7bc) 21:08:05:171 LibMain: Process Name:  C:\Program
Files\Utilities\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
USERENV(244.644) 21:08:14:656 LibMain: Process Name: 
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
USERENV(244.644) 21:08:14:656 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:08:14:656 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:08:14:656 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(590.7b4) 21:08:19:390 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(8d0.8d4) 21:08:21:218 LibMain: Process Name: 
C:\WINDOWS\system32\rundll32.exe
USERENV(788.7fc) 21:08:21:531 GetProfileType:  Profile already loaded.
USERENV(788.7fc) 21:08:21:546 GetProfileType: ProfileFlags is 0
USERENV(244.644) 21:08:23:500 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:08:23:500 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:08:23:500 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(590.7b4) 21:08:25:093 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(b98.b9c) 21:08:27:265 LibMain: Process Name: 
C:\WINDOWS\system32\rundll32.exe
USERENV(be4.bec) 21:08:27:953 LibMain: Process Name:  C:\WINDOWS\system32\imapi.exe
USERENV(788.e4) 21:08:30:031 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(788.e4) 21:08:30:062 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(788.e4) 21:08:31:265 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(524.140) 21:08:33:203 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(ea4.eac) 21:08:37:656 LibMain: Process Name:  C:\Program
Files\Microsoft IntelliPoint\ipoint.exe
USERENV(244.644) 21:08:45:062 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:08:45:062 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:08:45:062 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:08:45:406 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:08:45:406 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:08:45:437 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(914.de4) 21:08:59:109 LibMain: Process Name:  c:\program
files\common files\aol\1140894295\ee\aolsoftware.exe
USERENV(e88.e90) 21:09:00:062 LibMain: Process Name: 
C:\WINDOWS\system32\wuauclt.exe
USERENV(fe0.ff0) 21:09:00:296 LibMain: Process Name: 
C:\WINDOWS\system32\ipconfig.exe
USERENV(358.eec) 21:09:00:375 LibMain: Process Name:  C:\Program
Files\Common Files\AOL\ACS\AOLAcsd.exe
USERENV(358.eec) 21:09:00:375 ImpersonateUser: Failed to impersonate user with 5.
USERENV(358.eec) 21:09:00:375 GetUserNameAndDomain Failed to impersonate user
USERENV(358.eec) 21:09:00:375 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(358.eec) 21:09:00:437 ImpersonateUser: Failed to impersonate user with 5.
USERENV(358.eec) 21:09:00:468 GetUserNameAndDomain Failed to impersonate user
USERENV(358.eec) 21:09:00:468 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(3bc.510) 21:09:01:453 LibMain: Process Name: 
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(bd0.bd8) 21:09:07:671 LibMain: Process Name:  C:\Program
Files\Misc\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
USERENV(358.3b8) 21:09:11:562 ImpersonateUser: Failed to impersonate user with 5.
USERENV(358.3b8) 21:09:11:562 GetUserNameAndDomain Failed to impersonate user
USERENV(358.3b8) 21:09:11:578 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(358.3b8) 21:09:11:593 ImpersonateUser: Failed to impersonate user with 5.
USERENV(358.3b8) 21:09:11:593 GetUserNameAndDomain Failed to impersonate user
USERENV(358.3b8) 21:09:11:593 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(788.3e0) 21:09:12:140 ImpersonateUser: Failed to impersonate user with 5.
USERENV(788.3e0) 21:09:12:140 GetUserNameAndDomain Failed to impersonate user
USERENV(788.3e0) 21:09:12:140 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(f24.cc4) 21:09:14:453 LibMain: Process Name:  C:\Program
Files\Common Files\AOL\1140894295\ee\AOLSoftware.exe
USERENV(f24.cc4) 21:09:14:453 ImpersonateUser: Failed to impersonate user with 5.
USERENV(f24.cc4) 21:09:14:453 GetUserNameAndDomain Failed to impersonate user
USERENV(f24.cc4) 21:09:14:468 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:09:23:984 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:09:23:984 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:09:23:984 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(fb0.b0c) 21:09:27:062 LibMain: Process Name:  C:\Program
Files\Common Files\AOL\ACS\AOLDial.exe
USERENV(fb0.b0c) 21:09:27:078 ImpersonateUser: Failed to impersonate user with 5.
USERENV(fb0.b0c) 21:09:27:078 GetUserNameAndDomain Failed to impersonate user
USERENV(fb0.b0c) 21:09:27:078 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(7a0.804) 21:09:37:921 LibMain: Process Name:  C:\WINDOWS\system32\imapi.exe
USERENV(b98.cf4) 21:09:38:000 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(724.738) 21:09:38:046 LibMain: Process Name: 
C:\WINDOWS\system32\rundll32.exe
USERENV(788.80c) 21:09:38:109 LoadUserProfile: Yes, we can impersonate
the user. Running as self
