Services hanging on startup

[Guest]

I had to uninstall a particularly troubling utility (Aluria Spyware
Eliminator). It did not uninstall cleanly. I had to manually delete a lot of
the files that its uninstaller missed. And I had to delete a lot of keys that
it added to the registry (I only removed the keys containing the word
"Aluria". ) I re-booted. Windows began to hang at various points during
startup. Restoring the registry from backup did not help. Nor did
reinstalling Windows from the CD-ROM (/R switch -- Repair option). It now
takes 3-4 minutes to start Windows. The last time I booted, the following
entries appeared in the System Event Log:

- The SSDP Discovery Service service depends on the HTTP service which
failed to start because of the following error: The specified procedure
could not be found.

- The HTTP service failed to start due to the following error: The specified
procedure could not be found.


And the following Warning appeared in the Application Event Log 5 times:

- Detection of product '{D3386797-A836-4030-AB5D-4E89F2F15F33}', feature
'AV_DVP' failed during request for component
'{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}'

It's the same story every time I bought Windows, with multiple entries of
the above Error and Warning events, each time (though their order and number
vary.)

I am hoping that there is a way to fix this without doing a clean install of
Windows and all my applications.

 

[Guest]

More information:

- There is no HTTP service listed in Services.

- The HTTP SSL service is present; but it cannot be started because it is
dependent on the HTTP service starting first.

- I have not been able to determine which application "AV_DVP" is, or is a
part of. I could find no reference to it on the MS web site. The closest
application name on my computer is an antivirus program named AVG, which I
uninstalled. It did not remove the problem. Re-installing the latest version
and updating it didn't work either.

 

[Wesley Vogel]

Do you have a network?
Are you using IIS?
Is your machine a Web server?

If the answers are no, disable SSDP Discovery Service, HTTP SSL service and
IIS.

[[Used to locate UPnP devices on your home network. Used in conjunction with
Universal Plug and Play Device Host, it detects and configures UPnP devices
on your home network.]]
SSDP Discovery Service
http://web.archive.org/web/20041128020314/www.blackviper.com/WinXP/service411.htm

HTTP SSL is not required on a computer that is not .

HTTP SSL service depends on the HTTP Driver (If IIS installed) Internet
Information Service

HTTP SSL This service implements the secure HTTP (HTTPS) for the HTTP
service, using Secure Socket Layer (SSL). If you want to use HTTPS to secure
Outlook Web Access or RPC over HTTP connections, you must enable this
service.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

I have a home network.
I am not using IIS.
My machine is not a web server.

I am no longer seeing the error messages related to HTTP & networking. Now I
am seeing HUGE numbers of ERROR and WARNING messages in the System and
Application logs, respectively. Different things every time. But, mostly
these two:

Detection of product '{D3386797-A836-4030-AB5D-4E89F2F15F33}', feature
'AV_DVP' failed during request for component
'{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}'

and

The dvpapi service hung on starting.

My best guess is that something about the real time anti-virus protection is
missing or corrupted and that, when it crashes on startup and repeatedly
tries to load related components, it interfers with whatever driver is being
loaded or whatever services is being started -- more often than not, causing
them to fail as well.

I have been unable to find any info on the net as to whether this service is
part of Windows or another application, let alone how to remedy the problem I
am seeing. I have repaired Windows (from the CD-ROM) and re-installed SP2 and
some 40+ updates. I have also removed and reinstalled my anti-virus software
(AVG). I am currently running a number of anti-spyware programs. CounterSpy
is the newest -- replacing Aluria Spyware Eliminator.

 

[Wesley Vogel]

None of this is part of Windows.

dvpapi.exe is a process associated with the Authentium Antivirus
application. I assume that dvpapi.exe is the dvpapi service. It would
follow that AV_DVP might be AntiVirus_ something related to dvpapi.exe.

DVPAPI.EXE belongs to Command AntiVirus for Windows NT
www.commandsoftware.com redirects to www.authentium.com/index.htm

dvpapi.exe seems to be part of both Authentium Antivirus and Command
AntiVirus.

Authentium bought Command Software Systems, so that makes sense.

{E39DB87F-D2CB-42FF-AAA4-72E708258DC6} is related to Command AntiVirus.

