I have been having shutdown delays and doing some research I found it could be due to open registry handles - this was confirmed by looking at the error messages in event viewer, although this did not specify the culprit - it only indicated that the registry file could not be closed because some app still had it loaded. As this is a Win XP box, I installed the MS UPHClean service to allow the registry to be properly unloaded on shutdown by closing any open handles, but this service was unable to do so (the shutdown in fact hung on the “saving your settings” screen). The Event Viewer log from the failed shutdown identifies AvastSvc.exe as the problem:
(From Event Viewer:)
Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1412
Date: 2018-01-23
Time: 3:49:08 PM
…
Description:
Setup for handle remapping for process AvastSvc.exe (1704) failed. Reverting to closing handle.
Time: 3:49:08 PM
…
Description:
The following handles opened in user profile hive [name deleted] could not be closed:
Actually disabling Avast manually does not resolve the open handle issue. With the UPHClean service disabled prior to reboot, I get the following alert in the Event Viewer on reboot regardless of whether Avast shields have been disabled prior to reboot or not:
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 2018-01-23
Time: 5:09:56 PM
User: NT AUTHORITY\SYSTEM
Description:
Windows saved user FX55\Name registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
I discovered similar shutdown issues caused by Avast on an XP machine as well.
USERENV reports ID 1517. With UPHClean installed, the service closes three handles in AvastSvc.exe (three user profiles present on the machine), but it still wouldn’t perform a proper shutdown.
I already tried uninstalling Avast as well as running aswclear in safe mode after uninstalling, but this won’t solve the issue. Having Avast re-installed, the machine continues facing trouble while trying to unload the user profile and won’t shut down, even with UPHClean present.
The problem started after Avast (Avast Free) tried to update its program module to version 18 a few weeks ago from a limited user account. The installation was aborted by the user because no administrative credentials could be provided.
In order to reproduce the shutdown issue, the user profile needs to be activated for an hour or longer.
[Edit 03/06/2018]
The 1517 issue appears to be only a minor problem and appeared on other XP machines as well without causing delayed shutdowns. In my case, further investigation in the event log and some tracing in the registry revealed an error in windows update which needed to be fixed.
Avast runs perfectly fine and warns reliably. Thank you very much
