Okay, so I get the 1517 event log issues (et al) on around 500 machines
including 2000 pro, server, 2003, xp pro. Some on AD, some on Domain,
some not.

Trying out UPHClean I get this;

The following handles in user profile hive domain\userl (user sid) have
been remapped because they were preventing the profile from unloading
successfully:

svchost.exe (1148)
HKCU (0x314)

What does this tell me? svchost is generic. HKCU - duh, I know that's
what is locked. 1148 the PID?

According to Process Explorer, 1148 has running in it gcasdtserv.exe
which is Giant Antivirus aka Microsoft Antivirus beta 1.

So is this what is causing these errors?

Also, I am testing on a XP PRO machine not on a domain. When I have
two users logged on and one logs off with this UPHClean running, the
monitor goes into power savings and cannot be woke up. Looks like the
PC is still running - HD has activity et al. But the monitor has no
signal.

if the UPHClean did not fix your user profile hive problem, then I'll
suggest one thing. If you have Zone Alarm, update it to the newest
version,6.0.667.000.

<edavid3001@gmail.com> wrote in message
news:1132285107.829672.57630@f14g2000cwb.googlegro ups.com...
> Okay, so I get the 1517 event log issues (et al) on around 500 machines
> including 2000 pro, server, 2003, xp pro. Some on AD, some on Domain,
> some not.
>
> Trying out UPHClean I get this;
>
> The following handles in user profile hive domain\userl (user sid) have
> been remapped because they were preventing the profile from unloading
> successfully:
>
> svchost.exe (1148)
> HKCU (0x314)
>
> What does this tell me? svchost is generic. HKCU - duh, I know that's
> what is locked. 1148 the PID?
>
> According to Process Explorer, 1148 has running in it gcasdtserv.exe
> which is Giant Antivirus aka Microsoft Antivirus beta 1.
>
> So is this what is causing these errors?
>
> Also, I am testing on a XP PRO machine not on a domain. When I have
> two users logged on and one logs off with this UPHClean running, the
> monitor goes into power savings and cannot be woke up. Looks like the
> PC is still running - HD has activity et al. But the monitor has no
> signal.
>

> What does this tell me?

UPHClean is telling you it has stopped the 1517 errors.

UPHClean is telling you that it closed handles that were preventing
the profile from unloading.

See >> You can also have UPHClean log the call stack that is responsible for
the
profile hive handle.

UPHClean v1.5e readme.txt
http://download.microsoft.com/downlo...5ac/readme.txt

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:1132285107.829672.57630@f14g2000cwb.googlegro ups.com,
edavid3001@gmail.com <edavid3001@gmail.com> hunted and pecked:
> Okay, so I get the 1517 event log issues (et al) on around 500 machines
> including 2000 pro, server, 2003, xp pro. Some on AD, some on Domain,
> some not.
>
> Trying out UPHClean I get this;
>
> The following handles in user profile hive domain\userl (user sid) have
> been remapped because they were preventing the profile from unloading
> successfully:
>
> svchost.exe (1148)
> HKCU (0x314)
>
> What does this tell me? svchost is generic. HKCU - duh, I know that's
> what is locked. 1148 the PID?
>
> According to Process Explorer, 1148 has running in it gcasdtserv.exe
> which is Giant Antivirus aka Microsoft Antivirus beta 1.
>
> So is this what is causing these errors?
>
> Also, I am testing on a XP PRO machine not on a domain. When I have
> two users logged on and one logs off with this UPHClean running, the
> monitor goes into power savings and cannot be woke up. Looks like the
> PC is still running - HD has activity et al. But the monitor has no
> signal.

btw: The software "Giant" is not an anti-virus system . It is Giant
"CounterSpy" anti-spyware system. Soywares are not "officially" considered
to be virues yet!


<edavid3001@gmail.com> wrote in message
news:1132285107.829672.57630@f14g2000cwb.googlegro ups.com...
> Okay, so I get the 1517 event log issues (et al) on around 500 machines
> including 2000 pro, server, 2003, xp pro. Some on AD, some on Domain,
> some not.
>
> Trying out UPHClean I get this;
>
> The following handles in user profile hive domain\userl (user sid) have
> been remapped because they were preventing the profile from unloading
> successfully:
>
> svchost.exe (1148)
> HKCU (0x314)
>
> What does this tell me? svchost is generic. HKCU - duh, I know that's
> what is locked. 1148 the PID?
>
> According to Process Explorer, 1148 has running in it gcasdtserv.exe
> which is Giant Antivirus aka Microsoft Antivirus beta 1.
>
> So is this what is causing these errors?
>
> Also, I am testing on a XP PRO machine not on a domain. When I have
> two users logged on and one logs off with this UPHClean running, the
> monitor goes into power savings and cannot be woke up. Looks like the
> PC is still running - HD has activity et al. But the monitor has no
> signal.
>

Zone Alarm is not installed. I have a hardware firewall. Using XP's
software firewall.

>>UPHClean is telling you it has stopped the 1517 errors.
And right after if fixed these errors, my computer crashes. How nice.

Uninstalling UPHClean crashed my computer also.

This is a computer that never crashes. Nothing other than the normal
software in startup is running. I am a net admin of around 500
Windows PC's - for over 10 years. Not a n00b. fyi. I reproduced the
error several times before posting. It wasn't a fluke.

>> Yves Leclerc
Yup, your right. I wrote antivirus - it is antispyware. Duh on my
part. I use eTrust AV.
I have MS Antispyware beta installed - updated to latest version.

So I guess what I have learned is Microsoft Antispyware is locking my
HKCU registry hive. Hmmm.

Yves Leclerc wrote:

> btw: The software "Giant" is not an anti-virus system . It is Giant
> "CounterSpy" anti-spyware system. Soywares are not "officially"
> considered to be virues yet!


You are correct that a spyware program is not a virus. However, it has
nothing to do with "officlally" or "yet." Despite the way many people use
the term "virus" to mean any form of malicious software, that's a very loose
use of the term, and is not what a virus actually is.

The term "virus" simply means self-replicating software. The software
doesn't even have to be malicious to be a virus (although it almost always
is). For more information, read
http://foldoc.doc.ic.ac.uk/foldoc/fo...gi?query=virus


--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Ken Blake, MVP wrote:
>
> The term "virus" simply means self-replicating software. The software

Agreed:
http://www.bootdisk.com/txtfiles/virus.txt

Plato wrote:

> Ken Blake, MVP wrote:
>>
>> The term "virus" simply means self-replicating software. The software
>
> Agreed:
> http://www.bootdisk.com/txtfiles/virus.txt



See, now and then we agree on something. <g>

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Ken Blake, MVP wrote:
>
> See, now and then we agree on something. <g>

About every three years or so....grin

Plato wrote:

> Ken Blake, MVP wrote:
>>
>> See, now and then we agree on something. <g>
>
> About every three years or so....grin



LOL. Maybe a *little* more often than that.


--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup