[animestan]

Hi, my computer keeps freezing when I shut it down, specifically at the screen where it displays "Saving Your Settings"

The error report from this are as follows
Event ID : 1524

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.


I searched for solutions to this and one of the common ones were downloading and using UPH Clean. I have version 1.6 and enabled the logs for it. I check the logs and it starts up successfully at every start up but sometimes when I shut down, my computer still freezes at "Saving Your Settings" (forcing me to use the reset button or hold down the power button)

I have the most recent logs from UPH clean
Event ID: 1501

The following handles opened in user profile hive ADMIN-9F1868CAD\Administrator (S-1-5-21-1606980848-2111687655-725345543-500) are preventing the profile from unloading:

System (4)
HKCU\Software\Microsoft\MSNMessenger\PerPassportSettings\1956250368 (0x50)

svchost.exe (1640)
HKCU (0x37c)
call stack data collection not enabled for this process


What are these logs telling me and what should I do?

Thanks

Quick update, my second log
Even ID: 1501

The following handles opened in user profile hive ADMIN-9F1868CAD\Administrator (S-1-5-21-1606980848-2111687655-725345543-500) are preventing the profile from unloading:

svchost.exe (1704)
HKCU (0x368)
0x77e3b52f ADVAPI32!<no symbol>
0x77e0734a ADVAPI32!AbortSystemShutdownW+0x9f3f
0x77dd6b37 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd7955 ADVAPI32!RegOpenKeyW+0x2f
0x77ddb1ac ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x587
0x77ddb166 ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x541
0x77dd9d6e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819993 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c819068 kernel32!GetNlsSectionName+0x10db
0x77df6348 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a938b3 rpcss!<no symbol>
0x76a9371c rpcss!<no symbol>
0x77e7a1ac RPCRT4!CheckVerificationTrailer+0x70
0x77ef421a RPCRT4!NdrStubCall2+0x215
0x77ef46ee RPCRT4!NdrServerCall2+0x19
0x77e79c75 RPCRT4!NdrGetTypeFlags+0x1c9
0x77e79bda RPCRT4!NdrGetTypeFlags+0x12e
0x77e79b06 RPCRT4!NdrGetTypeFlags+0x5a
0x77e7c008 RPCRT4!NdrConformantArrayFree+0x42e
0x77e7be65 RPCRT4!NdrConformantArrayFree+0x28b
0x77e76794 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c2b RPCRT4!I_RpcBCacheFree+0x5e3
0x77e76a4d RPCRT4!I_RpcBCacheFree+0x405
0x77e76c13 RPCRT4!I_RpcBCacheFree+0x5cb
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba

MsMpEng.exe (1980)
HKCU\Software\Classes (0x5f8)
0x77e3b52f ADVAPI32!<no symbol>
0x77e088f7 ADVAPI32!AbortSystemShutdownW+0xb4ec
0x77dd6b75 ADVAPI32!RegOpenKeyExW+0xe6
0x07b96ec2 mpengine!<no symbol>
0x07b9748b mpengine!<no symbol>
0x07b977eb mpengine!<no symbol>
0x07b97b36 mpengine!<no symbol>
0x07b8c8c2 mpengine!<no symbol>
0x07c86765 mpengine!<no symbol>
0x07a7c7fa mpengine!<no symbol>
0x07a6bfbb mpengine!<no symbol>
0x07a6aeb6 mpengine!<no symbol>
0x07a5b9c6 mpengine!<no symbol>
0x07a5bd6d mpengine!<no symbol>
0x07a5be0e mpengine!_rsignal+0x2e
0x5c80b023 MpSvc!<no symbol>
0x5c811fd7 MpSvc!<no symbol>
0x5c80df30 MpSvc!<no symbol>
0x5b816060 MpClient!<no symbol>
0x7c9270a9 ntdll!RtlQueueWorkItem+0x239
0x7c934b79 ntdll!RtlUpdateTimer+0x19c
0x7c926cd9 ntdll!RtlUpcaseUnicodeString+0x159
0x7c926d1b ntdll!RtlUpcaseUnicodeString+0x19b
0x7c926ddd ntdll!RtlUpcaseUnicodeString+0x25d
0x7c926db4 ntdll!RtlUpcaseUnicodeString+0x234
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba
HKCU (0x658)
0x77e3b52f ADVAPI32!<no symbol>
0x77e088f7 ADVAPI32!AbortSystemShutdownW+0xb4ec
0x77dd6b75 ADVAPI32!RegOpenKeyExW+0xe6
0x07b96ec2 mpengine!<no symbol>
0x07b97a3c mpengine!<no symbol>
0x07b8c8c2 mpengine!<no symbol>
0x07c86765 mpengine!<no symbol>
0x07a7c7fa mpengine!<no symbol>
0x07a6bfbb mpengine!<no symbol>
0x07a6aeb6 mpengine!<no symbol>
0x07a5b9c6 mpengine!<no symbol>
0x07a5bd6d mpengine!<no symbol>
0x07a5be0e mpengine!_rsignal+0x2e
0x5c80b023 MpSvc!<no symbol>
0x5c811fd7 MpSvc!<no symbol>
0x5c80df30 MpSvc!<no symbol>
0x5b816060 MpClient!<no symbol>
0x7c9270a9 ntdll!RtlQueueWorkItem+0x239
0x7c934b79 ntdll!RtlUpdateTimer+0x19c
0x7c926cd9 ntdll!RtlUpcaseUnicodeString+0x159
0x7c926d1b ntdll!RtlUpcaseUnicodeString+0x19b
0x7c926ddd ntdll!RtlUpcaseUnicodeString+0x25d
0x7c926db4 ntdll!RtlUpcaseUnicodeString+0x234
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba

