Shutdown Problems - WIN XP Pro SP2

Hi all,

A tech suggested that my firewall (Comodo) might be overzealous and cause my Windows not to shut down as quickly as it should.

In fact, my XP Pro has gotten unashamedly lazy lately and lingers on for far longer than usual when I push the restart radio button …

My Windows Event Log lists the jargon which I submit below; according to the tech, these “warnings” point to security features which prevent the release of user profile when I try to restart…

Any one else with this problem?

"[i]1401: The following handles in user profile hive X2\Zol (S-1-5-21-1214440339-1757981266-682003330-1003) have been remapped because they were preventing the profile from unloading successfully: cpf.exe (652) HKCU\Software\Classes (0x7c) HKCU (0xc8) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows (0x32c) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer (0x3a8) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts (0x3b0) HKCU\Software\Classes (0x3b8) HKCU\Software\Classes (0x428) HKCU\Software\Policies (0x440) HKCU\Software (0x444) HKCU\Software\Microsoft\Windows\ShellNoRoam (0x468) HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache (0x46c)

1401: The following handles in user profile hive X2\Zol (S-1-5-21-1214440339-1757981266-682003330-1003) have been remapped because they were preventing the profile from unloading successfully: cpf.exe (648) HKCU\Software\Classes (0x7c) HKCU (0xc8) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows (0x120)

1401: The following handles in user profile hive X2\Zol (S-1-5-21-1214440339-1757981266-682003330-1003) have been remapped because they were preventing the profile from unloading successfully: cpf.exe (720) HKCU\Software\Classes (0x7c) HKCU (0xc8) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows (0x120)[/i]

And this:

[i] 1517: Windows saved user X2\Zol registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

1524: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.[/i]

:THNK

Any suggestions would be appreciated.

Thanks.

zolaris

Im seeing same error

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/19/2007
Time: 6:53:19 PM
User: NT AUTHORITY\SYSTEM
Computer: LONNYSPC
Description:
Windows saved user LONNYSPC\Me registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at Microsoft Support.

the only way to aviod is to end CPF.exe or exit comodo before reboot or shutdown

zolaris & Lonn: Welcome to the forum.

Have you tried to clean install CFP while in Safe Mode to prevent software conflicts?

Hi
No i havent tried that yet, seeing same warnings on a vmware pc with minimul software installed.

as a test on vmware
xp pro with only sp1
Installed comodo firewall (current version) rebooted
installed ms’s uphclean (set to report only and log call stacks)and rebooted

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/20/2007
Time: 7:51:37 PM
User: NT AUTHORITY\SYSTEM
Computer: NONE-edited
Description:
Windows saved user NONE-6H7M2FT10R\me registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 7/20/2007
Time: 7:51:36 PM
User: NONE-edited\me
Computer: NONE-edited
Description:
The following handles opened in user profile hive edited\me (S-1-5-21-1708537768-343818398-725345543-1003) are preventing the profile from unloading:

cpf.exe (1648)
HKCU (0x70)
call stack data collection not enabled for this process
HKCU\Software\Classes (0x84)
call stack data collection not enabled for this process
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows (0x11c)
call stack data collection not enabled for this process
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer (0x2e0)
call stack data collection not enabled for this process
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts (0x2e8)
call stack data collection not enabled for this process
HKCU\Software\Classes (0x2f8)
call stack data collection not enabled for this process
HKCU\Software\Classes (0x370)
call stack data collection not enabled for this process

this pc is xp home with all updates, minus ie7
besides seeing cpf.exe as below i do occasionaly see

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1501
Date: 7/20/2007
Time: 9:12:02 AM
User: edited\Me
Computer: edited
Description:
The following handles opened in user profile hive edited\Me (S-1-5-21-2832034585-1587069626-3141513504-1005) are preventing the profile from unloading:

svchost.exe (1100)
HKCU (0x33c)

How common are Userenv warnings ?

:slight_smile: They are actually common, but not for CFP users. I used to have it for a very long time until I upgraded to XP SP2. Other than disabling unnecessary services, there are other registry settings that might eliminate this annoying error. The ones I’m referring to are shutdown options in Windows, such as: HungAppTimeout, WaitToKillAppTimeout, AutoEndTasks, and WaitToKillServiceTimeout. After I tweaked the registry settings on a newly reformated XP, it eliminated those errors.

Hello
tried those tweeks in differant combinations with no luck

“I upgraded to XP SP2”
same errors on this fully updated xp system though

comodo and Userenv warnings
Probaly more common that you think, meaning people simply dont looks at event logs.

I assume you did see the old topic’s (not to imply ive ever used a beta)
https://forums.comodo.com/help/eventwarnings_after_installing_23019_beta-t1078.0.html
https://forums.comodo.com/help/comodo_blocks_unloading_registry-t9827.0.html;msg71423
https://forums.comodo.com/help/event_warnings_lead_to_uphclean_identifing_cpfexe_locking_registry_hive-t8012.0.html

=====
so i guess i’l either continue to exit comodo before restarting or shutdown or let microsofts UPHClean do its thing

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1401
Date: 7/20/2007
Time: 11:19:59 PM
User: LONNYSPC\Me
Computer: LONNYSPC
Description:
The following handles in user profile hive LONNYSPC\Me (S-1-5-21-2832034585-1587069626-3141513504-1005) have been remapped because they were preventing the profile from unloading successfully:

svchost.exe (1124)
HKCU (0x144)

cpf.exe (1296)
HKCU\Software\Classes (0x7c)
HKCU\Software\Classes\CLSID (0x80)
HKCU (0xc0)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows (0x118)

For more information, see Help and Support Center at Microsoft Support.

blablabla :slight_smile:

You don’t have to assume; I was in the second one :D. In the UPHClean log, if CFP is manually exited prior to shutdown, does the svchost.exe still remain? It may have something to do with the processes conflicting. The problem with svchost.exe is that it’s an important Windows process and can represent a number of different services, so you can narrow them down by manually closing each (process of elimination).

I did mention the Userenv svchosts warning only show’s occasionaly

If exiting comodo before restarting or shotdowns prevents the
Userenv warning coused by comodo then clearly it is the couse.

checked out our other pc, same Userenv warning exist there.

my guess is cpf.exe’s self protection isnt alowing windows to turn it off (end it)

In a nutshell, yes. They’re not cooperating for some reason.

Curious: what were your settings for the 4 registry keys I suggested?

There’s another tweak I did on my own pc: Start > Run > gpedit.msc. You don’t have to try this; just displaying some of my settings.

[attachment deleted by admin]

HungAppTimeout, WaitToKillAppTimeout, AutoEndTasks, and WaitToKillServiceTimeout
are all as is out of the box. still want to see values ?

that gpedit.msc setting would not resolve problem, however minor it is :slight_smile:

If those 4 settings have the default values, as strangely as it may seem, it was what caused me those profile hive errors. Here are mine:
AutoEndTasks = 1
HungAppTimeout = 1000
WaitToKillAppTimeout = 1000
WaitToKillServiceTimeout = 1000

Even if that doesn’t solve your issue, it should at least give you an overall faster shutdown 8)

defaults here are
AutoEndTasks = 0
HungAppTimeout = 5000
WaitToKillAppTimeout = 20000
WaitToKillServiceTimeout = 20000

however niether those or the gpedit.msc setting address the problem, cpf should know when a shutdown or startup is called and allow itself to be closed which would then let windows unload the userprofile.

Like I posted earlier, those are merely suggestions. The only thing left is to file a http://support.comodo.com ticket because they are the official Comodo support team.