Re: Would Like LOG file to Record Shutdown

Hi Wes, I was just checking to see if you had commented on my Reply and I
don't see my Reply. I wonder what I did or what happened to it. It was so
lengthy too and now I don't recall all I told u. Nevertheless, I did enact
all these great suggestions and I do think it knocked off maybe 10 secs max
from the delayed shutdown but it still takes 1-1/2 mins to complete. Meaning
Wes, ya gotta keep thinking! Please!!
Under Event Viewer\Application I don't see any Warnings nor Errors.
Something strange today though, I got 300 yes 300 entries for HHCTRL All
Event 1904 User N/A.

Also there's a regular pattern of the FIRST 4 entries being UPHClean having
to perform in leiu of the actual program closing itself. I'll copy them as
they appear, first to last.

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1412
Date: 7/8/2006
Time: 5:31:05 PM
User: SHARK\Owner
Computer: SHARK
Description:
Setup for handle remapping for process explorer.exe (644) failed. Reverting
to closing handle.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

#2
Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1201
Date: 7/8/2006
Time: 5:31:05 PM
User: SHARK\Owner
Computer: SHARK
Description:
The following handles in user profile hive SHARK\Owner
(S-1-5-21-1060284298-823518204-725345543-1003) have been closed because they
were preventing the profile from unloading successfully:

explorer.exe (644)
HKCU (0x5c)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings (0x64)
HKCU\Software\Classes (0x74)
HKCU\Control Panel\MMCPL (0x90)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer (0xa4)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer (0xb4)
HKCU\Software\Classes (0xc4)
HKCU\Software\Classes (0x138)
HKCU\Software\Classes (0x148)
HKCU\Software\Microsoft\Plus!\Themes\Apply (0x154)
HKCU\Software\Classes (0x160)
HKCU\Software\Classes (0x16c)
HKCU\Software\Classes (0x178)
HKCU\Software\Classes (0x1a0)
HKCU\Software\Classes (0x1ac)
HKCU\Software\Classes (0x1e0)
HKCU\Software\Microsoft\Windows\ShellNoRoam (0x1ec)
HKCU\Software\Classes (0x22c)
HKCU\Software\Classes (0x230)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts (0x234)
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache (0x238)
HKCU\Software\Classes (0x244)
HKCU\Software\Classes (0x24c)
HKCU\Software\Classes (0x258)
HKCU\Software\Microsoft\Windows\Shell (0x25c)
HKCU\Software\Classes (0x260)
HKCU\Software\Classes (0x268)
HKCU\Software\Classes (0x26c)
HKCU\Software\Classes (0x288)
HKCU\Software\Classes (0x28c)
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
(0x294)
HKCU\Software\Classes (0x298)
HKCU\Software\Classes (0x2a8)
HKCU\Software\Classes (0x2b8)
HKCU\Software\Classes (0x2cc)
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
(0x2d8)
HKCU\Software\Classes (0x2e0)

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count (0x308)

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count (0x310)
HKCU\Software\Classes (0x328)
HKCU\Software\Classes (0x3c0)
HKCU\Software\NVIDIA Corporation\Global\nView\Tweak (0x3c4)
HKCU\Software\Classes (0x3d8)
HKCU\Software\Classes (0x3e0)
HKCU\Software\Classes (0x3e4)
HKCU\Software\Classes (0x3f4)
HKCU\Software\Classes (0x3f8)
HKCU\Software\Classes (0x450)
HKCU\Software\Classes (0x49c)
HKCU\Software\Classes (0x4a4)
HKCU\Software\Classes (0x4b4)
HKCU\Software\Classes (0x4c8)
HKCU\Software\Classes (0x4e4)
HKCU\Software\Classes (0x52c)
HKCU\Software\Classes (0x534)
HKCU\Software\Classes (0x540)
HKCU\Software\Classes (0x55c)
HKCU\Software\Classes (0x564)
HKCU\Software\Classes (0x56c)
HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop (0x590)
HKCU\Software\Classes (0x598)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket (0x59c)
HKCU\Software\Classes (0x5bc)
HKCU\Software\Classes (0x5d0)
HKCU\Software\Classes (0x5fc)
HKCU\Software\Classes (0x664)
HKCU\Software\Classes (0x66c)
HKCU\Software\Classes (0x69c)
HKCU\Software\Classes (0x7c4)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c (0x7e0)
HKCU\Software\Classes (0x7f0)
HKCU\Software\Classes (0x824)
HKCU\Software\Classes (0x82c)
HKCU\Software\Classes (0x83c)
HKCU\Software\Classes (0x844)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\e (0x864)
HKCU\Software\Classes (0x874)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\d (0x88c)
HKCU\Software\Classes (0x89c)
HKCU\Software\Classes (0x8a4)
HKCU\Software\Classes (0x8ac)
HKCU\Software\Classes (0x8b4)
HKCU\Software\Classes (0x8c0)
HKCU\Software\Classes (0x8cc)
HKCU\Software\Classes (0x8d0)
HKCU\Software\Classes (0x8d8)
HKCU\Software\Classes (0x8dc)
HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop (0x8f0)
HKCU\Software\Classes (0x970)
HKCU\Software\Classes (0x974)
HKCU\Software\Classes (0x980)