[abcdjzmcbt]

It sounds like a process or service is holding up your system. I would use MSCONFIG to disable all services (hide all Microsoft services) and disable all startups. See if the issue persists. You gotta start somewhere and MSCONFIG is the best place. Let us know the result.

[animestan]

Yep. I just followed your directions and disabled everything (besides microsoft) but when I restarted by computer and then turned it off my pc still hung.


The logs from UPH Clean

THIS IS AFTER THE SERVICES WERE DISABLED

The following handles opened in user profile hive ADMIN-9F1868CAD\Administrator (S-1-5-21-1606980848-2111687655-725345543-500) are preventing the profile from unloading:

svchost.exe (324)
HKCU (0x364)
0x77e3b52f ADVAPI32!<no symbol>
0x77e0734a ADVAPI32!AbortSystemShutdownW+0x9f3f
0x77dd6b37 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd7955 ADVAPI32!RegOpenKeyW+0x2f
0x77ddb1ac ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x587
0x77ddb166 ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x541
0x77dd9d6e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819993 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c819068 kernel32!GetNlsSectionName+0x10db
0x77df6348 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a938b3 rpcss!<no symbol>
0x76a9371c rpcss!<no symbol>
0x77e7a1ac RPCRT4!CheckVerificationTrailer+0x70
0x77ef421a RPCRT4!NdrStubCall2+0x215
0x77ef46ee RPCRT4!NdrServerCall2+0x19
0x77e79c75 RPCRT4!NdrGetTypeFlags+0x1c9
0x77e79bda RPCRT4!NdrGetTypeFlags+0x12e
0x77e79b06 RPCRT4!NdrGetTypeFlags+0x5a
0x77e7c008 RPCRT4!NdrConformantArrayFree+0x42e
0x77e7be65 RPCRT4!NdrConformantArrayFree+0x28b
0x77e76794 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c2b RPCRT4!I_RpcBCacheFree+0x5e3
0x77e76a4d RPCRT4!I_RpcBCacheFree+0x405
0x77e76c13 RPCRT4!I_RpcBCacheFree+0x5cb
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba
svchost.exe (512)
HKCU\Software\Classes (0x4b8)
0x77e3b52f ADVAPI32!<no symbol>
0x77e088f7 ADVAPI32!AbortSystemShutdownW+0xb4ec
0x77dd6b75 ADVAPI32!RegOpenKeyExW+0xe6
0x76a87dc6 rpcss!<no symbol>
0x76a86e16 rpcss!<no symbol>
0x76a8717d rpcss!<no symbol>
0x76a86fb8 rpcss!<no symbol>
0x76a8bf5d rpcss!<no symbol>
0x76a8b246 rpcss!<no symbol>
0x76a90c84 rpcss!<no symbol>
0x77e7a1ac RPCRT4!CheckVerificationTrailer+0x70
0x77ef421a RPCRT4!NdrStubCall2+0x215
0x77ef46ee RPCRT4!NdrServerCall2+0x19
0x77e79c75 RPCRT4!NdrGetTypeFlags+0x1c9
0x77e79bda RPCRT4!NdrGetTypeFlags+0x12e
0x77e79b06 RPCRT4!NdrGetTypeFlags+0x5a
0x77e7c008 RPCRT4!NdrConformantArrayFree+0x42e
0x77e7be65 RPCRT4!NdrConformantArrayFree+0x28b
0x77e76794 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c2b RPCRT4!I_RpcBCacheFree+0x5e3
0x77e76a4d RPCRT4!I_RpcBCacheFree+0x405
0x77e76c13 RPCRT4!I_RpcBCacheFree+0x5cb
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba


