Slow Shutdown Issues

Tom · Dec 21, 2004

Hi,

I posted about 6 days ago with this problem, but I didn't get an answer, but I now have a little more info to offer, in the hope that someone can help. I get this slow shutdown, due to a registry hive not unloading properly. I downloaded and installed UPHclean.exe to get the message, as mentioned in my earlier request. I made a change in the registry to show the string that is causing the slowdown. UPHclean doesn't speed up the shutdown as advertised, since it is the same with or without it.

Anyway, here is what it states in the event viewer under Application:

-------------------------------------------------------------

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 12/19/2004
Time: 4:52:44 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
The following handles opened in user profile hive CI766524-A\xxxxxx (S-1-5-21-1844237615-1364589140-839522115-1003) are preventing the profile from unloading:

svchost.exe (956)
HKCU (0x330)
0x77e3b4b7 ADVAPI32!<no symbol>
0x77e072b1 ADVAPI32!IsTextUnicode+0x9cb4
0x77dd6b20 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd773e ADVAPI32!RegOpenKeyW+0x2f
0x77ddb2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
0x77ddb296 ADVAPI32!SaferComputeTokenFromLevel+0x541
0x77dd9e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819653 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c818d2c kernel32!GetNlsSectionName+0x10cb
0x77df7838 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a96097 rpcss!<no symbol>
0x76a95e13 rpcss!<no symbol>
0x77e79dc9 RPCRT4!CheckVerificationTrailer+0x75
0x77ef321a RPCRT4!NdrStubCall2+0x215
0x77ef36ee RPCRT4!NdrServerCall2+0x19
0x77e7988c RPCRT4!NdrGetTypeFlags+0x1c9
0x77e797f1 RPCRT4!NdrGetTypeFlags+0x12e
0x77e7971d RPCRT4!NdrGetTypeFlags+0x5a
0x77e7bd0d RPCRT4!NdrConformantArrayFree+0x42e
0x77e7bb6a RPCRT4!NdrConformantArrayFree+0x28b
0x77e76784 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c22 RPCRT4!I_RpcBCacheFree+0x5ea
0x77e76a3b RPCRT4!I_RpcBCacheFree+0x403
0x77e76c0a RPCRT4!I_RpcBCacheFree+0x5d2
0x7c80b50b kernel32!GetModuleFileNameA+0x1b4

-------------------------------------------------------------

Also, I don't know if this has anything to do with it, but will post this also, and cannot figure this out, this is from the event/application also:

-------------------------------------------------------------

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 12/19/2004
Time: 4:17:47 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Guest · Dec 22, 2004

no answer, just reload

Tom said:
Hi,

I posted about 6 days ago with this problem, but I didn't get an answer, but I now have a little more info to offer, in the hope that someone can help. I get this slow shutdown, due to a registry hive not unloading properly. I downloaded and installed UPHclean.exe to get the message, as mentioned in my earlier request. I made a change in the registry to show the string that is causing the slowdown. UPHclean doesn't speed up the shutdown as advertised, since it is the same with or without it.

Anyway, here is what it states in the event viewer under Application:

-------------------------------------------------------------

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 12/19/2004
Time: 4:52:44 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
The following handles opened in user profile hive CI766524-A\xxxxxx (S-1-5-21-1844237615-1364589140-839522115-1003) are preventing the profile from unloading:

svchost.exe (956)
HKCU (0x330)
0x77e3b4b7 ADVAPI32!<no symbol>
0x77e072b1 ADVAPI32!IsTextUnicode+0x9cb4
0x77dd6b20 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd773e ADVAPI32!RegOpenKeyW+0x2f
0x77ddb2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
0x77ddb296 ADVAPI32!SaferComputeTokenFromLevel+0x541
0x77dd9e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819653 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c818d2c kernel32!GetNlsSectionName+0x10cb
0x77df7838 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a96097 rpcss!<no symbol>
0x76a95e13 rpcss!<no symbol>
0x77e79dc9 RPCRT4!CheckVerificationTrailer+0x75
0x77ef321a RPCRT4!NdrStubCall2+0x215
0x77ef36ee RPCRT4!NdrServerCall2+0x19
0x77e7988c RPCRT4!NdrGetTypeFlags+0x1c9
0x77e797f1 RPCRT4!NdrGetTypeFlags+0x12e
0x77e7971d RPCRT4!NdrGetTypeFlags+0x5a
0x77e7bd0d RPCRT4!NdrConformantArrayFree+0x42e
0x77e7bb6a RPCRT4!NdrConformantArrayFree+0x28b
0x77e76784 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c22 RPCRT4!I_RpcBCacheFree+0x5ea
0x77e76a3b RPCRT4!I_RpcBCacheFree+0x403
0x77e76c0a RPCRT4!I_RpcBCacheFree+0x5d2
0x7c80b50b kernel32!GetModuleFileNameA+0x1b4