USERENV(788.80c) 21:09:38:109
=========================================================
USERENV(788.80c) 21:09:38:109 LoadUserProfile: Entering, hToken =
<0x15c0>, lpProfileInfo = 0x5c2edb0
USERENV(788.80c) 21:09:38:109 LoadUserProfile: lpProfileInfo->dwFlags = <0x5>
USERENV(788.80c) 21:09:38:109 LoadUserProfile:
lpProfileInfo->lpUserName = <Paul Evans>
USERENV(788.80c) 21:09:38:109 LoadUserProfile: NULL central profile path
USERENV(788.80c) 21:09:38:109 LoadUserProfile: NULL default profile path
USERENV(788.80c) 21:09:38:109 LoadUserProfile: NULL server name
USERENV(788.80c) 21:09:38:125 GetInterface: Returning rpc binding handle
USERENV(524.6b4) 21:09:38:125 IProfileSecurityCallBack: client authenticated.
USERENV(524.6b4) 21:09:38:125 DropClientContext: Got client token
00000414, sid = S-1-5-18
USERENV(524.6b4) 21:09:38:125 MIDL_user_allocate enter
USERENV(524.6b4) 21:09:38:125 DropClientContext: load profile object
successfully made
USERENV(524.6b4) 21:09:38:125 DropClientContext: Returning 0
USERENV(788.80c) 21:09:38:125 LoadUserProfile: Calling DropClientToken
(as self) succeeded
USERENV(524.650) 21:09:38:125 IProfileSecurityCallBack: client authenticated.
USERENV(524.650) 21:09:38:125 In LoadUserProfileP
USERENV(524.650) 21:09:38:140 LoadUserProfile: Running as client
USERENV(524.650) 21:09:38:140
=========================================================
USERENV(524.650) 21:09:38:140 LoadUserProfile: Entering, hToken =
<0x5dc>, lpProfileInfo = 0xe581c8
USERENV(524.650) 21:09:38:140 LoadUserProfile: lpProfileInfo->dwFlags = <0x5>
USERENV(524.650) 21:09:38:140 LoadUserProfile:
lpProfileInfo->lpUserName = <Paul Evans>
USERENV(524.650) 21:09:38:140 LoadUserProfile: NULL central profile path
USERENV(524.650) 21:09:38:140 LoadUserProfile: NULL default profile path
USERENV(524.650) 21:09:38:140 LoadUserProfile: NULL server name
USERENV(524.650) 21:09:38:140 LoadUserProfile: User sid:
S-1-5-21-117609710-1580818891-1417001333-1003
USERENV(524.650) 21:09:38:140 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(524.650) 21:09:38:140 CSyncManager::EnterLock: No existing entry found
USERENV(524.650) 21:09:38:140 CSyncManager::EnterLock: New entry created
USERENV(524.650) 21:09:38:156 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1003 added in bucket 14
USERENV(524.650) 21:09:38:156 LoadUserProfile: Wait succeeded. In critical section.
USERENV(524.650) 21:09:38:156 TestIfUserProfileLoaded:  Profile already loaded.
USERENV(524.650) 21:09:38:328 Profile Ref Count is 2
USERENV(524.650) 21:09:38:328 LoadUserProfile: Leaving critical Section.
USERENV(524.650) 21:09:38:343 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(524.650) 21:09:38:343 CSyncManager::LeaveLock: Lock released
USERENV(524.650) 21:09:38:343 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1003 deleted
USERENV(524.650) 21:09:38:343 CSyncManager::LeaveLock: Lock deleted
USERENV(524.650) 21:09:38:343 LoadUserProfile: Impersonated user:
000005dc, 000006bc
USERENV(524.650) 21:09:38:343 LoadUserProfile: Reverted to user: 00000000
USERENV(524.650) 21:09:38:343 LoadUserProfile: Reverted back to user <00000000>
USERENV(524.650) 21:09:38:343 LoadUserProfile: Leaving with a value of 1.
USERENV(524.650) 21:09:38:343
=========================================================
USERENV(524.650) 21:09:38:343 LoadUserProfileI: returning 0
USERENV(788.80c) 21:09:38:343 LoadUserProfile: Running as self
USERENV(788.80c) 21:09:38:359 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(788.80c) 21:09:38:359 LoadUserProfile:  Returning success. 
Final Information follows:
USERENV(788.80c) 21:09:38:359 lpProfileInfo->UserName = <Paul Evans>
USERENV(788.80c) 21:09:38:359 lpProfileInfo->lpProfilePath = <>
USERENV(788.80c) 21:09:38:359 lpProfileInfo->dwFlags = 0x5
USERENV(524.57c) 21:09:38:359 IProfileSecurityCallBack: client authenticated.
USERENV(524.57c) 21:09:38:359 ReleaseClientContext: Releasing context
USERENV(524.57c) 21:09:38:375 ReleaseClientContext_s: Releasing context
USERENV(524.57c) 21:09:38:375 MIDL_user_free enter
USERENV(788.80c) 21:09:38:375 ReleaseInterface: Releasing rpc binding handle
USERENV(788.80c) 21:09:38:375 LoadUserProfile: Returning TRUE. hProfile = <0x125c>
USERENV(788.80c) 21:09:38:375 UnloadUserProfile: Entering, hProfile = <0x125c>
USERENV(788.80c) 21:09:38:375 GetInterface: Returning rpc binding handle
USERENV(524.6b4) 21:09:38:375 IProfileSecurityCallBack: client authenticated.
USERENV(524.6b4) 21:09:38:375 DropClientContext: Got client token
00000414, sid = S-1-5-18
USERENV(524.6b4) 21:09:38:375 MIDL_user_allocate enter
USERENV(524.6b4) 21:09:38:375 DropClientContext: load profile object
successfully made
USERENV(524.6b4) 21:09:38:375 DropClientContext: Returning 0
USERENV(788.80c) 21:09:38:390 UnLoadUserProfile: Calling
DropClientToken (as self) succeeded
USERENV(524.650) 21:09:38:437 IProfileSecurityCallBack: client authenticated.
USERENV(524.650) 21:09:38:468 UnloadUserProfileP: Entering, hProfile = <0x694>
USERENV(524.650) 21:09:38:468 UnloadUserProfileP: ImpersonateUser
<00000414>, old token is <00000000>
USERENV(524.650) 21:09:38:468 GetExclusionListFromRegistry: Policy
list is empty, returning user list = <Local Settings;Temporary
Internet Files;History;Temp>
USERENV(524.650) 21:09:38:468 CSyncManager::EnterLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(524.650) 21:09:38:484 CSyncManager::EnterLock: No existing entry found
USERENV(524.650) 21:09:38:484 CSyncManager::EnterLock: New entry created
USERENV(524.650) 21:09:38:484 CHashTable::HashAdd:
S-1-5-21-117609710-1580818891-1417001333-1003 added in bucket 14
USERENV(524.650) 21:09:38:484 UnloadUserProfileP: Wait succeeded.  In
critical section.
USERENV(524.650) 21:09:38:968 UnloadUserProfileP:  Didn't unload user
profile, Ref Count is 1
USERENV(524.650) 21:09:38:968 UnloadUserProfileP: Reverted back to user <00000000>
USERENV(524.650) 21:09:38:968 CSyncManager::LeaveLock
<S-1-5-21-117609710-1580818891-1417001333-1003>
USERENV(524.650) 21:09:38:968 CSyncManager::LeaveLock: Lock released
USERENV(524.650) 21:09:38:968 CHashTable::HashDelete:
S-1-5-21-117609710-1580818891-1417001333-1003 deleted
USERENV(524.650) 21:09:38:968 CSyncManager::LeaveLock: Lock deleted
USERENV(524.650) 21:09:38:984 UnloadUserProfileP: Leave critical section.
USERENV(524.650) 21:09:38:984 UnloadUserProfileP: Leaving with a return value of 1
USERENV(524.650) 21:09:38:984 UnloadUserProfileI: returning 0
USERENV(788.80c) 21:09:38:984 UnloadUserProfile: Calling
UnloadUserProfileI succeeded
USERENV(524.57c) 21:09:38:984 IProfileSecurityCallBack: client authenticated.
USERENV(524.57c) 21:09:38:984 ReleaseClientContext: Releasing context
USERENV(524.57c) 21:09:38:984 ReleaseClientContext_s: Releasing context
USERENV(524.57c) 21:09:38:984 MIDL_user_free enter
USERENV(788.80c) 21:09:38:984 ReleaseInterface: Releasing rpc binding handle
USERENV(788.80c) 21:09:38:984 UnloadUserProfile: returning 1
USERENV(b98.cf4) 21:09:39:000 ImpersonateUser: Failed to impersonate user with 5.
USERENV(b98.cf4) 21:09:39:015 GetUserNameAndDomain Failed to impersonate user
USERENV(b98.cf4) 21:09:39:015 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(b98.cf4) 21:09:39:078 ImpersonateUser: Failed to impersonate user with 5.
USERENV(b98.cf4) 21:09:39:078 GetUserNameAndDomain Failed to impersonate user
USERENV(b98.cf4) 21:09:39:078 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(788.130) 21:09:40:421 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(af8.9f0) 21:09:40:953 LibMain: Process Name: 
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(96c.97c) 21:09:52:453 LibMain: Process Name: 
C:\WINDOWS\system32\runonce.exe
USERENV(244.644) 21:10:02:562 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:10:02:562 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:10:02:562 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(e38.e44) 21:10:12:781 LibMain: Process Name: 
C:\WINDOWS\system32\rundll32.exe
USERENV(ec8.c90) 21:10:12:828 LibMain: Process Name:  C:\WINDOWS\system32\imapi.exe
USERENV(244.644) 21:10:33:906 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:10:33:906 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:10:33:906 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:11:05:250 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:11:05:250 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:11:05:250 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:11:38:171 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:11:38:171 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:11:38:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:12:18:171 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:12:18:171 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:12:18:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:12:58:171 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:12:58:171 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:12:58:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:13:38:171 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:13:38:171 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:13:38:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:14:18:171 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:14:18:171 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:14:18:171 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(244.644) 21:14:50:750 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:14:50:750 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:14:50:750 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(d10.850) 21:15:09:656 LibMain: Process Name:  C:\WINDOWS\explorer.exe
USERENV(244.644) 21:15:22:375 ImpersonateUser: Failed to impersonate user with 5.
USERENV(244.644) 21:15:22:375 GetUserNameAndDomain Failed to impersonate user
USERENV(244.644) 21:15:22:375 GetUserDNSDomainName:  Computer is
running standalone.  No DNS domain name available.
USERENV(9e8.9d8) 21:15:23:406 LibMain: Process Name: 
C:\WINDOWS\system32\NOTEPAD.EXE

