UPHClean won't log

May 2, 2009 at 16:59:05
Specs: win xp SP2, 512Mb ram
I installed UPHClean a few days ago because of event error 1517 and slow shutdown. I no longer receive the error but shutdown is still slow. UPH showed svchost.exe as the offender, but I can't pin it down to the exact service. I tried to set logging for UPH, but it wouldn't work, kept showing that log was not enabled. I also tried sysinternals and could see each instance of svchost.exe and what services it runs, but I'd like to find the specific service causing the problem. Anything else I could try, relatively simple?

Thanks


See More: UPHClean wont log

Report •


#1
May 2, 2009 at 17:56:28
Check the location of all svchost.exe files.

The svchost.exe file is located in the c:\windows\System32 folder. In other cases, svchost.exe is a virus, spyware, trojan or worm!


Report •

#2
May 3, 2009 at 06:45:01
Nope, not a virus. Still trying to figure out why I can't get uphclean to log.

Thanks


Report •

#3
May 3, 2009 at 16:54:11
Just googled & skimmed through the read me using the keyword > log in search, shall leave the detail reading up to you.

Here are a few items that may help.

uphclean log
http://www.google.com.au/search?hl=...
http://tinyurl.com/dc2d96

This is necessary to find out what software is
responsible for the hive handle in processes used for many purposes (e.g.
svchost.exe, dllhost.exe, winmgmt.exe). To enable call stack logging use the
registry editor to set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\CALLSTACK_LOG to 1.

Logging the call stack is computationally and memory intensive. You should use
this option to collect information and then turn it off. To get more accurate
call stack logging it may be necessary to get symbols installed on the
computer. You can read about getting symbols at:

http://www.microsoft.com/whdc/ddk/d...

Here are 2 Event programs that may help.

Event Log Explorer
http://www.softpedia.com/get/System...
http://www.eventlogxp.com/
http://www.eventlogxp.com/download/...

MyEventViewer
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.nirsoft.net/utils/my_eve...


Report •

Related Solutions

#4
May 3, 2009 at 17:01:58
With svchost, forgot to mention, they get into your comp by changing the spelling, example > Scvhost.

A search of C drive, using the keyword > host, will find any variations of svchost.


Report •

#5
May 3, 2009 at 17:43:22
Just had another quick look at the google page, there is an updated version of UPHClean from the author.
UPHClean and other profile ramblings
http://blogs.technet.com/uphclean/a...
http://blogs.technet.com/uphclean/p...

Also, I do this for shutdown.

Windows has a feature that will automatically close those "non-responsive" program files that you typically have to intervene with (CTRL + ALT + DELETE style) Close apps automatically & quickly at shutdown.
Go to Start -> Run, copy & paste -> regedt32 or regedit and find/select HKEY_CURRENT_USER\Control Panel\Desktop. Change the AutoEndTasks key from "0" to "1." Close Regedit & Reboot.
Demystifying the Windows Registry
http://www.bleepingcomputer.com/for...
Don't Fear the Registry
http://hacks.oreilly.com/pub/h/658


Report •

#6
May 4, 2009 at 10:20:49
I tried several times to get UPHclean to log the call stack per instructions. All I get is "call stack data collection not enabled for this process".

Anyway, I uninstalled UPH and started getting the event error 1517 again. I'll try the beta version of UPHclean, one of the event viewers or the windows feature for shutdown possibly later today or tomorrow. Thanks for the suggestions.


Report •

#7
May 4, 2009 at 12:07:00
I speeded up shutdown like this (as well as using uphclean):

If you are happy in the registry go to each of the following six locations:

HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_USERS\.DEFAULT\Control Panel\Desktop
HKEY_USERS\S-1-5-18\Control Panel\Desktop
HKEY_USERS\S-1-5-19\Control Panel\Desktop
HKEY_USERS\S-1-5-20\Control Panel\Desktop
HKEY_USERS\S-1-5-21-602162358-1336601894-725345543-1005\Control Panel\Desktop

Set the value of "AutoEndTasks" to 1
Set the value of "HungAppTimeout" to 5000
Set the value of "WaitToKillAppTimeout" to 3500

(some might already be set as given).

Apologies if this repeats what anyone else has linked to - I haven't checked.

some other bloke...


Report •

#8
May 4, 2009 at 16:08:25
call stack data collection not enabled for this process

http://www.google.com.au/search?hl=...


Report •

#9
May 8, 2009 at 16:11:23
Just an update. Finally got uphclean to log and it showed the following:

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1401
Date: 5/7/2009
Time: 5:32:28 PM
User: xxxxxxx-DC558EF\xxxxx
Computer: xxxxxxx-DC558EF
Description:
The following handles in user profile hive xxxxxxx-DC558EF\xxxxx (S-1-5-21-854245398-1677128483-1801674531-1004) have been remapped because they were preventing the profile from unloading successfully:

svchost.exe (876)
HKCU (0xc8)
0x77e3b52f ADVAPI32!<no symbol>
0x77e0734a ADVAPI32!AbortSystemShutdownW+0x9f3f
0x77dd6b37 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd7955 ADVAPI32!RegOpenKeyW+0x2f
0x77ddb1ac ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x587
0x77ddb166 ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x541
0x77dd9d6e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819993 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c819068 kernel32!GetNlsSectionName+0x10db
0x77df6348 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a938b3 rpcss!<no symbol>
0x76a9371c rpcss!<no symbol>
0x77e799dc RPCRT4!CheckVerificationTrailer+0x70
0x77ef321a RPCRT4!NdrStubCall2+0x215
0x77ef36ee RPCRT4!NdrServerCall2+0x19
0x77e794a5 RPCRT4!NdrGetTypeFlags+0x1c9
0x77e7940a RPCRT4!NdrGetTypeFlags+0x12e
0x77e79336 RPCRT4!NdrGetTypeFlags+0x5a
0x77e7be3c RPCRT4!NdrConformantArrayFree+0x46e
0x77e7bc99 RPCRT4!NdrConformantArrayFree+0x2cb
0x77e7bbdd RPCRT4!NdrConformantArrayFree+0x20f
0x77e76c9f RPCRT4!I_RpcBCacheFree+0x61c
0x77e76ac1 RPCRT4!I_RpcBCacheFree+0x43e
0x77e76c87 RPCRT4!I_RpcBCacheFree+0x604
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...

To say the least it's all greek to me. Uphclean is still installed and no furthers errors showing, so I'll leave it as for a while. Thanks for all the suggestions.


Report •

#10
May 10, 2009 at 15:48:35
At a glance it looks like uphclean is just doing its normal stuff so don't worry too much about the log.

Glad you hear the errors have gone and thx for popping back to let us know.

some other bloke...


Report •


Ask Question