Last week, I finally removed Norton AV from my desktop, and installed NOD32 in its place. I followed the advice on the Symantec site, and used their three removal tools, in addition to CP >Add/Remove. Finally, I used Registry First Aid to clean out anything left.

Since installing NOD, I've been very impressed by its light use of resources, and the machine has had a generally nippier feel to it. However, on shutdown or re-boot, it sits at the 'Windows is shutting down' screen for about 22 seconds, previously, I would estimate this was no more than 5 seconds or so - not long enough for me to bother to time it.

I've turned off boot sector scanning at shutdown, also floppy scanning (as there isn't one) and network, since I'm usually alone on that too. None of these changes have altered the slow shutdown.

The machine is running XP Pro SP1, it's a P4 3.4GHz with 2GB DDR-RAM and a 400GB RAID0 array. Free RAM is about 1.6GB immediately before shutdown, free disk is about 320GB. I use NTFS.

The system logs show no entries which could explain the problem, so I would appreciate any thoughts.

Thanks

It could be something related to Winsock causing this problem. Try Blackspear's standard advice: run the Winsock XP Fix (http://www.spychecker.com/program/winsockxpfix.html) tool, and then repair IMON (http://www.wilderssecurity.com/showpost.php?p=450639).

Rik Bean please tell if your problem is solve after winsock xp fix tool
i also got this problem for 3 years after installing nod32

{QUOTE-> It could be something related to Winsock causing this problem. Try Blackspear's standard advice: run the Winsock XP Fix (http://www.spychecker.com/program/winsockxpfix.html) tool, and then repair IMON (http://www.wilderssecurity.com/showpost.php?p=450639). <-QUOTE}

That did the job perfectly, many thanks. Shutdown is now 7 seconds.:)

{QUOTE-> Rik Bean please tell if your problem is solve after winsock xp fix tool
i also got this problem for 3 years after installing nod32 <-QUOTE}

See my other post, it worked great, shutdown is back to 7 seconds...

Hi Rik Bean:

You may want to check if IMON is now disabled (which the Winsock(XP)Fix will do).

{QUOTE-> That did the job perfectly, many thanks. Shutdown is now 7 seconds.:) <-QUOTE}

{QUOTE-> Hi Rik Bean:

You may want to check if IMON is now disabled (which the Winsock(XP)Fix will do). <-QUOTE}

I did, but thanks for the heads up. However, I then downloaded this month's updates from MS, and the shutdown slowed right down again. Repeated the cleanup exercise and we're back to 7 seconds. I think I'll be remembering this process! :(

Later that day...

I have found that the 22 second shutdown returns after I have done the winsock/IMON repairs. It's fine until I access the 'net in any way, ie email or web, but from then on, the delay is back until I do the repairs again, or unless I disable IMON completely. Obviously, I don't consider the latter a good option, and I can live with the shutdown delay if needs be, but if anyone has any more suggestions on a fix, I'd appreciate it.

it's not nod that cause your problem.
it's the system itself.
you can check your windows

{QUOTE-> it's not nod that cause your problem.
it's the system itself.
you can check your windows <-QUOTE}

Could you elaborate please? What element of Windows do I need to check. As there are no error messages being generated on-screen or in the system log, it's hard to know where to start.

Hello Rik Bean,
This is a utility that was created to address a root cause of this type of issue. It may or may not help in your case, but I have never heard of it hurting either.
Download Details User Profile Hive Cleanup Service (http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en)

{QUOTE-> Hello Rik Bean,
This is a utility that was created to address a root cause of this type of issue. It may or may not help in your case, but I have never heard of it hurting either.
Download Details User Profile Hive Cleanup Service (http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en) <-QUOTE}

Good tip and nice to have little Util......one never knows!!

Data Removed by Pilli
oooooooooppppppps

WHAT IS UPHCLEAN
================

UPHClean is a service that once and for all gets rid of problems with user
profile not unloading.

You are having profile unload problems if you experience slow logoff (with
Saving Settings for most of the time while logging off), roaming profiles
that do not reconcile, or the registry size limit is reached.

WHY DO PROFILES NOT UNLOAD?
===========================

Many system and service processes do work on behalf of users. When the work
is done the system or service process is responsible for releasing handles it
has to the user profile hive. If this is not done by the service as the user
logs off the profile cannot be unloaded.

This problem in code can be caused by improper coding either in Microsoft
software or 3rd party software (e.g. printer drivers, virus scanner service,
etc). With the information provided by the system there is no way to find
out what software needs to be corrected to allow profiles to unload.

This problem can be caused for a variety of reasons. While software developers
are typically very careful about releasing handles, developing software that
works on behalf of a logged on user is complicated. It is difficult for
software developer to have full control over how the registry is accessed.
Service developers might want to see KB article 199190 for more information.

While it is possible to identify the service (see KB article 221833), it is
sometimes difficult to track this down the specific problem code. Even when
you do identify the problem code there maybe times when the developer of this
code is not able to make the necessary changes. This is the reason for
UPHClean -- it takes care of the problem regardless of the reason why.