-------------------------------------------------------------

Also, I don't know if this has anything to do with it, but will post this also, and cannot figure this out, this is from the event/application also:

-------------------------------------------------------------

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 12/19/2004
Time: 4:17:47 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

-------------------------------------------------------------

I think this has something to do with Office 2003, but am unsure, and any help is greatly appreciated.

Tom

Kelly · Dec 22, 2004

Hi Tom,

Do some reading here:

http://www.google.com/search?hl=en&q=UPHClean&btnG=Google+Search

and:

http://www.google.com/search?hl=en&q=Event+ID:+1501&btnG=Google+Search

and here:

--
Happy Holidays,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

Hi,

I posted about 6 days ago with this problem, but I didn't get an answer, but
I now have a little more info to offer, in the hope that someone can help. I
get this slow shutdown, due to a registry hive not unloading properly. I
downloaded and installed UPHclean.exe to get the message, as mentioned in my
earlier request. I made a change in the registry to show the string that is
causing the slowdown. UPHclean doesn't speed up the shutdown as advertised,
since it is the same with or without it.

Anyway, here is what it states in the event viewer under Application:

-------------------------------------------------------------

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 12/19/2004
Time: 4:52:44 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
The following handles opened in user profile hive CI766524-A\xxxxxx
(S-1-5-21-1844237615-1364589140-839522115-1003) are preventing the profile
from unloading:

svchost.exe (956)
HKCU (0x330)
0x77e3b4b7 ADVAPI32!<no symbol>
0x77e072b1 ADVAPI32!IsTextUnicode+0x9cb4
0x77dd6b20 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd773e ADVAPI32!RegOpenKeyW+0x2f
0x77ddb2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
0x77ddb296 ADVAPI32!SaferComputeTokenFromLevel+0x541
0x77dd9e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819653 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c818d2c kernel32!GetNlsSectionName+0x10cb
0x77df7838 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a96097 rpcss!<no symbol>
0x76a95e13 rpcss!<no symbol>
0x77e79dc9 RPCRT4!CheckVerificationTrailer+0x75
0x77ef321a RPCRT4!NdrStubCall2+0x215
0x77ef36ee RPCRT4!NdrServerCall2+0x19
0x77e7988c RPCRT4!NdrGetTypeFlags+0x1c9
0x77e797f1 RPCRT4!NdrGetTypeFlags+0x12e
0x77e7971d RPCRT4!NdrGetTypeFlags+0x5a
0x77e7bd0d RPCRT4!NdrConformantArrayFree+0x42e
0x77e7bb6a RPCRT4!NdrConformantArrayFree+0x28b
0x77e76784 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c22 RPCRT4!I_RpcBCacheFree+0x5ea
0x77e76a3b RPCRT4!I_RpcBCacheFree+0x403
0x77e76c0a RPCRT4!I_RpcBCacheFree+0x5d2
0x7c80b50b kernel32!GetModuleFileNameA+0x1b4

-------------------------------------------------------------

Also, I don't know if this has anything to do with it, but will post this
also, and cannot figure this out, this is from the event/application also:

-------------------------------------------------------------

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 12/19/2004
Time: 4:17:47 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
A provider, OffProv11, has been registered in the WMI namespace,
Root\MSAPPS11, to use the LocalSystem account. This account is privileged
and the provider may cause a security violation if it does not correctly
impersonate user requests.

-------------------------------------------------------------

I think this has something to do with Office 2003, but am unsure, and any
help is greatly appreciated.

