DCOM service not unloading at shutdown/logoff

By mtbiker ·
On a Windows XP Home PC, noticed after a Nvidia driver upgrade that was getting Event 1517 in Event log for application when shutting down or logging off. Event 1517 is "Windows saved user ComputerName\UserName registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account." Using UPHCLean installed found it to be related to svchost for DCOMLaunch. PC is clean as far as viruses/spyware and has Blackice as firewall installed & Norton 2007. The video driver installed ok and I can't see how that relates to a DCOM service causing the above message. Noticed it does this to whatever user logs into this PC. Anybody got any ideas how this can be troubleshooted to eliminate this DCOM service from not doing this at shutdown/logoff. Want to keep the DCOM service running during login, but just looking to see what the problem is from it not stopping/unloading from profile at shutdown or logoff. Thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by Jacky Howe In reply to DCOM service not unloadin ...

should have worked.

It looks to me that it may be driver related.

What happens if you roll back the Video Drivers.

Collapse -

Reinstalled driver

by mtbiker In reply to UPHClean

UPHClean did close it ok, but reports that the DCOMLauncher was the culprit. I uninstalled & reinstalled the video driver yesterday, but still UPHClean reports the DCOMLauncher service needed to be closed by it.

Collapse -


by Jacky Howe In reply to Reinstalled driver

I am looking at Services at the moment I found a machine in the shed with the same symptoms as yours. A file compare shows me that some services are disabled. I will work through them and see what i can find. I will explore the next section to.

This is caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Collapse -


by Jacky Howe In reply to Ok

the Alerter Service and emptied out all Temp files and the profile seems OK. It is my son's profile so I will have to wait for him to get home from work to really test it. Here is my cleanup Utility for unwanted files. Save it as a batch file and run it. If you enable delete cookies it will remove them all. Don't use it unless you have no passwords that you want to keep.

:: c:
:: del *.* /s /q

cd \
cd %USERPROFILE%\"Local Settings"\"Temporary Internet Files"
del *.* /s /q
rmdir . /s /q

cd \
del *.* /s /q
goto INIT

@echo off
set cStatflag=0

cd \
cd %TEMP%

del *.* /s /q
rmdir . /s /q

if %cStatflag%==1 goto FINISH

cd \
set cStatflag=1



Collapse -

Thanks--will try some of what you say

by mtbiker In reply to Re-enabled

I may try to the re-enable the alerter & clean up anymore junk I see which I've do often. I may run Microsofts CleanUp service at the One Care site which will also clean up loose ends in the registry. I suspect that it may not be just driver related, but also an update to a service Norton is running which had installed around the sametime I did the driver. Just before that Event message, I was getting long shutdowns already and 2 services from Norton CCSvcHost & CCApp were not closing efficiently with sometimes I'd have to click the End Now when shutting down. Sometimes while on the final Windows blue shutdown screen get windows message of some related memory error with CCSvcHost. Of course, Symantic has nothing in support about it so I may email them on this. This event message will come up on whoever logs in & off so this maybe related with the Norton as it does it on their profiles too. I am soon switching to a newer version of Norton so this may go away hopefully. Microsoft suggested the same as to running service with local or system, but the DCOMLaunch is already running as such. Norton with its built in firewall would depend on that DCOM service too as does Windows Firewall. Microsoft also reports this event message can be due to driver and antivirus programs and also suggests using the UPHClean. I have to say using the UPHClean has shorten the shutdown. Thanks for your suggestions.

Collapse -

Continuing reply to the latest posting

by mtbiker In reply to Thanks--will try some of ...

Unfortunately, this forum didn't allow enough reply space to reply directly to the latest posting. The answer to uninstall/reinstall Norton is kinda yes. I went out and upgraded to Norton Internet Security 2007. I still get the same UPHClean message when logging off. Funny sometimes now when I shutdown, I don't see the message, but always see on reboot everytime. Still not sure 100% if related to Norton's ccsvchost. Would like to know what this cryptic UPHClean log means though.

Collapse -

Try this

by Jacky Howe In reply to Continuing reply to the l ...

at a command prompt.
Tasklist /SVC >svc.txt

Open svc.txt in notepad and look for 1208 it may tell you what Service it is.

Collapse -


by Jacky Howe In reply to DCOM service not unloadin ...

your Application Event Logs what is the information directly below the error.
I was able to narrow mine down to msnmessenger.

Collapse -


by mtbiker In reply to In

UPHClean logs to the event log HKCU with a process# that is for the svchost-DCOMLaunch.

Collapse -


by Jacky Howe In reply to DCOMLaunch

logging with UPHClean. This link explains how to do it. Check REPORT_ONLY to 1 and CALLSTACK_LOG to 1


Related Discussions

Related Forums