Question

  • Creator
    Topic
  • #2225806

    DCOM service not unloading at shutdown/logoff

    Locked

    by mtbiker ·

    On a Windows XP Home PC, noticed after a Nvidia driver upgrade that was getting Event 1517 in Event log for application when shutting down or logging off. Event 1517 is “Windows saved user ComputerName\UserName registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use. This is caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.” Using UPHCLean installed found it to be related to svchost for DCOMLaunch. PC is clean as far as viruses/spyware and has Blackice as firewall installed & Norton 2007. The video driver installed ok and I can’t see how that relates to a DCOM service causing the above message. Noticed it does this to whatever user logs into this PC. Anybody got any ideas how this can be troubleshooted to eliminate this DCOM service from not doing this at shutdown/logoff. Want to keep the DCOM service running during login, but just looking to see what the problem is from it not stopping/unloading from profile at shutdown or logoff. Thanks.

All Answers

  • Author
    Replies
    • #2620174

      Clarifications

      by mtbiker ·

      In reply to DCOM service not unloading at shutdown/logoff

      Clarifications

    • #2620114

      UPHClean

      by rob miners ·

      In reply to DCOM service not unloading at shutdown/logoff

      should have worked.

      It looks to me that it may be driver related.

      What happens if you roll back the Video Drivers.

      • #2619940

        Reinstalled driver

        by mtbiker ·

        In reply to UPHClean

        UPHClean did close it ok, but reports that the DCOMLauncher was the culprit. I uninstalled & reinstalled the video driver yesterday, but still UPHClean reports the DCOMLauncher service needed to be closed by it.

        • #2618655

          Ok

          by rob miners ·

          In reply to Reinstalled driver

          I am looking at Services at the moment I found a machine in the shed with the same symptoms as yours. A file compare shows me that some services are disabled. I will work through them and see what i can find. I will explore the next section to.

          This is caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

        • #2618629

          Re-enabled

          by rob miners ·

          In reply to Ok

          the Alerter Service and emptied out all Temp files and the profile seems OK. It is my son’s profile so I will have to wait for him to get home from work to really test it. Here is my cleanup Utility for unwanted files. Save it as a batch file and run it. If you enable delete cookies it will remove them all. Don’t use it unless you have no passwords that you want to keep.

          ==========================================
          ::COOKIES
          :: c:
          :: cd %USERPROFILE%\COOKIES
          :: del *.* /s /q
          goto USERPROFILE

          :USERPROFILE
          c:
          cd \
          cd %USERPROFILE%\”Local Settings”\”Temporary Internet Files”
          del *.* /s /q
          rmdir . /s /q
          goto PREFETCH

          :PREFETCH
          cd \
          cd %WINDIR%\PREFETCH
          del *.* /s /q
          goto INIT

          :INIT

          @echo
          off
          setlocal
          set cStatflag=0
          C:

          :USERTEMP
          cd \
          cd %TEMP%

          :REMOVE
          del *.* /s /q
          rmdir . /s /q

          :CHECK
          if %cStatflag%==1 goto FINISH

          :WINTEMP
          cd \
          cd %WINDIR%\TEMP
          set cStatflag=1
          goto REMOVE

          :FINISH
          endlocal

          ========================================

        • #2617812

          Thanks–will try some of what you say

          by mtbiker ·

          In reply to Re-enabled

          I may try to the re-enable the alerter & clean up anymore junk I see which I’ve do often. I may run Microsofts CleanUp service at the One Care site which will also clean up loose ends in the registry. I suspect that it may not be just driver related, but also an update to a service Norton is running which had installed around the sametime I did the driver. Just before that Event message, I was getting long shutdowns already and 2 services from Norton CCSvcHost & CCApp were not closing efficiently with sometimes I’d have to click the End Now when shutting down. Sometimes while on the final Windows blue shutdown screen get windows message of some related memory error with CCSvcHost. Of course, Symantic has nothing in support about it so I may email them on this. This event message will come up on whoever logs in & off so this maybe related with the Norton as it does it on their profiles too. I am soon switching to a newer version of Norton so this may go away hopefully. Microsoft suggested the same as to running service with local or system, but the DCOMLaunch is already running as such. Norton with its built in firewall would depend on that DCOM service too as does Windows Firewall. Microsoft also reports this event message can be due to driver and antivirus programs and also suggests using the UPHClean. I have to say using the UPHClean has shorten the shutdown. Thanks for your suggestions.