Tom

Tom · Dec 22, 2004

Kelly said:
Hi Tom,

Do some reading here:

http://www.google.com/search?hl=en&q=UPHClean&btnG=Google+Search

and:

http://www.google.com/search?hl=en&q=Event+ID:+1501&btnG=Google+Search

and here:

Hi Kelly,

I have hit those Google sites for days on end before posting here, and got no answers. I am simply trying to see if someone can decipher them., but the slowdown is something that happened recently, and I can't track it down. Hopefully I will find something soon.

And Happy Holidays to you and yours also

!

Tom

Bob I · Dec 22, 2004

I don't know if this will do it but try a new profile/user.

Rock · Dec 22, 2004

Tom said:
Hi,

I posted about 6 days ago with this problem, but I didn't get an answer, but I now have a little more info to offer, in the hope that someone can help. I get this slow shutdown, due to a registry hive not unloading properly. I downloaded and installed UPHclean.exe to get the message, as mentioned in my earlier request. I made a change in the registry to show the string that is causing the slowdown. UPHclean doesn't speed up the shutdown as advertised, since it is the same with or without it.

Anyway, here is what it states in the event viewer under Application:

-------------------------------------------------------------

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 12/19/2004
Time: 4:52:44 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
The following handles opened in user profile hive CI766524-A\xxxxxx (S-1-5-21-1844237615-1364589140-839522115-1003) are preventing the profile from unloading:

svchost.exe (956)
HKCU (0x330)
0x77e3b4b7 ADVAPI32!<no symbol>
0x77e072b1 ADVAPI32!IsTextUnicode+0x9cb4
0x77dd6b20 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd773e ADVAPI32!RegOpenKeyW+0x2f
0x77ddb2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
0x77ddb296 ADVAPI32!SaferComputeTokenFromLevel+0x541
0x77dd9e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819653 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c818d2c kernel32!GetNlsSectionName+0x10cb
0x77df7838 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a96097 rpcss!<no symbol>
0x76a95e13 rpcss!<no symbol>
0x77e79dc9 RPCRT4!CheckVerificationTrailer+0x75
0x77ef321a RPCRT4!NdrStubCall2+0x215
0x77ef36ee RPCRT4!NdrServerCall2+0x19
0x77e7988c RPCRT4!NdrGetTypeFlags+0x1c9
0x77e797f1 RPCRT4!NdrGetTypeFlags+0x12e
0x77e7971d RPCRT4!NdrGetTypeFlags+0x5a
0x77e7bd0d RPCRT4!NdrConformantArrayFree+0x42e
0x77e7bb6a RPCRT4!NdrConformantArrayFree+0x28b
0x77e76784 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c22 RPCRT4!I_RpcBCacheFree+0x5ea
0x77e76a3b RPCRT4!I_RpcBCacheFree+0x403
0x77e76c0a RPCRT4!I_RpcBCacheFree+0x5d2
0x7c80b50b kernel32!GetModuleFileNameA+0x1b4

-------------------------------------------------------------

Also, I don't know if this has anything to do with it, but will post this also, and cannot figure this out, this is from the event/application also:

-------------------------------------------------------------

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 12/19/2004
Time: 4:17:47 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

-------------------------------------------------------------

I think this has something to do with Office 2003, but am unsure, and any help is greatly appreciated.

Tom

Tom, have you tried some clean boot troubleshooting? It's boring and
time consuming, but sometimes can be revealing.

How to Troubleshoot By Using the Msconfig Utility in Windows XP
http://support.microsoft.com/?id=310560

How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/?id=316434

R. McCarty · Dec 22, 2004

Depending on what version of MS Office you have, are you up
to date with patches & updates for it ? Office has a website that
works much like Windows Update. Only difference, you must
have your install media to validate your product for upgrades.
I believe Office 2003 is at Service Pack 1 level. You can check
your version by opening any Office component, Click Help &
then About.

Visit Office Update here:
http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us
Link may require an ActiveX component for access.

Tom · Dec 22, 2004

Rock said:
Tom, have you tried some clean boot troubleshooting? It's boring and
time consuming, but sometimes can be revealing.

