Help With Using UPHClean

[JD]

I have the latest version of UPHClean. The accompanying Readme states:

By default UPHClean takes action to allow profiles to unload. You can choose
to have UPHClean only report what processes it finds preventing profiles
from unloading. To do this, install UPHClean and use the registry editor to
set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\REPORT_ONLY to 1.

You can also have UPHClean log the call stack that is responsible for the
profile hive handle. This is necessary to find out what software is
responsible for the hive handle in processes used for many purposes (e.g.
svchost.exe, dllhost.exe, winmgmt.exe). To enable call stack logging use the
registry editor to set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\CALLSTACK_LOG to
1.

Logging the call stack is computationally and memory intensive. You should
use this option to collect information and then turn it off. To get more
accurate call stack logging it may be necessary to get symbols installed on
the computer. You can read about getting symbols at:

http://www.microsoft.com/whdc/ddk/debugging/symbols.mspx

I've made these registry changes, but am at a loss as to how to locate and
read the "log" that will identify the offending software.

Any help will be appreciated.

 

[Dave Patrick]

Look in Event Viewer

Start|Run|eventvwr.msc

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

 

[JD]

I thought that I could see a "log" that identified specifically what program
was causing the Userenv "event."
The only thing the event viewer reports is not very meaningful to me:

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1401
Date: 12/1/2006
Time: 5:09:33 PM
User: GATEWAY\Owner
Computer: GATEWAY
Description:
The following handles in user profile hive GATEWAY\Owner
(S-1-5-21-1844237615-1801674531-725345543-1003) have been remapped because
they were preventing the profile from unloading successfully:
svchost.exe (1784)
HKCU (0x1f0)

This information is supplied without the registry changes that are supposed
to "log the call stack" (whatever that means). I'd really like to know which
program or application is preventing profiles from unloading. How do I
discover what application this instance of svchost.exe is connected with?
What does the Readme mean by: "You can also have UPHClean log the call stack
that is responsible for the profile hive handle. This is necessary to find
out what software is responsible for the hive handle in processes used for
many purposes (e.g. svchost.exe, dllhost.exe, winmgmt.exe)"?

Look in Event Viewer

Start|Run|eventvwr.msc

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

I have the latest version of UPHClean. The accompanying Readme states:

By default UPHClean takes action to allow profiles to unload. You can
choose to have UPHClean only report what processes it finds preventing
profiles from unloading. To do this, install UPHClean and use the
registry editor to set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\REPORT_ONLY to
1.

You can also have UPHClean log the call stack that is responsible for the
profile hive handle. This is necessary to find out what software is
responsible for the hive handle in processes used for many purposes (e.g.
svchost.exe, dllhost.exe, winmgmt.exe). To enable call stack logging use
the registry editor to set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\CALLSTACK_LOG
to 1.

Logging the call stack is computationally and memory intensive. You
should use this option to collect information and then turn it off. To
get more accurate call stack logging it may be necessary to get symbols
installed on the computer. You can read about getting symbols at:

http://www.microsoft.com/whdc/ddk/debugging/symbols.mspx

I've made these registry changes, but am at a loss as to how to locate
and read the "log" that will identify the offending software.

Any help will be appreciated.

 

[Dave Patrick]

Searching the registry for the string
"S-1-5-21-1844237615-1801674531-725345543-1003"

may turn something up. Maybe this also helps.

http://download.microsoft.com/download/a/8/7/a87b3d05-cd04-4743-a23b-b16645e075ac/readme.txt

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

 

[Dave Patrick]

You might also from a command prompt;

tasklist /svc

and compare with the PID shown in the event log. (svchost.exe is the service
host controller) Also try a clean boot to see if it continues to happen or
not.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

 

[JD]

"tasklist is not recognized as a command."
Is a "clean boot" essentially Safe Mode?
It still appears to me from the UPHClean Readme that a "log" of some kind
should be evident.
The Userenv event is not a serious issue. I was just curious as to whether I
could identify the application that was causing it.

 

[Gerry Cornell]

Advice originating from Wesley Vogel.

Tasklist does not come with XP Home.