        • #2611971

          Continuing reply to the latest posting

          by mtbiker ·

          In reply to Thanks–will try some of what you say

          Unfortunately, this forum didn’t allow enough reply space to reply directly to the latest posting. The answer to uninstall/reinstall Norton is kinda yes. I went out and upgraded to Norton Internet Security 2007. I still get the same UPHClean message when logging off. Funny sometimes now when I shutdown, I don’t see the message, but always see on reboot everytime. Still not sure 100% if related to Norton’s ccsvchost. Would like to know what this cryptic UPHClean log means though.

        • #2616196

          Try this

          by rob miners ·

          In reply to Continuing reply to the latest posting

          at a command prompt.
          Tasklist /SVC >svc.txt

          Open svc.txt in notepad and look for 1208 it may tell you what Service it is.

    • #2618589

      In

      by rob miners ·

      In reply to DCOM service not unloading at shutdown/logoff

      your Application Event Logs what is the information directly below the error.
      I was able to narrow mine down to msnmessenger.

      • #2617385

        DCOMLaunch

        by mtbiker ·

        In reply to In

        UPHClean logs to the event log HKCU with a process# that is for the svchost-DCOMLaunch.

        • #2618385

          Try

          by rob miners ·

          In reply to DCOMLaunch

          logging with UPHClean. This link explains how to do it. Check REPORT_ONLY to 1 and CALLSTACK_LOG to 1

          http://www.aloaha.com/download/uphclean-readme.txt

        • #2628027

          The log from UPHClean

          by mtbiker ·

          In reply to Try

          Here’s what UPH reported:

          svchost.exe (1208)
          HKCU (0x208)
          0x77e3b4b7 ADVAPI32!
          0x77e072b1 ADVAPI32!IsTextUnicode+0x9cb4
          0x77dd6b20 ADVAPI32!RegOpenKeyExW+0xa8
          0x77dd773e ADVAPI32!RegOpenKeyW+0x2f
          0x77ddb2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
          0x77ddb296 ADVAPI32!SaferComputeTokenFromLevel+0x541
          0x77dd9e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
          0x7c819983 kernel32!BasepCheckWinSaferRestrictions+0x17e
          0x7c819054 kernel32!GetNlsSectionName+0x10d7
          0x77df7838 ADVAPI32!CreateProcessAsUserW+0xc3
          0x76a93acd rpcss!

          0x76a93849 rpcss!

          0x77e79dc9 RPCRT4!CheckVerificationTrailer+0x75
          0x77ef321a RPCRT4!NdrStubCall2+0x215
          0x77ef36ee RPCRT4!NdrServerCall2+0x19
          0x77e7988c RPCRT4!NdrGetTypeFlags+0x1c9
          0x77e797f1 RPCRT4!NdrGetTypeFlags+0x12e
          0x77e7971d RPCRT4!NdrGetTypeFlags+0x5a
          0x77e7bd0d RPCRT4!NdrConformantArrayFree+0x42e
          0x77e7bb6a RPCRT4!NdrConformantArrayFree+0x28b
          0x77e76784 RPCRT4!I_RpcBCacheFree+0x14c
          0x77e76c22 RPCRT4!I_RpcBCacheFree+0x5ea
          0x77e76a3b RPCRT4!I_RpcBCacheFree+0x403
          0x77e76c0a RPCRT4!I_RpcBCacheFree+0x5d2
          0x7c80b683 kernel32!GetModuleFileNameA+0x1b4

          Pretty cryptic but I did some searching on this and appears to be a common problem at logoff. I suspect due to ccSvcHost from Norton 2007 which throws an error at the very end of shutting down.

        • #2613537

          I found this

          by rob miners ·

          In reply to The log from UPHClean

          Thanks for the response! I found out that the Norton Internet Security 2007
          was the problem so I uninstalled, re-installed, updated it through live
          update and did a full-scan of my computer 2 days ago. The error message is
          gone.

        • #2612607

          Were you getting the same errors?

          by mtbiker ·

          In reply to I found this

          Did you have then the similar problem I’m experiencing with the ccsvhost not shutting down properly and UPHClean reporting svchost-DCOMLaunch causing the user profile hive problem?

        • #2612397

          Similar

          by rob miners ·

          In reply to Were you getting the same errors?

          as I said mine was to do with Messenger. It was effecting DCOMLaunch. I won’t use Norton Antivirus either. Did you try uninstalling Norton and reinstalling?

Viewing 2 reply threads