Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shutdown Warning - Every Day The Same


  • Please log in to reply
12 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:16 AM

Posted 07 September 2006 - 09:44 PM

I really don't understand computers, how to install things, nothing. It's OEM installation.

So I see this warning in the event log every day, identical entry on shutdown

Source=Userenv, Category=None, EventID=1517, User=NT AUTHORITY\SYSTEM, Computer=<myLaptop>

Windows saved user <MyComputer>\<myName> registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The "more information" part eludes me completely. What does it mean?
Can't the NT AUTHORITY\SYSTEM clean up after itself? Don't they have some sort of time permission to wait before shutting down? Or is the message blaming me for something (WHAT ?!) installed in a wrong place?

What is it that is not shutting down?

I read and don't understand a word
http://support.microsoft.com/?kbid=837115 and
http://www.microsoft.com/downloads/details...;displaylang=en
something about a hive. What am I to do with this. I dont want to install anything. I've seen a similar message at work, by the way, about roaming profiles, but that's on a big NT network. Here it's just me and the router.

Computer is Toshiba laptop, Windows XP-SP2, genuine :thumbsup: , all patched.

Edited by tos226, 07 September 2006 - 10:01 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:16 AM

Posted 08 September 2006 - 02:13 AM

Hi tos226

That error message will be produced every time you log-off, restart, or shut-down and there are programs still running. This includes Anti-Virus programs.

If you wish to avoid the error message:

1) Close all windows
2) Unload or stop all programs in the system tray and wait for them to finish unloading. AV programs tend to take awhile to unload. You can look at the processes tab in Task Manager to see when they quit. vsmon is the last one to end in ZoneAlarm Security Suite which I know you run.
3) Log-Off
4) Restart or shut down whichever one you prefer.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 HitSquad

HitSquad

    You're Bleepin' or you're Weepin'


  • Members
  • 1,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Momma
  • Local time:11:16 PM

Posted 08 September 2006 - 09:27 AM

Hi tos266.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


It seems pretty self explanitory to me.
Go to Control Panel>Administrative Tools>Services.
Double click your services listed as running, then click the "Log On" tab.
Whatever is listed as running under a specific account (User Account) that you may suspect, change it to "Local System Account". At least that's the way I'm interpreting that message. :thumbsup:
I would imagine a reboot would be required for every one you change as well.

Edited by HitSquad, 08 September 2006 - 09:29 AM.


#4 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:16 AM

Posted 08 September 2006 - 03:07 PM

Orange Blossom, It is not any error message. It's just goes into the event log. There's a whole mess of services running. HOW can you tell what wasn't installed properly or is/isn't used by Local system or whatever they call it. Your suggestion to disable and unload items in the system tray is cute. But I can't see doing it every night the computer gets shut off. Clean shutdown is, in my opinion, a job for a computer, is it not?

HitSquad, Thanks. I didn't know what, if, or how to change such a thing. Not too self-explanatory to me when it does not say WHICH service :thumbsup: In any case, let's say it's vsmon, or some critical system service, and I change it while the service is running. Is that OK? Clearly I can't shut the service down, nor set to manual, if it's important. But there are many which don't show SYSTEM as a user, but my name. I didn't put it in there, and I install things under full admin rights. So what's going on?

If I posted just a list of running services and their properties from Export (I just looked on W2K machine, XP might be different at home), would you know to which I can make such changes and still be able to restart the computer and make it run?

Future impact - say I change revision of something. It doesn't tell me what service they use. It doesn't tell me under what user that service will run. So how can one monitor such things?

#5 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:16 AM

Posted 08 September 2006 - 07:57 PM

On my XP, for the "Log On As" property, Control Panel shows three categories: "Local Service", "Local System" or "Network Service". And the event log does say the user is "NT AUTHORITY\SYSTEM". Not me.

I looked for some hidden switches and see none.

Now the message also says that it might be application. In Task Manager a bunch are under my name. What do I do now?

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:16 AM

Posted 08 September 2006 - 08:01 PM

Orange Blossom, It is not any error message. It's just goes into the event log.


A matter of symantics or definition: When I see a red circle or yellow triangle by the messages in the event log, I call them error messages. We're talking about the same thing. :thumbsup:

Your suggestion to disable and unload items in the system tray is cute.

Cute?? Well... :flowers: Um - not disable, just exit, unload or stop whatever programs are running. Disabling is different. :inlove:

But I can't see doing it every night the computer gets shut off. Clean shutdown is, in my opinion, a job for a computer, is it not?


Maybe, but I've read that the most stable way of shutting down is to exit and stop all programs first. It really doesn't take any longer to shut-down. It's just more interactive this way.

But there are many which don't show SYSTEM as a user, but my name. I didn't put it in there, and I install things under full admin rights.


Basically, if the service or program is essential for the operating system, it will say "system" as user. These services frequently start up before logging into the local account. Some components of anti-virus programs also show up with "system" as user. Services that are used on demand show up under the current user's name. For example, when I look at Task Manager which shows user information under the processes tab for the processes currently in use, taskmgr.exe shows up under my user name on the computer I'm using right now, and I didn't install anything on it. It's a public computer. Optional components that run automatically, such as alg.exe have local service as a user name. This means when the local account opens up, that service or program loads up.

Orange Blossom :trumpet:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:16 AM

Posted 08 September 2006 - 09:46 PM

Orange Blossom,
Semantics - yes. But I do read "error message" as a message visible to the user.
Items posted into the the event log are not obvious. No message whatsoever. And I do see Errors as being different from Warnings. Ignore it, it's just me.

I'm willing to try, maybe once out of curiosity, what you're suggesting - closing up everything in the system tray.
But I don't know how. With the exception of user-friendly ZA and PestPatrol, none of those icons have a word about exit, close, shutdown, NOTHING. Contents of the system tray:
1. ZA
2. Lightbulb which is a power gauge AC or battery
3. CD acoustic silencer
4. Wireless Network connection (off at this point)
5. Local area connection
6. Pest Patrol control
7. Volume
8. Icon telling me the screen resolution
9. Windows security alerts shield (red, I hoped to stop all those automatic downloads long ago but it won't go away and is nagging me daily that I shut it off - a major annoyance)
10. Clock

On the left are couple shortcuts to Word, Excel, Notepad, Windows Explorer, Wordpad, couple others, they are not active. Then there's the Start button.

In the middle is the ZASS client (I've always wondered why it has to be on here).

What do you think would need to be shut down and in what sequence? I numbered them so you won't have to use the long names.

Task Manager - as I responded above to HitSquad, I saw apps in the Task Manager. I suppose I need to now link which of the services runs what in the Task Manager. Is there a command I can use for that from the cmd window? I don't want to download any trash to tell me that. Or - I have HJT and Spybot and Ad-Aware - will they tell exactly what goes with what? Also the MS window tells me to work on the services and change the user thing there, not a word about task manager. And HitSquad said the same thing.

Edited by tos226, 08 September 2006 - 09:58 PM.


#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:16 AM

Posted 08 September 2006 - 10:34 PM

[quote name='tos226' post='353612' date='Sep 8 2006, 10:46 PM']1. ZA[/quote]
Right click on the icon and choose shut down. Do this after disconnecting from the internet.
[quote]2. Lightbulb which is a power gauge AC or battery
3. CD acoustic silencer[/quote]
No clue. I don't have these.
[quote]5. Local area connection[/quote]
If this is your internet connection, disconnect before stopping any security programs. Ditto for the wireless.
[quote]6. Pest Patrol control[/quote]
I suspect this also can be shut off by right clicking and then choosing exit or shutdown or something like that. I don't have this program. Again do this after disconnecting from the internet.
[quote]7. Volume[/quote]
No need to do anything with this.
[quote]8. Icon telling me the screen resolution[/quote]
Huh, interesting. Probably similar to volume control in how it works. Don't think it would be necessary to do anything with this.
[quote]9. Windows security alerts shield (red, I hoped to stop all those automatic downloads long ago but it won't go away and is nagging me daily that I shut it off - a major annoyance)[/quote]
Stopping automatic updates in itself does not remove the shield. That just puts a red X on it. There is a way of getting rid of the annoying shield. I'll have to see what I did when I get home.
[quote]10. Clock[/quote]
Don't need to do anything with this.
[quote]On the left are couple shortcuts to Word, Excel, Notepad, Windows Explorer, Wordpad, couple others, they are not active.[/quote]
These are just to the right of the start button? These are quicklaunch icons, which means that they may be partly starting up when you boot. Don't need to do anything with these unless you want to remove them from quicklaunch. I have Firefox, desktop (handy to have to get to the desktop if a window is being stubborn about being on top), and Thunderbird here.
[quote]Then there's the Start button.[/quote]
Don't need to do anything with this either. It's not part of the system tray. All that is to the far right.
[quote]In the middle is the ZASS client (I've always wondered why it has to be on here).[/quote]
Is this the ZoneAlarm user interface? If you don't want it showing in the task bar, restore the window and click on the x in the upper right which will send it to the system tray. Doing this does not end the program.
[quote]the MS window tells me to work on the services and change the user thing there, not a word about task manager. And HitSquad said the same thing.[/quote]
Right. The task manager will show you services or processes that are running and the user name, but you cannot change it there. I cannot get to windows management on this computer as I don't have administrative rights. Use the task manager in conjuction with the services section of computer management to help identify the services in question. I cannot be more specific without seeing the computer management console.
[quote]I suppose I need to now link which of the services runs what in the Task Manager. Is there a command I can use for that from the cmd window?[/quote]
Are you asking how to find out which services belong to which programs? You can use the file databases at BC as one resource to find out. I also open task manager to processes, and see which services go away when I close a program and which appear when I open one. That is another way of finding out program - service connection.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:16 PM