The following works. I did it when I had XP Home.

1. Download Tasklist.exe.

Tasklist.exe available here:
http://www.computerhope.com/download/winxp.htm

Or...

http://www.mvps.org/sramesh2k/

Microsoft Windows XP - Tips & Fixes
Click on:
Tasklist.exe - Lists all processes & services (/Svc)

Or...

http://www.mvps.org/sramesh2k/utils/tasklist.exe

2. Copy tasklist.exe to

C:\WINDOWS\system32
or
%windir%\system32

3. Open a Command Prompt.

Start | Run | type: cmd | OK
When the Command Prompt window opens type:

tasklist /svc

Hit your ENTER key.

Also:

tasklist /?

Displays Help and usage.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

"tasklist is not recognized as a command."
Is a "clean boot" essentially Safe Mode?
It still appears to me from the UPHClean Readme that a "log" of some kind
should be evident.
The Userenv event is not a serious issue. I was just curious as to whether
I could identify the application that was causing it.

You might also from a command prompt;

tasklist /svc

and compare with the PID shown in the event log. (svchost.exe is the
service host controller) Also try a clean boot to see if it continues to
happen or not.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

 

[JD]

Thank you for the detailed procudures. I will follow up. I take it, then,
that the UPHClean program is more helpful to users of XP Pro. I can live
with that.

Advice originating from Wesley Vogel.

Tasklist does not come with XP Home.

The following works. I did it when I had XP Home.

1. Download Tasklist.exe.

Tasklist.exe available here:
http://www.computerhope.com/download/winxp.htm

Or...

http://www.mvps.org/sramesh2k/

Microsoft Windows XP - Tips & Fixes
Click on:
Tasklist.exe - Lists all processes & services (/Svc)

Or...

http://www.mvps.org/sramesh2k/utils/tasklist.exe

2. Copy tasklist.exe to

C:\WINDOWS\system32
or
%windir%\system32

3. Open a Command Prompt.

Start | Run | type: cmd | OK
When the Command Prompt window opens type:

tasklist /svc

Hit your ENTER key.

Also:

tasklist /?

Displays Help and usage.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

"tasklist is not recognized as a command."
Is a "clean boot" essentially Safe Mode?
It still appears to me from the UPHClean Readme that a "log" of some kind
should be evident.
The Userenv event is not a serious issue. I was just curious as to
whether
I could identify the application that was causing it.

You might also from a command prompt;

tasklist /svc

and compare with the PID shown in the event log. (svchost.exe is the
service host controller) Also try a clean boot to see if it continues to
happen or not.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

 

[Gerry Cornell]

JD

"the UPHClean program is more helpful to users of XP Pro"

No they get more in their package because they pay more!

I have Home.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Thank you for the detailed procudures. I will follow up. I take it, then,
that the UPHClean program is more helpful to users of XP Pro. I can live
with that.

Advice originating from Wesley Vogel.

Tasklist does not come with XP Home.

The following works. I did it when I had XP Home.

1. Download Tasklist.exe.

Tasklist.exe available here:
http://www.computerhope.com/download/winxp.htm

Or...

http://www.mvps.org/sramesh2k/

Microsoft Windows XP - Tips & Fixes
Click on:
Tasklist.exe - Lists all processes & services (/Svc)

Or...

http://www.mvps.org/sramesh2k/utils/tasklist.exe

2. Copy tasklist.exe to

C:\WINDOWS\system32
or
%windir%\system32

3. Open a Command Prompt.

Start | Run | type: cmd | OK
When the Command Prompt window opens type:

tasklist /svc

Hit your ENTER key.

Also:

tasklist /?

Displays Help and usage.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

"tasklist is not recognized as a command."
Is a "clean boot" essentially Safe Mode?
It still appears to me from the UPHClean Readme that a "log" of some
kind
should be evident.
The Userenv event is not a serious issue. I was just curious as to
whether
I could identify the application that was causing it.
You might also from a command prompt;

tasklist /svc

and compare with the PID shown in the event log. (svchost.exe is the
service host controller) Also try a clean boot to see if it continues
to
happen or not.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect