Diagnostic utility finds a problem..

[Guest]

[Tarq57]

This morning the computer started to run slow, with explorer taking longer than usual to respond. This was evidenced with any application taking longer to disply/open when selected or right clicked. The pc alarm beeped a couple of times while this was occurring, as if the fan had failed to respond to a commanded temperature change. While attempting to open a program to examine the system, explorer "part" crashed, half the system tray icons dissappeared, task manager showed the program concerned as open, but the GUI was absent, ditto any means of controlling it.
Decided to perform a shutdown/restart, shutdown failed to complete and stalled, so after about 15minutes I powered down. Re started again after a good 3 minutes, everything appeared normal.
As part of the following troubleshoot, I ran a diagnostic check on CFP (3.0.22.349), "miscellaneous>diagnostics".
The message following said that "problems were discovered with the installation. Would you like it repaired?" Clicked yes. It then came up with "Unable to fix some problems. Would you like a log?" Clicked yes. (See attached txt.) Can't really make head or tail of the log, the only thing that appears odd to me is an entry near the beginning that reads: "[guard32]
Key=No", where the preceding entries read "yes".
Reinstalled the firewall. Ran the diagnostics. Same result. (It is this log that is attached.) Had previously run the diagnostics after first installing this firewall, and all was good. SP3 was installed at that point.
Computer behaviour otherwise appears normal, as does the firewall and D+ behaviour.

XP (Home) SP3 AMD3500+, 2G RAM. Avast Home, Threatfire, CMF, CBoclean (a recent addition) and that's about it.
Help, please.

[Vettetech]

Threatfire is not needed if your using Comodo with D+. You said reinstalled but did you do a Complete Uninstall first? Use Revo Uninstaller in advanced mode. When Comodo says reboot,don't and click next on Revo and delete all left over registry and program entires it finds. Then reboot. Use CCleaner registry cleaner and reboot. Download and install the latest version of Comodo. Also have you updated Avast to the latest version? There is alot of bug fixes for it.

[Tarq57]

Thankyou for replying.
The Threatfire info is understood. I don't think that is the issue, though, since they worked well together for well over a week.
Too late for Revo uninstaller, I'm afraid. Don't have it.
I have just (again) uninstalled/reinstalled CFP. This time I edited the registry to delete all entries I could verify as belonging to CFP. (Not the Boclean nor CMF ones.)
The problem here is that entries described as "Legacy" would not be deleted, due to access permissions. Did a computer search for any CMDAGENT leftover in the system, nothing found. Used Ccleaner, in "issues" (registry) mode, following the commanded reboot, too. Checked program files folders, and Docs/settings/application data (under my user profile; nothing found.
Is it possible the failure to delete these Legacy keys likely to have caused the issue?
How serious is this issue likely to be from a security standpoint?

[Vettetech]

Its never too late for Revo. Just install it. Also see here.

http://forums.comodo.com/help_for_v3/comprehensive_instructions_for_completely_removing_comodo_firewall_pro_3_info-t17220.0.html

[Tarq57]

OK, so will Revo uninstaller recognize the changes made by the Comodo install, even if Revo is installed now, and will it fix this issue? Or would you recommend going thoroughly through the procedure in the link?

[Vettetech]

If you currently have Comodo installed and are trying to fix a problem then try doing a complete uninstall using Revo Uninstaller in advanced mode. When Comodo says reboot,dont and click next on Revo. Delete all registry and program entires it finds then reboot. Use CCleaner registry cleaner and reboot. Install a fresh version of Comodo. If it doesnt work then use the comprehensive procedure.

[grue155]

Welcome to the forum, Tarq57

Reading over your initial posting, it sounds like there might be something else going on, and CFP is one of several programs that is showing symptoms of an underlying problem. Have you checked the WinXP event log for any diagnostic or warning messages? To see those messages, click Start -> Run, enter "eventvwr.msc", then highlight System, and then double-click any message line to display the text.

What you've described so far sounds like it could be a hardware problem with the disk drive, which can cause all manner of things to act strangely. There are some diagnostics checks that can be done, some native to WinXP and some not, that can be useful if there is a problem. Looking at the WinXP event log is the first check.

[Tarq57]

Hi Vettetech, I'll install Revo and have a crack at that in due course, if there is nothing outstanding that needs addressing from the event viewer.

Hi grue 155,
The event viewer contains a number of entries under "System". Analysis of some of them indicated they were due to services having been disabled, which is true. I had disabled some services in accordance with info provided on BlackViper's tweak XP website; set some others to manual. (I have reset most of these to "automatic" now, and restarted.)
Another frequent error is related to "atim2tag", the description is "CRT invalid type"', no advanced help is available.
There are some more, from 2 days+ ago, (19/05/08) that read "The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSP
aswTdi" This is an event type "7026".
I have, at about the time indicated, uninstalled my Avast Home AV, which was on the "D" partition, and reinstalled it to the "C" partition. It appears to be operating correctly.
There are a number of warnings from the 16/05/08, stating "UnlockerDriver5" with an error type of "54", no further info available. (I do have the "unlocker" program installed, and the 16th was probably about the last time I used it. Perhaps a reinstall is advised, here, if that is what the error is referencing?
All the other errors seem to relate to services failing to start/dependencies failing to start, and are listed as  DCOM, and Service control manager, and reference UNP&P, SSDP discovery service, and a couple from 17/05/08 "DCOM got error "The dependency service or group failed to start.  attempting to start the service upnphost with arguments  in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.",
plus the errors referencing Avast, which appeared to be limited to the one day/time window when the reinstall occurred.
Sorry if this is needlessly long winded, I don't have much idea about analyzing this sort of thing, if you can help I'll be pretty darn impressed! Hope enough information is provided.
Thanks,
Tarq.