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

#3

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1401
Date: 7/8/2006
Time: 5:31:05 PM
User: SHARK\Owner
Computer: SHARK
Description:
The following handles in user profile hive SHARK\Owner
(S-1-5-21-1060284298-823518204-725345543-1003) have been remapped because
they were preventing the profile from unloading successfully:

svchost.exe (1224)
HKCU (0x238)


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

#4
Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1010
Date: 7/8/2006
Time: 5:31:06 PM
User: N/A
Computer: SHARK
Description:
User profile hive cleanup service stopped successfully.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Under System, I don't get any Errors or Warnings other than 3 IMAPI
Warnings.
My Gosh this is so lengthy! Maybe this too won't reach the Forum. Sorry
about this if I've posted something that's unacceptable. ... Edna.


"Wesley Vogel" wrote:

Edna,

The IMAPI CD-Burning COM Service is for burning CDs. Set it to Disabled or
Manual. If you have 3rd party burning software disable it. Or if using
XP's CD burning capability, disable it unless actually burning a CD.

IMAPI (Image Mastering Applications Programming Interface)

SysmonLog is related to the Alerter and Performance Logs and Alerts
services. I have both Disabled.

Alerter
The Alerter service notifies users of administrative alerts on a network.
This service usually is not required under normal circumstances.
http://web.archive.org/web/20041128020314/www.blackviper.com/WinXP/service411.htm

Alerter
Recommended State Disabled : if you don't need to alert users about system
events over the network.
http://smallvoid.com/tweak/winnt/service/abc.html#ALERTER

Performance Logs and Alerts
Collects performance data from local or remote computers based on
preconfigured schedule parameters, then writes the data to a log or triggers
an alert. If this service is stopped, performance information will not be
collected. If this service is disabled, any services that explicitly depend
on it will fail to start.

Another way to monitor system performance. If the box and network stats
interest you, set this to Manual. If ignorance is bliss, Disabled is the way
to go.
http://www.theeldergeek.com/performance_logs_and_alerts.htm

Performance Logs and Alerts
Collect performance data on a schedule and send the information to a log or
trigger an alert. This may be a super geek tool, but I feel that the
overhead associated with it is not worth the benefit. You decide.
http://web.archive.org/web/20041128020314/www.blackviper.com/WinXP/service411.htm

Have a look at AutoEndTasks

Automatically Ending Hung Applications
http://www.winguides.com/registry/display.php/199/

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:EF75577A-3645-478C-B624-CB34A43DFE3A@xxxxxxxxxxxxx,
Edna <Edna@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
Hi Wes, This sounded like such a good idea but .. it's already set on 0
Darn it!

Do u know why I'm getting a nbr of Event Viewer\System\IMAPI Warnings.
Last time it was 16.

Also which might give u a clue is a new Warning in Application:
Event Type: Warning
Event Source: SysmonLog
Event Category: None
Event ID: 2006
Date: 7/1/2006
Time: 6:02:41 AM
User: N/A
Computer: SHARK
Description:
Unable to read the Log File Folder value of the System Overview log or
alert configuration. The default value will be used. The error code
returned is in the data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 02 00 00 00 ....

Geez these kind of aggravations are so time consuming - it could be any
file causing this slow shutdown. I'm plain out of ideas. Whatever it is
it's caused Acronis True Image to seize up for 40 mins before it starts.
I wonder if it could be a setting in Services?

Thx for your Help Wes but keep digging. There must be a solution in your
bag of Fixes.
How about a log file for Shutdown .. is there such a thing? ... Edna


"Wesley Vogel" wrote:

Hi Edna,

Check to see if Clear Page File At Shutdown is set to 1.

If ClearPageFileAtShutdown is set to 1, shutdown takes a *long* time.

Check this registry key...
Start | Run | Type: regedit | Click OK |
Navigate to...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\Memory Management
Value Name: ClearPageFileAtShutdown
Data Type: REG_DWORD
Value Data: Set to 0

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:06908AF4-D0EE-4AE2-8750-4293FFC8CEBE@xxxxxxxxxxxxx,
Edna <Edna@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
Hi Wesley, CTFMON.exe is gone Thx to those instructions u sent.
Unfortunately the Hang remains. Thx VM

"Edna" wrote:

Hi Wesley, Thx for these references. I hope to get to them tomorrow. I
read on a MVP site that this CTFMON could cause a hang problem. From
my limited reading on it, I don't think I use that program - can u
think of any reason NOT to delete it? I use Outlook all the time but
rarely use Word maybe twice a week.

