Author Topic: Avast 18.8.2356 interfers with profile unloading due to AVAST handles on shutdwn  (Read 1406 times)

0 Members and 1 Guest are viewing this topic.

Offline swegmike

  • Newbie
  • *
  • Posts: 4
I have Avast 18.8.2356 free on a Windows XP Sp3 x32 Home with all the latest fixes (no posready fixes).
I had been wondering why I was getting usrenv errors on OS shutdown in the system event log. The event Id's are 1517, 1524.
Event Type:   Warning
Event Source:   Userenv
Event Category:   None
Event ID:   1517
Date:      6/22/2019
Time:      1:56:36 PM
User:      NT AUTHORITY\SYSTEM
Computer:   PC863512472119
Description:
Windows saved user PC863512472119\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:   Warning
Event Source:   Userenv
Event Category:   None
Event ID:   1524
Date:      6/22/2019
Time:      1:56:22 PM
User:      PC863512472119\user
Computer:   PC863512472119
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. 



For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


To Track this down I installed UPHCLEAN v2.0.49 (non beta) and repeated the shutdown.  It turns out it was AVAST creating this. See below for the system event errors. Two messages.  The second entry after the first shows various HKC hex codes that change from one shutdown to the next. Event ID 1412, 1201.

Event Type:   Information
Event Source:   UPHClean
Event Category:   None
Event ID:   1412
Date:      6/22/2019
Time:      3:58:27 PM
User:      PC863512472119\user
Computer:   PC863512472119
Description:
Setup for handle remapping for process AvastSvc.exe (364) failed.  Reverting to closing handle.

Event Type:   Information
Event Source:   UPHClean
Event Category:   None
Event ID:   1201
Date:      6/22/2019
Time:      4:35:10 PM
User:      PC863512472119\user
Computer:   PC863512472119
Description:
The following handles in user profile hive PC863512472119\user (S-1-5-21-2369171757-2308932244-330865317-1006) have been closed because they were preventing the profile from unloading successfully:
 
S-1-5-21-2369171757-2308932244-330865317-1006


Event Type:   Information
Event Source:   UPHClean
Event Category:   None
Event ID:   1201
Date:      6/22/2019
Time:      3:58:27 PM
User:      PC863512472119\user
Computer:   PC863512472119
Description:
The following handles in user profile hive PC863512472119\user (S-1-5-21-2369171757-2308932244-330865317-1006) have been closed because they were preventing the profile from unloading successfully:
 
AvastSvc.exe (364)
  HKCU (0x317c)
  HKCU (0x3480)
  HKCU (0x3a44)



« Last Edit: June 23, 2019, 01:38:15 AM by swegmike »

Offline swegmike

  • Newbie
  • *
  • Posts: 4
I have HP support solution Framework Service disabled (was automatic), and HP Software Framework Service disabled (was manual) that is on my compaq v5300 laptop running windows XP Home Sp3. This was done after the previous events above due to a timeout exceding 3000 millisec (it was increased to 150000 millisecs on startup since from the time the error event occurred to when the timestamp in the system event said it started was around the 2 min 40 sec mark. However, this still timed out.  Thus, I get a 3 DCOM errors of id 10005 complaining about these disabled services - it tries 3 times and stops complaining.

As a result UPHClean on shutdown states the following AVAST handle error that is a variation of the one above. first the id 1412 followed by 1201 as follows.

Event Type:   Information
Event Source:   UPHClean
Event Category:   None
Event ID:   1201
Date:      6/22/2019
Time:      10:08:14 PM
User:      PC863512472119\user
Computer:   PC863512472119
Description:
The following handles in user profile hive PC863512472119\user (S-1-5-21-2369171757-2308932244-330865317-1006) have been closed because they were preventing the profile from unloading successfully:
 
AvastSvc.exe (1916)
  HKCU\Software\AVAST Software\Avast (0x570)
  HKCU (0x2e68)
  HKCU (0x3d80)
  HKCU\Software\AVAST Software\Avast (0x3f34)
  HKCU (0x419c)



« Last Edit: June 23, 2019, 02:27:35 PM by swegmike »