Unplug your modem, uninstall, reboot and then reinstall Authentium Antivirus
or Command AntiVirus, whichever one it is.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Not really. I don't have either anti-virus app. My guess was that it may be
an antiviris engine licensed by other applications. One poster in another
forum guessed that it could be part of the MS anti-spyware (which I did have,
briefly, on this system.)

Unfortunately, there is very little info on it so I don't know which app to
uninstall. As previously noted, I all ready tried uninstalling my antivirus
app (AVG) and reinstalling it -- which had no effect.

 

[Wesley Vogel]

AVG has *nothing* to do with it.

Do a Search for dvpapi.exe to find out what folder it's in.

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;302347

Probably...
C:\Program Files\Common Files\Command Software\dvpapi.exe

Right click dvpapi.exe | Properties | Version tab
Vendor contains: Command Software Systems
Product contains: Command AntiVirus for Windows

DVPAPI.EXE - Module for DVP communication

dvpapi.exe
Dvpapi.exe is the on-access antivirus component of Authentium's Command
Antivirus as well as various other security suites, including Comcast
Security Manager, Cox High Speed Internet Security Software, Freedom,
and others.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Okay, I think I've nailed this down. The Authentium web site lists Aluria
software as a partner (which is what I suspected). Also a partner is Webroot
(I tried a demo of their anti-spyware software at one time and removed it
from my system.) It looks like these products depend on this software to run
their real time antivirus protection, although they are anti-spyware apps.

I'm posting this here to let other users know -- because there is very
little info about this on the web. Aluria's product (Spyware Eliminator) did
not uninstall cleanly. Files, registry entries, etc. All over the place. And
it was a disaster to work with, too, conflicting with everything and slowing
Windows to a crawl.

 

[Guest]

I tried searching for the file many times, earlier on. For some reason
Windows XP search was not finding this file -- even when I changed the view
preferences to show hidden and systems files. I found it eventually by
looking in \Program FilesCommon Files\Command Software\.

What makes matters worse is that CA ETrust Pest Patrol also appears to use
it (at least CA and Aluria are listed on the Authentium Partners web page).
There may be others, so I am reluctant to just remove all the Command
Software files. I tried to uninstall Pest Patroll and Windows simply wouldn't
delete any CA or Command Software files.

I manually deleted the CA files, then re-installed from the CD-ROM. Running
Pest Patroll without active protection is still causing the same errors to
occur. I am enabling active protection and rebooting to see if that at least
writes (or rewrites) its registry keys to make services start when they
should.

I think what's happening here is that Aluria and CA wrote separate subkeys
under the Command Software keys. Aluria may have left remnants which CA can't
uninstall. I'm wondering if CounterSpy is using it, too, although they are
not listed and their web site is bosting about a new real time protection
scheme which is supposed to be radically different from their competition.

It also could be that the real time anti-virus component of these
anti-spyware programs is conflicting with the real time protection of AVG
Anti-virus. I'm wondering if any of these apps were certified for Windows XP
Pro (and, if so, don't they have to peacefully co-exist?)

 

[Guest]

Well, there doesn't appear to be any way to turn off active protection (or at
least the anti-virus part of it) in Pest Patrol. So, I enabled it and, of
course, that didn't remove the problem. Next, I manually edited the registry,
removing any subkey where AV_DVP appeared. This finally made all the error
and warning messages disappear from the logs -- except the following one.
(Any ideas on how to get rid of it?)

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/6/2005
Time: 2:04:52 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN
Description:
Windows saved user MAIN\[my username]registry while an application or
service was still using the registry during log off. The memory used by the
user's registry has not been freed. The registry will be unloaded when it is
no longer in use.

This is often caused by services running as a user account, try configuring
the services to run in either the LocalService or NetworkService account.

 

[Bertie]

Well, there doesn't appear to be any way to turn off active protectio
(or at
least the anti-virus part of it) in Pest Patrol. So, I enabled it and
of
course, that didn't remove the problem. Next, I manually edited th
registry,
removing any subkey where AV_DVP appeared. This finally made all th
error
and warning messages disappear from the logs -- except the followin
one.
(Any ideas on how to get rid of it?)

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/6/2005
Time: 2:04:52 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN
Description:
Windows saved user MAIN\[my username]registry while an application or
service was still using the registry during log off. The memory used b
the
user's registry has not been freed. The registry will be unloaded whe
it is
no longer in use.

This is often caused by services running as a user account, tr
configuring
the services to run in either the LocalService or NetworkServic
account.

Try UPHClean http://tinyurl.com/4aq4

 

[Wesley Vogel]

If you see a lot of Userenv/1517, Userenv/1524 or Userenv/1500 errors in the
Event Viewer, download and install the User Profile Hive Cleanup Service.

This decreased my shutdown time a bunch. Takes any where from 10 to 20
seconds to shutdown.

Download details: User Profile Hive Cleanup Service
http://www.microsoft.com/downloads/...6d-8912-4e18-b570-42470e2f3582&displaylang=en

UPHClean v1.5e readme.txt
http://download.microsoft.com/download/a/8/7/a87b3d05-cd04-4743-a23b-b16645e075ac/readme.txt

Troubleshooting profile unload issues
http://support.microsoft.com/default.aspx?scid=kb;en-us;837115


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Well, that certainly did make the error log entries go away. I can't tell if
it actually speeds startup or shudown though. The first screen I see when I
close Windows goes by a lot faster, but the final one seems to stick around a
bit longer than it used to. When I start up, the tray icons appear almost
instantaneously now. But it takes a while for my tablet driver to load, and
once it does, there is still quite a lag after I click on anything (i.e.
start Outlook, open explorer, etc.)

 

[Guest]

Well, I checked my laptop because I had tried (and removed) Aluria Spyware
Eliminator from it as well and I found a logged error message saying that
Windows is attempting to start an Aluria service each time I boot up. I
searched for (and deleted) every registry key containing the word "Aluria".
But Windows won't let me remove the one that is causing the error. It's
LEGACY_ALURIAFILTER.

Even if I boot to safe mode, it displays a dialog stating that this key
cannot be removed -- even though the file it references is long gone and
Windows is unable to start it as a service. I tried a couple of registry
cleaners, HiJackThis, etc. and none of them see this key.

I was also getting the User Profile error, so I loade User Profile Hive
Cleanup Service and now those no longer appear (though it seems Windows is
taking considerably longer to load). It didn't help with removing the aluria
registry key, though.

 

[Wesley Vogel]

Try this...
Reset the registry permissions
As soon as you have found the registry subkey that has the incorrect
permissions, update the permissions for that subkey.

To update the permissions of the registry subkey, follow these steps:
a. Click Start, click Run, type regedit and then click OK to start
Registry Editor.
b. Locate and right-click the registry subkey:
and then click Permissions.
c. Under Group or user names, click Administrators.
d. Under Permissions for Administrators, make sure that the Allow check box
for the following entries is selected:
• Full Control
• Read
e. Click Apply and then click OK.
f. On the File menu, click Exit to quit Registry Editor.

Open the Registry Editor again and see if you can delete the key now.

If not, try this...
Start | Run | Type: regedit | OK |
Navigate to >>>
the said key
Right click the key in the left hand pane | Permissions... | Advanced
button | Owner tab | click the new owner and then click OK.

[[You can take ownership of a registry key if you are logged on as an
administrator or if you have been specifically assigned the permission to
take ownership of the registry key by the current owner. ]]

To assign permissions to a registry key
http://www.microsoft.com/resources/...xp/all/proddocs/en-us/regedit_permit_key.mspx

To assign special access to a registry key
http://www.microsoft.com/resources/...ll/proddocs/en-us/regedit_assign_specacc.mspx

To grant Full Control of a registry key
http://www.microsoft.com/resources/.../xp/all/proddocs/en-us/regedit_yield_own.mspx

To add users or groups to the audit list
http://www.microsoft.com/resources/...proddocs/en-us/regedit_audit_key_adduser.mspx

To add users or groups to the Permissions list
http://www.microsoft.com/resources/...roddocs/en-us/regedit_permit_key_adduser.mspx

To remove a user or group from the Permissions list
http://www.microsoft.com/resources/...proddocs/en-us/regedit_permit_key_remove.mspx

To take ownership of a registry key
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In