As to UPHCLEAN I see I have it appearing more often 4 and 5 times with
each boot.

This is another red flag I get although last time 26Jun06.
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 6/26/2006
Time: 8:13:54 AM
User: N/A
Computer: SHARK
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msxml3.dll, version 8.50.2162.0, fault address 0x000304ba.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 6d 73 78 6d 6c in msxml
0038: 33 2e 64 6c 6c 20 38 2e 3.dll 8.
0040: 35 30 2e 32 31 36 32 2e 50.2162.
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 33 set 0003
0058: 30 34 62 61 0d 0a 04ba..

This slow shutdown started 14Jun but I couldn't find anything I did
that was out of the ordinary to have caused it. Definitely no
downloads and nothing showing in Event Viewer to give me a clue other
than this IMAPI Yellow warning. What is causing this and can it be
"fixed"?
Thx for your informative reply.

"Wesley Vogel" wrote:

Moved CTFMON.exe to Non Start - wud like to know how to Disable this
program.

ctfmon.exe = CTF Loader. Part of Microsoft Office. It activates
the Alternative User Input Text Input Processor (TIP) and the
Microsoft Office XP Language Bar.

When you run a Microsoft Office XP program, the file Ctfmon.exe
(Ctfmon) runs in the background, even after you quit all Office
programs.

Ctfmon.exe monitors the active windows and provides text input service
support for speech recognition, handwriting recognition, keyboard,
translation, and other alternative user input technologies.

Can I Remove the Ctfmon.exe File?
http://support.microsoft.com/?kbid=282599#E0LB0ACAAA

Frequently asked questions about Ctfmon.exe
http://support.microsoft.com/kb/282599

HOW TO: Turn Off the Speech Recognition and Handwriting Recognition
Features in Office 2003
http://support.microsoft.com/kb/823586

HOW TO: Turn Off the Speech Recognition and Handwriting Recognition
Features in Office XP
http://support.microsoft.com/kb/326526

ctfmon.exe: This is your "Language Bar." Don't know what it is? I bet
you do not need it. Head to Control Panel -> Regional and Language
Options -> Languages TAB -> Details BUTTON -> Language Bar BUTTON
(under "Preferences") -> select the "Turn off advanced text services"
check box. This little detail will save you between 1.5 MB and 4 MB
of RAM. If you are using a "non-US" version, you may be required to
install the English localization to remove this "feature."


http://web.archive.org/web/20041125021602/www.blackviper.com/WinXP/strangeservice.htm

UPHCLEAN.EXE installed and set to Automatic in Services.

I was going to suggest that you get UPHCLEAN.EXE until I read that.

Rad this to make sure that you have UPHClean set up correctly. There
should be two UPHClean events in the Event Viewer every time you
reboot.

UPHClean v1.6d readme.txt


http://download.microsoft.com/download/a/8/7/a87b3d05-cd04-4743-a23b-b16645e075ac/readme.txt


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:17CEBB91-A6E4-4F95-8196-C1C04E2F154E@xxxxxxxxxxxxx,
Edna <Edna@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
WXP Pro SP2 Plus all W Security Updates, Norton AV 2006, Office 2003
Nothing installed recently.
Would someone pls advise how to generate a Log of my Computer's
Shutdown. I'm experiencing 2-3 Min Shutdowns. The Icons disappear
and the Desktop Picture hangs for 2 mins then quickly proceeds
through Saved Settings and W Shutting down screens. I've been on
this for 3 days.

Deleted some programs & Acrobat Reader (since reinstalled),
PowerToys, Defragged, Cleaned Registry using JV PwrTools &
WRepairPro numerous times next to nothing appears now. Temp, TIF,
Cookies, History,MRU, cleared nightly using EasyClean. Ad Aware,
Spyware Blaster run nightly, Coolswitch Disabled.
Moved CTFMON.exe to Non Start - wud like to know how to Disable this
program.

One User. No Passwords. No Remote usage. No Network. DSL and
Linksys Wireless Router but haven't connected it to my Laptop yet
until I find this problem and buy a 5.8 Cordless ph.

UPHCLEAN.EXE installed and set to Automatic in Services.
Event Viewer\Application - no Warnings, etc., perfect.
System has 3 IMAPI Event 54 Warnings that appears consistently.
IMAPI Service set to Automatic. Rarely any other Yellow or Red
marks.

Event Type: Warning
Event Source: Imapi
Event Category: None
Event ID: 54
Date: 6/29/2006
Time: 10:00:38 PM
User: N/A
Computer: SHARK
Description:
The description for Event ID ( 54 ) in Source ( Imapi ) cannot be
found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve
this description; see Help and Support for details. The following
information is part of the event: . Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 36 00 04 80 ....6..€
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Any suggestions to correct my shutdowns and how to Disable CTFMON.exe
in case this is the program that's causing the Hang, would be greatly
appreciated. ... Thx Edna.


.