THIS IS BEFORE THE SERVICES WERE DISABLED

svchost.exe (528)
HKCU (0x360)
0x77e3b52f ADVAPI32!<no symbol>
0x77e0734a ADVAPI32!AbortSystemShutdownW+0x9f3f
0x77dd6b37 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd7955 ADVAPI32!RegOpenKeyW+0x2f
0x77ddb1ac ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x587
0x77ddb166 ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x541
0x77dd9d6e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819993 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c819068 kernel32!GetNlsSectionName+0x10db
0x77df6348 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a938b3 rpcss!<no symbol>
0x76a9371c rpcss!<no symbol>
0x77e7a1ac RPCRT4!CheckVerificationTrailer+0x70
0x77ef421a RPCRT4!NdrStubCall2+0x215
0x77ef46ee RPCRT4!NdrServerCall2+0x19
0x77e79c75 RPCRT4!NdrGetTypeFlags+0x1c9
0x77e79bda RPCRT4!NdrGetTypeFlags+0x12e
0x77e79b06 RPCRT4!NdrGetTypeFlags+0x5a
0x77e7c008 RPCRT4!NdrConformantArrayFree+0x42e
0x77e7be65 RPCRT4!NdrConformantArrayFree+0x28b
0x77e76794 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c2b RPCRT4!I_RpcBCacheFree+0x5e3
0x77e76a4d RPCRT4!I_RpcBCacheFree+0x405
0x77e76c13 RPCRT4!I_RpcBCacheFree+0x5cb
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba


IT seems to be this svchost.exe thing that is hanging up my pc.

I have also done numerous virus scans





*The MsMpEng.exe , doesn't affect my pc anymore, it was Windows Defender and I disabled that manually.

[abcdjzmcbt]

I would:
a. download hijackthis and post the log and
b. do another restart and get to the part where it hangs, look at your watch and note the time (5:30-5:33 or whatever), then look in your event viewer during that time and see if there are any application errors or system errors, or even messages for that matter.

Also unplug every single device. Mem cards, Flash drives, External anything just unplug it and see if anything changes.

Tell us what you find.

[animestan]

Ya, for the part that haangs , it would just hang and never complete shutdown, I manually hold the power button to shut it down once it reaches that step (I waited for about half an hour) and the logs above are the application errors during those times.

I will post the hijackthis log in a sec

[animestan]

Sry, Is there any specific way you want the hijack this log posted?

[abcdjzmcbt]

Post in the Malware Removal area.

http://forums.techguy.org/54-malware...jackthis-logs/

Just copy and paste it in the new thread and link this old one.

[animestan]

Update: I've disabled the welcome screen option in the User Accounts Option so everything looks classic style. Like when I press ctrl alt delete its a different screen...etc

I can finally shut down, but it takes anywhere from 8-15 mins at the saving your settings part which I think is way too long.
Although I can shut down, in Event Viewer I still get the errors:

1. Log from UPH Clean

The following handles opened in user profile hive ADMIN-9F1868CAD\Administrator (S-1-5-21-1606980848-2111687655-725345543-500) are preventing the profile from unloading:

svchost.exe (2028)
HKCU (0x364)
0x77e3b52f ADVAPI32!<no symbol>
0x77e0734a ADVAPI32!AbortSystemShutdownW+0x9f3f
0x77dd6b37 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd7955 ADVAPI32!RegOpenKeyW+0x2f
0x77ddb1ac ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x587
0x77ddb166 ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x541
0x77dd9d6e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819993 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c819068 kernel32!GetNlsSectionName+0x10db
0x77df6348 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a938b3 rpcss!<no symbol>
0x76a9371c rpcss!<no symbol>
0x77e7a1ac RPCRT4!CheckVerificationTrailer+0x70
0x77ef421a RPCRT4!NdrStubCall2+0x215
0x77ef46ee RPCRT4!NdrServerCall2+0x19
0x77e79c75 RPCRT4!NdrGetTypeFlags+0x1c9
0x77e79bda RPCRT4!NdrGetTypeFlags+0x12e
0x77e79b06 RPCRT4!NdrGetTypeFlags+0x5a
0x77e7c008 RPCRT4!NdrConformantArrayFree+0x42e
0x77e7be65 RPCRT4!NdrConformantArrayFree+0x28b
0x77e76794 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c2b RPCRT4!I_RpcBCacheFree+0x5e3
0x77e76a4d RPCRT4!I_RpcBCacheFree+0x405
0x77e76c13 RPCRT4!I_RpcBCacheFree+0x5cb
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba

