T
Tom
Hi,
I posted about 6 days ago with this problem, but I didn't get an answer, but I now have a little more info to offer, in the hope that someone can help. I get this slow shutdown, due to a registry hive not unloading properly. I downloaded and installed UPHclean.exe to get the message, as mentioned in my earlier request. I made a change in the registry to show the string that is causing the slowdown. UPHclean doesn't speed up the shutdown as advertised, since it is the same with or without it.
Anyway, here is what it states in the event viewer under Application:
-------------------------------------------------------------
Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 12/19/2004
Time: 4:52:44 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
The following handles opened in user profile hive CI766524-A\xxxxxx (S-1-5-21-1844237615-1364589140-839522115-1003) are preventing the profile from unloading:
svchost.exe (956)
HKCU (0x330)
0x77e3b4b7 ADVAPI32!<no symbol>
0x77e072b1 ADVAPI32!IsTextUnicode+0x9cb4
0x77dd6b20 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd773e ADVAPI32!RegOpenKeyW+0x2f
0x77ddb2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
0x77ddb296 ADVAPI32!SaferComputeTokenFromLevel+0x541
0x77dd9e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819653 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c818d2c kernel32!GetNlsSectionName+0x10cb
0x77df7838 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a96097 rpcss!<no symbol>
0x76a95e13 rpcss!<no symbol>
0x77e79dc9 RPCRT4!CheckVerificationTrailer+0x75
0x77ef321a RPCRT4!NdrStubCall2+0x215
0x77ef36ee RPCRT4!NdrServerCall2+0x19
0x77e7988c RPCRT4!NdrGetTypeFlags+0x1c9
0x77e797f1 RPCRT4!NdrGetTypeFlags+0x12e
0x77e7971d RPCRT4!NdrGetTypeFlags+0x5a
0x77e7bd0d RPCRT4!NdrConformantArrayFree+0x42e
0x77e7bb6a RPCRT4!NdrConformantArrayFree+0x28b
0x77e76784 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c22 RPCRT4!I_RpcBCacheFree+0x5ea
0x77e76a3b RPCRT4!I_RpcBCacheFree+0x403
0x77e76c0a RPCRT4!I_RpcBCacheFree+0x5d2
0x7c80b50b kernel32!GetModuleFileNameA+0x1b4
-------------------------------------------------------------
Also, I don't know if this has anything to do with it, but will post this also, and cannot figure this out, this is from the event/application also:
-------------------------------------------------------------
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 12/19/2004
Time: 4:17:47 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
I posted about 6 days ago with this problem, but I didn't get an answer, but I now have a little more info to offer, in the hope that someone can help. I get this slow shutdown, due to a registry hive not unloading properly. I downloaded and installed UPHclean.exe to get the message, as mentioned in my earlier request. I made a change in the registry to show the string that is causing the slowdown. UPHclean doesn't speed up the shutdown as advertised, since it is the same with or without it.
Anyway, here is what it states in the event viewer under Application:
-------------------------------------------------------------
Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 12/19/2004
Time: 4:52:44 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
The following handles opened in user profile hive CI766524-A\xxxxxx (S-1-5-21-1844237615-1364589140-839522115-1003) are preventing the profile from unloading:
svchost.exe (956)
HKCU (0x330)
0x77e3b4b7 ADVAPI32!<no symbol>
0x77e072b1 ADVAPI32!IsTextUnicode+0x9cb4
0x77dd6b20 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd773e ADVAPI32!RegOpenKeyW+0x2f
0x77ddb2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
0x77ddb296 ADVAPI32!SaferComputeTokenFromLevel+0x541
0x77dd9e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819653 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c818d2c kernel32!GetNlsSectionName+0x10cb
0x77df7838 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a96097 rpcss!<no symbol>
0x76a95e13 rpcss!<no symbol>
0x77e79dc9 RPCRT4!CheckVerificationTrailer+0x75
0x77ef321a RPCRT4!NdrStubCall2+0x215
0x77ef36ee RPCRT4!NdrServerCall2+0x19
0x77e7988c RPCRT4!NdrGetTypeFlags+0x1c9
0x77e797f1 RPCRT4!NdrGetTypeFlags+0x12e
0x77e7971d RPCRT4!NdrGetTypeFlags+0x5a
0x77e7bd0d RPCRT4!NdrConformantArrayFree+0x42e
0x77e7bb6a RPCRT4!NdrConformantArrayFree+0x28b
0x77e76784 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c22 RPCRT4!I_RpcBCacheFree+0x5ea
0x77e76a3b RPCRT4!I_RpcBCacheFree+0x403
0x77e76c0a RPCRT4!I_RpcBCacheFree+0x5d2
0x7c80b50b kernel32!GetModuleFileNameA+0x1b4
-------------------------------------------------------------
Also, I don't know if this has anything to do with it, but will post this also, and cannot figure this out, this is from the event/application also:
-------------------------------------------------------------
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 12/19/2004
Time: 4:17:47 PM
User: CI766524-A\xxxxxx
Computer: CI766524-A
Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.