How to Troubleshoot By Using the Msconfig Utility in Windows XP
http://support.microsoft.com/?id=310560

How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/?id=316434

Thanks for this, but I don't think this is the issue. But I will check into it.

Tom · Dec 22, 2004

R. McCarty said:
Depending on what version of MS Office you have, are you up
to date with patches & updates for it ? Office has a website that
works much like Windows Update. Only difference, you must
have your install media to validate your product for upgrades.
I believe Office 2003 is at Service Pack 1 level. You can check
your version by opening any Office component, Click Help &
then About.

Visit Office Update here:
http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us
Link may require an ActiveX component for access.

Thanks, but I have all the latest updates, and they may even be the problem.I'll unload them and post back.

Guest · Jan 4, 2005

Hi Tom.

I am also having the same issue intermittently. UPHClean is giving me the
same report. However, I am NOT getting the event ID 63 that you are getting.

I have XP Home SP2. I am using Office XP with all the latest SPs and
patches. I recently set-up my PC in a home network. I don't know if this
has anything to do with it. I also modified some service startups, i.e.,
manual and disabled. I did NOT change the account which these services
log-in as. I recently started using AntiVir antivirus. I tried
troubleshooting but no luck. Did you do anything similar? Let's keep this
thread alive and try to determine what's up.

Rich

Tom · Jan 4, 2005

I think I've narrowed it down to a few recent hotfixes. But I am testing them to be absolutely sure they are the culprits. When I have more time to test them, I will post back.

Guest · Jan 4, 2005

If this is a newer type of pc then the slow shutdown youre expirencing is the
actual chip trying to cool down before is shuts itself down. it also can be
slow because the directory is collecting up information so it has a smooth
and proper shutdown process.

hope this helps.

J Mann

Guest · Jan 4, 2005

after actually reading your problem i would suggest the following:
ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe
- Click START> Run
- Type in chkdsk c: /f
- It will say "Cannot check now 'cause I'm dumb, do it when you reboot?"
Type y and anter.
- Reboot your machine
- The machine will make sure that your filesystem is all in tact.
- Download the latest Ad-Aware:

- Let it update the definition files and scan the machine
- Select all the items and click next
- Make sure your Antivirus program is up to date. If you don't have one,
get AntiVir here: http://www.avup.de/personal/en/avwinsfx.exe
- Do a scan
- When you're done that stuff, you could reset your System Restore. That
can be a hastle at times:
- Right click on "My Computer"
- Click the "System Restore" tab
- Check the box that says "Turn Off System Restore"
- Hit "Apply" and answer YES.
- Wait for it to purge everything (Could take a few minutes)
- Turn it back on, and set it to somewhere around 1GB or so at the most)
- Run the "Disk Cleanup" program (Start> Programs> Accessories> System
tools> Disk Cleanup.
- Select drive C if it asks
- Check off all the boxes
- Click OK
- Click YES
- Defragment the drive:
- Right click on your C drive
- Select Properties
- Tools tab
- Click "Defragment now"
- Highlight the C drive and click the "Defragment" button
- This will take a while, so do this last, or let it run overnight or
something.

try that.

Guest · Jan 6, 2005

Tried that. My system doesn't have spyware and I have AntiVir. I run
scandisk and defrag regularly and I turned off system restore as soon as I
built the system. The warnings in the Application Log are still
intermittent. Thanks for the suggestions.

Rich

Guest · Jan 9, 2005

Tom, did you make any progress yet with the hotfixes? Thanks.

Rich

Guest · Jan 10, 2005

Tom,

Did you make any progress looking at the hotfixes?

Rich

Deleted Default User Desktop.ini files and more	1	Jul 17, 2006
UPHClean log question	1	Jan 13, 2005
UPHClean error message	2	Feb 28, 2006
Profile unload issues (W2K)	2	Dec 25, 2006
Corrupt Profiles lead to nearly empty desktops, Win2k3 & XPSP1 Cli	5	Sep 8, 2005
WTD: Nvidia Videocard for 4x AGP Slot	0	May 29, 2008

Slow Shutdown Issues

Tom

Guest

Kelly

Tom

Bob I

Rock

R. McCarty

Tom

Tom

Guest

Tom

Guest

Guest

Guest

Guest

Guest

Ask a Question

Similar Threads