Been using Comodo FW (now CIS w/o AV) for some time now and love it. Runs smoothly and rarely see a glitch. I’m having a problem (think it has been going on for some time & I just never noticed) I don’t know how to resolve. Problem is that when I bounce back and forth between my LUA and the Admin account to do admin stuff, Windows is not releasing the last user on the machine’s copy of explorer.exe, per Task Manager. This WinXP Home SP3 machine is set up with 3 user accounts. Each time one of us logs off and then during the same session log onto another account, yet another copy of explorer.exe is not closing down. Some days I can get as many as 3-4 appearing in task manager, one for each user I have been logged on as, killing my 512MB ram. I have cleared/increased the Pagefile per auhma.org’s recommendations, but that hasn’t resolved the memory usage from running high after awhile. And I have gone into Control Panel, User Accounts, “Change how users log off” to have Windows totally close down user programs at log off. But that has not resolved the problem. Users completely log off when we get off this shared pc. FWIW, we do not use Win XP’s Fast User Switching and that service has actually been disabled/stopped.
Been trying to figure this out for some time now so I took a look at my Windows Event Viewer and I see a lot of these errors on the Event log:
Event ID 1524: “Windows cannot unload your classes registry file. It is still in use by another application or service. The file will be unloaded when it is no longer in use.”
Event ID 1517: “Windows saved user Computer Name\User Name registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account. Try reconfiguring the services to run in either Local Service or Network Service.”
Well, the only programs on this pc that run under the user name are Superantispyware.exe, ashDisp.exe (Avast) and cfp.exe (Comodo Firewall). I’m beginning to think these multiple instances of explorer.exe ( using 17,000K apiece!) are related to the above-sited errors and that it has ALWAYS been going on and I just never noticed it before. Plan on upgrading ram soon, but would like to perhaps find a work around until that happens. If useful, I’ve attached a copy of a typical Task Manager running processes. Very few apps on this system as you can see.
So basically my question is: Is there some way to make cfp.exe install under Local Service or Network Service rather than under the user that is logged on (though I don’t really know if such a thing were possible, if that would resolve this problem or not)?
EDIT: D/L’ed & installed Microsoft’s UPHClean (User Profile Hive Cleaner) tonight to see if that would resolve. The 1517 & 1524 event messages have stopped. Yippee! Now I just get Event ID 1401 messages each hung-up user that reads as follows (indicating UPHClean is doing its job). But the multiple explorer.exe problem persists. So something ELSE is holding onto explorer.exe in my case.
Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1401
Date: 3/3/2009
Time: 6:45:11 PM
User: HOME-23AB30824B\ButtonAdmin
Computer: HOME-23AB30824B
Description:
The following handles in user profile hive HOME-23AB30824B\ButtonAdmin (S-1-5-21-1085031214-1757981266-839522115-1005) have been remapped because they were preventing the profile from unloading successfully:
explorer.exe (1100)
HKCU (0x44)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings (0x54)
HKCU\Software\Classes (0x9c)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer (0xa8)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer (0xbc)
HKCU\Software\Classes (0xcc)
HKCU\Software\Classes (0x140)
HKCU\Software\Classes (0x150)
HKCU\Software\Microsoft\Plus!\Themes\Apply (0x158)
HKCU\Control Panel\Appearance\New Schemes (0x160)
HKCU\Control Panel\Appearance\New Schemes\21 (0x164)
HKCU\Control Panel\Appearance\New Schemes\21 (0x168)