2. Log from Userenv

Windows saved user ADMIN-9F1868CAD\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

[animestan]

Update: I've done a MalwareByte Log: Malwarebytes' Anti-Malware 1.38
Database version: 2374
Windows 5.1.2600 Service Pack 2
7/4/2009 9:15:55 PM
mbam-log-2009-07-04 (21-15-55).txt
Scan type: Quick Scan
Objects scanned: 123652
Time elapsed: 13 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

And a HiJack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:13 AM, on 6/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ezihippo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] "C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GBMHome8Agent] "C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.8.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno...t/DyynoCAB.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1222113286328
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99c6174aeff5a) (gupdate1c99c6174aeff5a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 12942 bytes

Log from UPH Clean
The following handles opened in user profile hive ADMIN-9F1868CAD\Administrator (S-1-5-21-1606980848-2111687655-725345543-500) are preventing the profile from unloading:
svchost.exe (2028)
HKCU (0x364)
0x77e3b52f ADVAPI32!<no symbol>
0x77e0734a ADVAPI32!AbortSystemShutdownW+0x9f3f
0x77dd6b37 ADVAPI32!RegOpenKeyExW+0xa8
0x77dd7955 ADVAPI32!RegOpenKeyW+0x2f
0x77ddb1ac ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x587
0x77ddb166 ADVAPI32!ComputeAccessTokenFromCodeAuthzLevel+0x541
0x77dd9d6e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
0x7c819993 kernel32!BasepCheckWinSaferRestrictions+0x17e
0x7c819068 kernel32!GetNlsSectionName+0x10db
0x77df6348 ADVAPI32!CreateProcessAsUserW+0xc3
0x76a938b3 rpcss!<no symbol>
0x76a9371c rpcss!<no symbol>
0x77e7a1ac RPCRT4!CheckVerificationTrailer+0x70
0x77ef421a RPCRT4!NdrStubCall2+0x215
0x77ef46ee RPCRT4!NdrServerCall2+0x19
0x77e79c75 RPCRT4!NdrGetTypeFlags+0x1c9
0x77e79bda RPCRT4!NdrGetTypeFlags+0x12e
0x77e79b06 RPCRT4!NdrGetTypeFlags+0x5a
0x77e7c008 RPCRT4!NdrConformantArrayFree+0x42e
0x77e7be65 RPCRT4!NdrConformantArrayFree+0x28b
0x77e76794 RPCRT4!I_RpcBCacheFree+0x14c
0x77e76c2b RPCRT4!I_RpcBCacheFree+0x5e3
0x77e76a4d RPCRT4!I_RpcBCacheFree+0x405
0x77e76c13 RPCRT4!I_RpcBCacheFree+0x5cb
0x7c80b699 kernel32!GetModuleFileNameA+0x1ba

Does anyone know how I can stop svchost or know whats preventing my log off/shut down?

[abcdjzmcbt]

I finally got something I want you to try. This is going to walk you thru using registry editor to edit the following values.
AutoEndTasks - verified
WaitToKillApp - verified
HangAppTime - verified
WaitToKillServiceTimeout - not verified
Basically we are turning on or shortening these values. I put verified next to the ones I use with a lot of computers and never have issues with. The not verified is the one I have never tried before. I would try the first 3 and then try the not verified one.
Here is the website that walks you thru, it should be easy.

http://www.mydigitallife.info/2008/1...dows-shutdown/

I really hope that fixes it.

[redoak]

Be sure to save a copy of your Registry before "messing with it!" This is true at any time, and is not meant to question the advice given in the previous post.

{redoak}

[abcdjzmcbt]

Yea you can backup registry with this:

http://download.cnet.com/Emergency-R...-10069122.html

I guess I should have brought it up but these values are small and completely reversible. Even if we cant get into windows we can use Bart-PE's offline registry editor to change them back. Let us know how it works.