Hope this helps.
Paul.

Request for Question Clarification by sublime1-ga on 31 May 2006 01:33 PDT
rainman...

I think that's as far as I can take you. If you feel I've contributed
5 stars worth of an answer that's worth my 75% cut of the question fee,
let me know, and I'll consolidate my posts into an official answer.

sublime1-ga

Clarification of Question by rainman999-ga on 31 May 2006 09:25 PDT
Hi sublime1-ga

Yes I think you've contributed 5 stars worth, pity we couldn't find
the answer, but you sure as hell tried.

Many thanks.
Paul.
Answer  
Subject: Re: Slow Booting of Windows XP
Answered By: sublime1-ga on 31 May 2006 13:24 PDT
Rated:4 out of 5 stars
 
Paul...

Thanks for acknowledging my responses as a satisfactory answer.
I'll repost them here for the sake of future readers.

----------------------------------------------------------------

To check and see if it's your swapfile, one way to make things
simpler for Windows is to set both the minimum and maximum size
of your swapfile to the same amount = 2.5 times the amount of
installed RAM.

Your swapfile might also be fragmented. A utility that runs
prior to opening Windows and defragments your swapfile is
PageDefrag by Sysinternals:
http://www.sysinternals.com/Utilities/PageDefrag.html

Set it to run at next boot - you don't need to run it at every
boot.