HKCU\Control Panel\Appearance\New Schemes\21\Sizes\0 (0x16c)
HKCU\Software\Classes (0x174)
HKCU\Software\Classes (0x180)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap (0x1f0)
HKCU\Software\Classes (0x1f4)
HKCU\Software\Classes (0x208)
HKCU\Software\Classes (0x248)
HKCU\Software\Classes (0x254)
HKCU\Software\Classes (0x258)
HKCU\Software\Microsoft\Windows\Shell (0x26c)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts (0x270)
HKCU\Software\Microsoft\Windows\ShellNoRoam (0x274)
HKCU\Software\Classes (0x280)
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache (0x284)
HKCU\Software\Classes (0x288)
HKCU\Software\Classes (0x298)
HKCU\Software\Classes (0x2d0)
HKCU\Software\Classes (0x2f0)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count (0x31c)
HKCU\Software\Classes (0x320)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{75048700-EF1F-11D0-9888-006097DEACF9}\Count (0x324)
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked (0x32c)
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached (0x33c)
HKCU\Software\Classes (0x3b4)
HKCU\Software\Classes (0x3b8)
HKCU\Software\Classes (0x3cc)
HKCU\Software\Classes (0x3dc)
HKCU\Software\Classes (0x3e0)
HKCU\Software\Classes (0x3e4)
HKCU\Software\Classes (0x3f0)
HKCU\Software\Classes (0x3f4)
HKCU\Software\Classes (0x404)
HKCU\Software\Classes (0x408)
HKCU\Software\Classes (0x420)
HKCU\Software\Classes (0x424)
HKCU\Software\Classes (0x428)
HKCU\Software\Classes (0x444)
HKCU\Software\Classes (0x44c)
HKCU\Software\Classes (0x450)
HKCU\Software\Classes (0x46c)
HKCU\Software\Classes (0x48c)
HKCU\Software\Classes (0x4b8)
HKCU\Software\Classes (0x4c4)
HKCU\Software\Classes (0x4d4)
HKCU\Software\Classes (0x4d8)
HKCU\Software\Classes (0x4dc)
HKCU\Software\Classes (0x4e0)
HKCU\Software\Classes (0x4f8)
HKCU\Software\Classes (0x500)
HKCU\Software\Classes (0x508)
HKCU\Software\Classes (0x50c)
HKCU\Software\Classes (0x518)
HKCU\Software\Classes (0x538)
HKCU\Software\Classes (0x568)
HKCU\Software\Classes (0x580)
HKCU\Software\Classes (0x584)
HKCU\Software\Classes (0x598)
HKCU\Software\Classes (0x5b0)
HKCU\Software\Microsoft\Internet Explorer\Security\P3Global (0x5f0)
HKCU\Software\Classes (0x600)
HKCU\Software\Classes (0x610)
HKCU\Software\Classes (0x638)
HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop (0x660)
HKCU\Software\Classes (0x6e8)
HKCU (0x6f4)
HKCU\Software\Classes (0x718)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap (0x71c)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap (0x728)
HKCU\Software\Classes (0x750)
HKCU\Software\Classes (0x760)
HKCU\Software\Classes (0x77c)
HKCU\Software\Microsoft\Internet Explorer\Security\P3Sites (0x780)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap (0x78c)
HKCU\Software\Classes (0x790)
HKCU\Software\Classes (0x7c4)
HKCU\Software\Classes (0x7e0)
HKCU\Software\Classes (0x7e4)
HKCU\Software\Classes (0x7f4)
HKCU\Software\Classes (0x80c)
HKCU\Software\Classes (0x810)
HKCU\Software\Classes (0x820)
HKCU\Software\Classes (0x830)
HKCU\Software\Classes (0x840)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Extensions (0x844)
HKCU\Software\Classes (0x84c)
HKCU\Software\Classes (0x89c)
HKCU\Software\Classes (0x8f4)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c (0x92c)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket (0x96c)
HKCU\Software\Classes (0x994)
HKCU\Software\Classes (0x9b0)
HKCU\Software\Classes (0x9bc)
HKCU\Software\Classes (0x9c8)
So I’m back to thinking maybe Comodo, SAS or Avast could be holding onto user profiles at logoff? Really don’t know. For now, we’re just doing a RESTART between users, but I really would prefer to resolve the real cause of my problem and fix it. Is sthere a way to install/configure Comodo cfp.exe to run under Local or Network service instead of the logged on user?
[attachment deleted by admin]