[grue155]

The details from the Windows event log sound like the fairly routine Windows logging chatter. Windows, like almost all OS's these days, tends to have very good disk error correction and recovery methods. And like most, it tends not to log problems till its almost too late. I'll take nothing in the event log as a good sign.

Two more Windows native checks to try:

One is the classic disk defrag, of every partition on your disk. In doing the defrag, the goal is to trip up over the disk error-correction hardware, and see if something complains about an error reading or writing to the disk.

The second is seeing if the Windows Device Manager ( Start, My Computer properties, Device Manager, highlight the disk drive, and use the hardware troubleshoot facilities ). That may trip something also.

A tool to download, is SpeedFan, available at http://www.almico.com/speedfan.php and using it to monitor your machine cooling, including any sensor data from your disk drive. You'll need to install it, and watch the results for a while to see if there is a problem. Disk drives don't like heat, and their error rate will increase as the temperature goes up.

[Tarq57]

Righto, Device manager>disk drives indicates no problems. I have a program installed by Gabriel Topola, called System information, which includes a display of the hardware sensors. Both (CPU and HD) are currently indicating 34C. I've never seen them above 41C. Have been checking quite regularly, especially today.
The hard drive is a Seagate 7200, about three years old, still under warranty, I think.
Do you think I need to run the speedfan program?
About to commence a defrag. Will report the results.

[Soyabeaner]

According to your first txt file, CFP 3 is missing guard32.dll, which I believe is the Defense+ driver.  It should be in C:\WINDOWS\system32.  I remember recently I did a test by moving some CFP files and got the same message when running the diagnostics: "Unable to fix some problems."

Apparently, something is preventing that file from being installed onto your PC.  When installing CFP3, I always recommending disabling other programs, namely security programs.  Shutting them down is even safer (with disconnected internet of course).

[Tarq57]

Disk Defrag operated, both partitions. At the end of each defrag, it stated "some files could not be defragged...view report" Which I've saved. The reports both indicate, however, that there were no files that could not be defragged.
Guard32.dll is present in system32. It's 135bytes, and signed by Comodo. Maybe it's there, but not registered or operating as it should?
Just done a spyware scan with SAS (to be sure), all clear.
Anyone correct me if I'm wrong, but I'm thinking the next step is to uninstall the firewall, use the revo uninstaller, disable all security software then re-install. (Rebooting as commanded after using the Revo program.)
Services for A2 and AVG AS also run (as they do) even when the programs are not opened. Maybe I'll disable them, too, when re-installing Comodo.
D+ is currently in training mode. When it's set to "safe" mode, it appears to function normally, with plenty of popups for any unknown applications I run. I wonder if it could just be a problem with the diagnostic checker? Seems a long shot; it worked before.

[Soyabeaner]

I'm thinking the next step is to uninstall the firewall, use the revo uninstaller, disable all security software then re-install. (Rebooting as commanded after using the Revo program.)
Services for A2 and AVG AS also run (as they do) even when the programs are not opened. Maybe I'll disable them, too, when re-installing Comodo.

I would do that.

[grue155]

Righto, Device manager>disk drives indicates no problems. I have a program installed by Gabriel Topola, called System information, which includes a display of the hardware sensors. Both (CPU and HD) are currently indicating 34C. I've never seen them above 41C. Have been checking quite regularly, especially today.
The hard drive is a Seagate 7200, about three years old, still under warranty, I think.
Do you think I need to run the speedfan program?

Nope, you don't need speedfan. Your temps are good. If you were up to 45 or 50C, then I'd be worried. I think we've ruled out the prospect of there being any kind of disk hardware problem.

[Tarq57]

Well, tried the Revo uninstall, it found a few items leftover and deleted them. Strangely, with the windows firewall "Off", the security centre continued to report that Comodo firewall was on.
I'm suspecting the registry entries to do with the legacy drivers.
I'm also starting to get just a little weary of how difficult this program appears to be to completely remove.
The original problem with the diagnostics remains.
Sorely tempted to uninstall all Comodo products for now and delete all Comodo registry keys, changing the permissions if need be to do so. (I'm a virgo.)
Question:
If I change the permissions for these legacy keys to enable their deletion, and later install any Comodo products, will the keys be re-created, but with the new relaxed permissions? Or will the default permission be built ito the keys during the reinstall? And, either way, does it matter?

[Tags:]