---

From what you've noted, it doesn't seem like the swapfile
is a problem. I don't know that a screenshot would help,
but if you want to post one, you can get a free account
at eSnips, with 1GB of storage space, and post a public
folder with any files you like in it. Then post a link
to the folder.

The next couple of things I'd suggest would be:

- Try booting in safe mode (F8 before Windows starts).
  See if it's any faster.

- Boot normally, then r-click on My Computer and select
  'manage'. Expand Event Viewer on the left and look for
  error messages under the subheadings, especially System
  and Application.

- By any chance, do you have a wireless network card
  installed that's not in use? One user resolved this
  problem by removing it. Presumably Windows was looking
  for a network that didn't exist.

---

Okay, the 'unable to open the server service' is not unusual.

What it looks like to me is that you have some auxiliary part
of MS Office, like Bookshelf Basics, or an encyclopedia that's
setup to load from CD when Windows starts, so it's trying to
access the CD ROM on the D drive, and findng nothing. This 
seems the likely cause of the delay. 

Since you started fast in Safe Mode, the entries you want to
get rid of can be found in msconfig. If you're not familiar
with that, I suggest you install the user-friendlier WinPatrol
program (freeware) to see your Windows Startup entries and 
disable the ones calling for the CD ROM drive.

WinPatrol
http://www.winpatrol.com/


As for the network entries in EVEREST, I'm not familiar with 
how you normally connect to the internet. If you're using
cable or DSL, you probably DO have a network card installed,
and the Intel(R) PRO/1000 PM Network Connection is normally
used with DSL connections. The GlobeSpan USB ADSL LAN Modem
looks like it is active, while the Intel(R) PRO/1000 PM looks
like it is not. You can uninstall the Intel PRO/1000 by going
into Device Manager and removing it under Network Adapters.

R-click My Computer -> Properties -> Hardware tab -> Device
Manager button -> expand Network Adapters, find the Intel
PRO, and r-click it to uninstall. If the adapter card is
still installed in your computer, shut down and remove it
with the power cord pulled, or Windows will try to reinstall
it when you boot back up.

If you're no longer using AOL you should uninstall the dialer,
but it's possible you're using the The GlobeSpan USB ADSL LAN
Modem with AOL high speed, so those two could be okay.

I doubt the presence of the Intel PRO network card is what's
slowing you down, but it would be best to remove it. I think
it's some startup entry looking for the CD ROM and not finding
the CD it wants.

---

I'm afraid that your problem installing WinPatrol amounts to a
completely different question which would require research all
to itself. Better stick with 'msconfig':

Click Start -> Run, type in msconfig and hit Enter. Go to the 
Startup tab and look for entries that call for the CD-ROM via the
D:\ in the path, under the Command column. Uncheck it or them and
reboot. When Windows starts up again, see if it doesn't take less
time. Ignore the message msconfig gives you about the disabled
startup items, and tell it not to bother you again.

---

Does your CD-ROM appear to be seeking during the extended bootups?
Even if the reason for the slowness isn't the CD-ROM, it's most
certainly something visible in msconfig - otherwise, it wouldn't
be significantly quicker in Safe Mode - but you said you'd unchecked
ALL the startup files via msconfig, to no avail, so that leaves very
little to explore other than the system files like win.ini and
system.ini.

---

The following post on TechSpot suggests that Sunserver is
a nuisance, and provides directions for removing it:
http://www.techspot.com/vb/all/windows/t-34789-Need-Help-with-Hijackthis-Log-File.html

You might want to remove this anti-spyware program and see
if you can then set up an alternate login. You can always
reinstall it later.

Also, research suggests that "Failed to impersonate user with 5"
is basically an "access denied" message.

---

Reinstalling Windows is almost always an effective fix.
Most people don't like to do it because of the tremendous
amount of personalization they're likely to lose, but if
you're of a mind to do so, and your system isn't going to
be painfully difficult to reproduce, it may be the best
way to go.

As a long shot, before you try that, try this:

R-click My Computer and select Manage. At the bottom of the
list on the left, expand Services and Applications. Select
Services. Find DNS Client in the alphabetical list. R-click
it and select Properties. Then set the Startup type to
Disabled, and reboot. See if that makes a difference.

---

I can't think of anything in the BIOS which would account for a
delay at the 'loading preferences' point of bootup. The BIOS is
responsible for setting the parameters by which the hardware
in your system communicates with the mobo (motherboard), such
as RAM, IDE, hard drives, power supply, etc.