Posted 09 September 2006 - 01:55 PM

From the first link posted:

CAUSE
This issue may occur if Microsoft Windows or third-party programs such as printer drivers or virus scanners do not stop and release resources when you log off your computer.
Back to the top Back to the top
RESOLUTION
To resolve this issue, use the Microsoft User Profile Hive Cleanup Service (UPHClean). UPHClean monitors the computer while Windows is unloading user profiles and forces resources that are open to close. Therefore, the computer can unload and reconcile user profiles.

To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details...70-42470E2F3582 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582)
Back to the top Back to the top
MORE INFORMATION
For additional information about UPHClean, view the Readme.txt file. To download the file, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details...70-42470E2F3582

http://support.microsoft.com/?kbid=837115

It seems that should resolve the problem according to MS.

#10 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:16 AM

Posted 10 September 2006 - 04:22 PM

Enthusiast, I'm not ignoring your answer. I'm studying profiles, hive, all that advanced stuff & its relation to services. At this point, thanks to you guys, the MS link I included in my original post, being the same, needs study and understanding. I see that that utility even has a diagnostic flag which might prove useful.

Now, having said that, I suspect the whole thing isn't most serious in the world, when the system doesn't even tell ya about it, just hides it in the log. Correct me if I'm wrong, please.

I will post the results, when I sift through the information and do it.

#11 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:16 PM

Posted 10 September 2006 - 04:55 PM

If it was serious, you would have had more than a log which you would usually never see, and your computer would be acting strangely.

If it were me, I would follow the directions on the MS article and install UPHClean as they suggest as the fix.

If that doesn't resolve the problem you can always use System Restore to reverse it.

#12 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:16 AM

Posted 10 September 2006 - 07:08 PM

Enthusiast, Thanks again, I trust your advice. I installed that UPH thing you suggested, as it's beginning to make sense. I'll know the effects when I shut off and watch it a bit. System Restore is not in the picture. It's been like this for a very long time.

I hope you don't mind if I tack on another question, while we're on the subject of event log, this time at startup not shutdown. Every time I start the computer,

Source: CeEPwrSVC, Category-None, EventID=0, User=N/A, Computer=<my laptop>

The description for Event ID ( 0 ) in Source ( CeEPwrSvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.


No links, no nothing. CastleCops entry is here, http://www.castlecops.com/o23list-294.html. Legit. So what am I to do to fix that one (if anything)? This computer is Toshiba laptop. Again, it's OEM installation. And I don't understand what it's saying about /AUXSOURCE and "remote computer". What remote computer?!

Help and Support has three useless entries. It says:
"Full-text Search Matches returned 0 results for ceEPwrSVC.".
"Microsoft Knowledge Base (0 results)."
"Tools Center Search Provided by the Windows Resourse Kit (0 results)"

And what's this about "Senior Member" thing by my userID? I know NOTHING :thumbsup:

Edited by tos226, 10 September 2006 - 07:10 PM.


#13 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:16 PM

Posted 10 September 2006 - 09:29 PM

0.ceepwrsvc - ceepwrsvc.exe - Process Information

Process File: ceepwrsvc or ceepwrsvc.exe
Process Name: Toshiba Power Management

Description:
ceepwrsvc.exe is a process belonging to the Toshiba Power Management suite. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.


http://www.liutilities.com/products/wintas...rary/ceepwrsvc/

How to remove CeEPwrSvc error

CeEPwrSvc.exe file information


The process CeEPwrSvc Module belongs to the software CeEPwrSvc Module by COMPAL ELECTRONIC INC (www.compal.com).

Description: CeEPwrSvc.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 73728 bytes (36% of all occurrence), 36960 bytes, 36973 bytes.
http://www.file.net/process/ceepwrsvc.exe.html


Name CeEPwrSvc
Command CeEPwrSvc.exe
Status L (legitimate)
Description Related to TOSHIBA and COMPAL ELECTRONIC INC.
http://www.castlecops.com/o23list-294.html

Process File: ceepwrsvc.exe
Process Name: Toshiba Power Management
Description: ceepwrsvc.exe is a process belonging to the Toshiba Power Management suite. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.

It is a safe file but if it is causing a problem you can remove it or stop it from starting with Windows.

See if it can be reinstalled with the cds that came with the computer or check Toshiba support for it. It seems to monitor your battery.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users