WHAT DOES THE USER SEE? WHAT HAPPENS TO THE PROFILE?
=====================================================

Windows NT4:
The system gives up immediately on failure to unload the profile
and the (roaming) profile is not reconciled.

Windows 2000:
The system attempts to unload the profile 60 times at 1 second intervals.
This retry logic rarely helps so in most cases after 60 seconds of the user
waiting at the Saving Settings message box the system gives up and roaming
profiles are not reconciled. The number of retries can be changed to allow the
user to log off faster (this can be done using the policy under Computer
Configuration, Administrative Template, System, User Profiles, Maximum retries
to unload and update user profile)

Windows XP and 2003:
The profile is reconciled using a copy of the contents of the registry. The
user is not made to wait as in Windows 2000. The problem left is that the
computer cannot recover the memory the profile uses until it can be unloaded.

Also in some cases (e.g. using anonymous logons) you may find that you cannot
log on if the profile cannot be unloaded.

WHY SHOULD I USE UPHCLEAN?
==========================

The concept of UPHClean is to deal with these the same way the operating
system deals with other resource issues: when a task is done resources
(memory, handles, etc) are automatically reclaimed. UPHClean accomplishes
this simply by monitoring for users to log off and verifying that unused
resources are reclaimed. If they are not it reclaims the resource and logs
its action. This approach is superior as it works for any known reason
that profiles do not unload and also will keep working to address new
unknown issues.

Another advantage to UPHClean is that no computer restart is required to
install it or remove it (except on Windows NT 4). You can install and
remove UPHClean to find out whether it helps with a profile unload problem or
not. You can do this without having to worry about what hotfix, service pack,
feature pack, etc has been installed. Set it and forget is the goal of
UPHClean.

By default UPHClean takes action to allow profiles to unload. You can
choose to have UPHClean only report what processes it finds preventing profiles
from unloading. To do this, install UPHClean and use the registry editor to
set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\REPORT_ONLY to 1.

You can also have UPHClean log the call stack that is responsible for the
profile hive handle. This is necessary to find out what software is
responsible for the hive handle in processes used for many purposes (e.g.
svchost.exe, dllhost.exe, winmgmt.exe). To enable call stack logging use the
registry editor to set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\CALLSTACK_LOG to 1.

Logging the call stack is computationally and memory intensive. You should use
this option to collect information and then turn it off. To get more accurate
call stack logging it may be necessary to get symbols installed on the
computer. You can read about getting symbols at:

http://www.microsoft.com/whdc/ddk/debugging/symbols.mspx

Unecessary quote removed by Pilli
Now, why would anyone with a valid copy of Windows object to validating their software???

Welcome to Shanijee's dodgy software bazzar ::)

{QUOTE-> Now, why would anyone with a valid copy of Windows object to validating their software???

Welcome to Shanijee's dodgy software bazzar ::) <-QUOTE}

Agree with you 100% and I don't think this man should be allowed to spread more of this dark information here.

Agreed with both of you and because his mess takes always place in the NOD32 forum i'll know how to prevent further BS from him.

{QUOTE-> Hello Rik Bean,
This is a utility that was created to address a root cause of this type of issue. It may or may not help in your case, but I have never heard of it hurting either.
Download Details User Profile Hive Cleanup Service (http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en) <-QUOTE}

Thanks for that, but it's already on my machine.

{QUOTE-> Agreed with both of you and because his mess takes always place in the NOD32 forum i'll know how to prevent further BS from him. <-QUOTE}

Look at my signature.....Good job!

{QUOTE-> Thanks for that, but it's already on my machine. <-QUOTE}

Nothing wrong with that util!

sorry but why my links drop not everyone have register window?

{QUOTE-> sorry but why my links drop not everyone have register window? <-QUOTE}

Ask one of the moderators, they can explain very well!!!

{QUOTE-> sorry but why my links drop not everyone have register window? <-QUOTE}
Hey, shanijee.

Probably because Microsoft makes validation a requirement to download this piece of software from their website. As you point out, there are other places where you can get this utility, even some rather well-known download sites that list this as "freeware". However, I do not know if Microsoft has actually given them permission to redistribute this software.

You may have good intentions with the links (to make it easy for us ;)), but if Microsoft requires validation to download the file, then the other website probably does not have Microsoft's permission. That may be considered a form of piracy, and we all know what the moderators here think about that! :lurking:

When posting links to programs... please post a link to a webpage that describes the program whenever possible, instead of a link directly to the program itself. This way, people can read about what they are downloading before they actually download it. For example, link to 3DMark06 at Futuremark ( http://www.futuremark.com/download/?3dmark06.shtml ) or maybe even an authorized mirror site ( http://www.majorgeeks.com/3DMark06_d4935.html ), but not to the .exe itself. The moderators around here would probably prefer that, as well.