If you want to test to see if it has to do with the BIOS, most
BIOSs have an option to 'Restore default settings'. This will
reset all settings to factory conditions, which is how they 
were when the mobo was new, and first installed in the computer.
This is usually a very safe thing to do, in that they will be
the default settings designed to work with most hardware
configurations.

If you want to be sure you don't lose any of your current settings
in the process, the only way I know is to walk through all the 
settings and write them down somewhere. Then, if resetting to 
defaults doesn't help, you can walk through again, and reset them
all by hand.

Since your USERENV log shows the activity taking from 10:02 to
10:19, this seems to be where the hangup is. The problem is,
there are so many of what seem to be errors in the log that I
don't know what to research, and I'm not natively familiar with
the language of the file. Logs like this one and the boot log
can sometimes contain messages that look like errors, but are
just part of a normal bootup.

----------------------------------------------------------------

I'm glad we were able to get you down to a 3 minute bootup, and
eliminate some of the error messages you were getting. Perhaps,
by continuing to check on the error messages under Services and
Applications, following bootup, and continuing to play with 
exploring msconfig entries which don't apply when you're able
to boot up quickly in Safe Mode, you'll be able to narrow down
the remaining delays.

sublime1-ga
rainman999-ga rated this answer:4 out of 5 stars
I would have given 5 stars but unfortunately we never found the
answer, however that was not for the lack of trying by sublime1-ga.
Well worth the effort; as I learned a lot along the way.

Comments  
Subject: Re: Slow Booting of Windows XP
From: ubiquity-ga on 17 May 2006 14:10 PDT
 
Another way to defrag your page file without installing addition
software; is to set the page file size to zero, reboot, defrag, then
set the pagefile to 2.5 system memory and reboot again.

Anyways, it would be hard to fix your problem without knowing more. 
Do you have a load of programs on your computer, have you uninstalled
a lot of programs, are you connect to a work LAN that stores your
settings remotely.
Subject: Re: Slow Booting of Windows XP
From: ubiquity-ga on 24 May 2006 09:48 PDT
 
Download a little program called regseeker.  Run the registry scan and
get rid of all the junk it finds (both the green and red entries). 
You do not need to install regseeker, just go into the zipped file and
run it from there.  (it should create a backup of the registry just in
case).

Next from the run menu, go to: services.msc and toss any services you
do not need.  (Google the services if you do not know what it is.)

Next disable any hardware you do not use.  Right click on my computer,
go to properties -> hardware -> device managed.  Disable what you do
not use.  (i.e. game port, modem, a drive (if you dont use it).  By
disabling what is not used you are removing variables that could be
the culprit.

Goodluck.
Subject: Re: Slow Booting of Windows XP
From: tormen-ga on 25 May 2006 02:26 PDT
 
Hi.

I don't know if this is an option, because you would have to redo the
users settings, but...

Did you try simply to create a new account and to log onto this new account?

As your system gets slow while loading preferences it is highly likly
that the problem lies within the user part of the registry --> stored
in your profile --> a new profile should come up with a clean version
of the registry hive.

Let me know if this helped.

tormen.
Subject: Re: Slow Booting of Windows XP
From: tormen-ga on 25 May 2006 02:28 PDT
 
sorry: account = user account

Of course let me also know, if you should not know how to create a new user account.
Subject: Re: Slow Booting of Windows XP
From: exms-ga on 26 May 2006 13:42 PDT
 
rainman999-ga,

Have you tried to enable userenv logging? We used it a lot when i was
at MS to troubleshoot issues with user logins.

http://support.microsoft.com/kb/221833/EN-US/

Just make sure that you set the value to 0x00010002. Then reboot and
log back in. After it finally logs you in post it or email it to me.

By any chance is this part of a domain or stand alone PC?
Subject: Re: Slow Booting of Windows XP
From: slowcomputer-ga on 14 Aug 2006 08:24 PDT
 
There are many good reasons why Windows XP slows down on startup. All
the suggestions above are great but it is a good idea to try the
simple things first before your expend too much time and energy on the
more complex fixes.

Check out the following sites for tips and information to speed up
your slow Windows computer:

http://www.slow-computer.com
http://slow-computer.blogspot.com
http://www.computer-freeze.com

Good luck!

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy