BSOD on using Comodo Cleaning Essentials - CCE

I installed & ran Comodo Cleaning Essential.
For full system scan, it requested to restart. I accepted. But, on restart, I got Blue Screen of Death.
I switched off my PC using the cabinet button. On booting, this time it took me properly to my windows login. The CCE scanner auto-started. After sometime, it said i had rootkits. So, i clicked on ‘Clean’ option.
All GUI started to have problem. The top bars of open programs disappeared. Computer became slow. After, restart, now i am constantly getting BSOD!!!

Please help me out.

The error code displayed in BSOD:
0x0000007E (0x80000003,0x804E3596,0xF793AC9C,0xF793A998)

OS: Windows XP
(Safe mode is working)

Did you send any file to Quarantine?
Can you post a screenshot of the Quarantine? Of files names/paths and virus names?

No i did not send anything to quarantine.

Only options were, “Clean” & “Ignore” as i recollect.

The “Clean” option had a drop-down arrow next to it, which had “fix” option.

I directly selected “Clean”.

Can you post us the log made of that scan. It should be in the Logs folder.

Yes, please view the log using followng.
https://gist.github.com/61342b8615c9ac89757a

I tried searching fix for the BSOD error but could not find anything. Any idea what i can do to get my system back to normal. ???

First thing to try is let Windows check its integrity using the sfc /scannow command when booted in Safe Mode. Read this mini tutorial about using it: Running SFC Scannow | MajorGeeks.Com Support Forums .

Hopefully this allows you to boot sorta normally in Windows and then you should be able to use System Restore to go back to a point in time before the cleaning of CCE.

When the above does not work it is time for a more creative way of using System Restore.

When you have an installation CD for your Windows XP (not a restore CD) you can use the following procedure to use system restore to go back to a restore point before the cleaning by CCE.

When you don’t have an installation CD you can use this method when your HD is hooked up to another computer.

Print out the procedure and familiarize with it before starting with it. When you understand what the procedure does it makes applying it a better experience.

In short the procedure does the following:

  • boot from the XP installation CD and use the recovery console (command prompt) to copy a back up registry to let Windows boot
  • once booted next step is to open System Restore Folders to be accessed with Explorer
  • that will allow you to choose a back up registry from the System Restore folders and copy a registry back up in place for the next step
  • boot from the CD and use the recovery console and copy the target registry back up in place to boot to another point in time
  • now you are back in Windows and you can fully use System Restore again; you are now back in control

I expect and hope one of the above solutions will help you to get back on track.

Thanks for your detailed reply. However, it is not working for me. :frowning:

I did the above, but got error
(have also tried the command directly in the run window):

C:\Documents and Settings\ma4k>sfc /scannow
Windows File Protection could not initiate a scan of protected system files.

The specific error code is 0x000006ba [The RPC server is unavailable.
].

The System restore is switched off on all drives, so i do not think it can be used, after normal boot, as it wont have any restore point stored.

Also, I do not have a single bootable WinXp CD. I have a branded PC & was provided pack of 9 discs to install XP-Home. I tried to put in the first one, but it takes me on the path for a fresh re-format.

Is it not possible to correct things in safe mode? Can anything be done using the Log that i provided earlier?

The log is too cryptic for me. I am not sure how to analyse what it says.

I did ask somebody of Comodo staff to come and take a look and help.

In the mean time. Can you try starting the Remote Procedure Call service when in Safe Mode. You can do that from Control Panel → Administrative Tools → Services. Hopefully the RPC service can be started in Safe Mode.

Edit: I sent a pm to somebody of the AV team who forwarded it to the CCE team.

hi ma4k:
sorry for late response.
Turns out that CCE give many FPs on hidden files, some of them (especially files in C:\Windows)are windows system files.
You may have to restore these files to fix your system, which sounds a liittle difficult, or do a system reinstall.
Now we are looking into this issue and trying to reproduce it.
Is your C: drive NTFS or Fat32?
which build of CCE are you using?

Regards
Haibo

Thank-you for doing that.

The Remote Procedure Call (RPC) is already started and startup type is Automatic.

False Positives?!.. that too windows files. thats surprising. I assumed the software to be correct about the report and thought it would be cleaning them, as in like, ‘healing’ & ‘not deleting’.
Its difficult for me to judge what can be FP from a long scan list.

Reinstall…
Sigh… That is a LOT of work. I was hoping i could get a easier fix in here(forum)
Guess, i will have to start with the inevitable. Backup, 9 disc install, plus the Windows updates(i heard MS is going to stop support for XP, hope the updates are still available)
Man!! That will cost me all of my Download limit for the month, and possibly more, as my PC would need to be updated right from SP1 upto SP3.

Its amusing & sad, how a single click could ruin so much time and, demand so much re-work & money.

Please provide a quarantine button for CCE. Also, please rename the ‘clean’ to ‘Delete’ to avoid any future mine-like incidents.

NTFS.
Comodo Cleaning Essentials_1.6.183539.73_x32

I really doubt you can really run Windows without RPC 88)

So? not able to get the meaning of your response while quoting me.

Please read the previous CMD output code, if you really want to know the issue with RPC.

Anyways, this thread is effective closed after herbzhang’s(haibo) response about reformatting being the only option. I assume he is or is connected with the comodo development staff.

I am currently in process of taking backup. Good thing the safe-mode still works.

Sorry ma4k, just a comment about RPC, nothing more.