active configuration format/version loads every login [RESOLVED]

green_flamingo · April 6, 2008, 1:53am

I did have Comodo 3.0.19. something. It was having issues so I uninstalled it and reinstalled a new version (3.0.21.329). Now whenever I turn on my computer I get a message saying “the active configuration format/version seems to have an old format!” I attached an image of the message.
I have in the past had this little rut that a few programs get stuck in where I can’t delete them from the startup. Before you think, oh just use ______ (fill in the blank) program, I have. I’ve used msconfig, Tune up utilities, Hijack This, Starter, PrcView, and manually going into the registry and deleting the shortcuts, just to name a few. It doesn’t matter; once I refresh whatever I am doing they come back automatically. I’m 90% sure my computer is free of spyware, I’m 80% sure I don’t have a Trojan but luckily for me I get the ones that are incredibly pesky and hard to find. Continuing on.
One of the programs that is stuck in my wonderful little startup rut is msconfig.exe which for the last year has told me on every login that I have changed some file in my startup.
I’m hoping this is not the problem with Comodo. If anyone has any clue or help please feel free to tell me. I would really appreciate it.

[attachment deleted by admin]

EricCryptid · April 8, 2008, 5:20pm

Great news that you’ve managed resolved your issue. I’ll close this topic now. PM an online moderator with a link to this topic if you should need it opened again. We’re always here to help.

Cheers,
Eric

EricCryptid · April 8, 2008, 11:51pm

Topic Re-Opened as requested, Green Flamingo

Iled180 · April 9, 2008, 6:33am

Hi.
It would be nice to know what solved the problem. I have struggled with the same problem since ver.3.0 was released.
The last thing I tryed was to total uninstall and reinstall to ver. 3.0.21.329.
Search: in the forum for “active Configuration” and you can find my conversation.

EricCryptid · April 9, 2008, 7:39am

When reinstalling CPF3 the uninstaller leaves some folders behind on some computers. If you delete these folders and do a registry cleanup after you have uninstalled CPF3. It may be necessary to reboot after that. The quickest way to do it is to search your computer for anything named “Comodo” but generally the folders left are:

c:/Program files/comodo
c:/documents and settings/all users/application data/comodo
c:/documents and settings/(username)/application data/comodo

From what I can tell, it’s the original configuration files which are left in teh folders and the installation process doesn’t remove the previous settings/config files when you run the installer and therefore causing issues on some computers particularly if it’s one of the recent releases where the configuration format had changed.

Removing these folders/files and cleaning the registry will fix the issue.

Please note, if you are doing the reinstallation from a version prior to Version 3.0.16.295 you will loose your original configuration and have to start from scratch.

Eric

green_flamingo · April 11, 2008, 4:21am

Well Eric, I did exactly like you said and uninstalled Comodo. I used revo uninstaller. Then when i restarted my computer i used tune up utilities to clean out the registry a few times. I checked all my startup options again after the uninstall and there is still this value in the startup ““C:\Program Files\COMODO\Firewall\cfp.exe” -s” which runs on “Machine Run” I tried to delete it but again it is trapped in that stupid startup rut. I’m guessing it is not Comodo, but instead my computer. If anyone has any idea on how to fix my rut please tell me. Thank You!!

EricCryptid · April 11, 2008, 5:56am

Personally, I’d use CCleaner to delete any invalid Startup Entries both by running the cleaner and the registry cleaner built in. It can be found here www.ccleaner.com I’ve used it for years now and find it very good at removing leftover stuff and clearing history and temporary files etc. Make sure you uncheck the option to delete Temp Files only 48 Hours old or older.

There are a few uninstall topics here in th forum but ccleaner should do the job for you.

Eric

green_flamingo · April 11, 2008, 8:06am

Ok Eric. I use CleanUp! and CCleaner. Like i said before i have used everything out there. Ive even manually went into the registry and deleted the shortcuts. To prove to you i searched for some screen capture software and came across CamStudio. I’m new to editing and creating videos so bear with me. There is only one prob though. it is 88 mb. I shrunk it down to 15 mb but the text on the screen is a little pixelated. You can still read it but its small.
i could upload it to rapidshare or somewhere. This is only to prove that i did like you said and that it is my computer that is having a problem not comodo.
Oh by the way i uninstalled comodo before i created this video.

EricCryptid · April 11, 2008, 4:53pm

There’s no need to provide a video of what you’ve done to prove that you’ve done it. I believe you, I’m just trying my best to understand and help you with your CPF Issues. You aren’t importing your old settings are you? I think you’ll need to create rules from scratch.

green_flamingo · April 11, 2008, 10:26pm

The video only shows that i cant delete Comodo or anything from my start up no matter how i do it. I am not importing my old settings. I am creating new rules from scratch.

riggers · April 11, 2008, 10:39pm

Dont know if youve tried sysinternals suite HERE some excellant stuff, autorun entries etc.

Regards
Matty

green_flamingo · April 12, 2008, 2:37am

Thank you riggers for your help. I haven’t used autoruns by sysinternals before but here is what I get when I do.

This is what the program looks like when I open it.
http://img241.imageshack.us/img241/353/39180247gp6.jpg

I deselect all of the files in the CurrentVersion\run selection
http://img241.imageshack.us/img241/6528/25472575vx1.jpg

I refresh the program. As you can tell all the deselected boxes are still there along with copies of the same ones which are selected.
http://img241.imageshack.us/img241/2553/52475035tp6.jpg

Ok, so I deleted the unselected boxes and refreshed the page and everything is back to normal. Now in this next picture I have deleted Comodo from running this time.
http://img241.imageshack.us/img241/504/28001786nw2.jpg

Now I refreshed the page and like magic Comodo is back. This applies to all the files in the registry under the CurrentVersion\run selection.
http://img241.imageshack.us/img241/7422/69205514an1.jpg

So I hope this makes my problem clearer. I seriously cannot remove anything from my startup. If it was a service I could open services.msc and disable them from loading and that works without failure. Obviously Comodo is stuck I’m my startup rut. So if this problem didn’t exist and when the active configuration button pops up, how would I get rid of it? Would I press yes?

EricCryptid · April 12, 2008, 8:02am

You might have more luck removing the startup in Safe Mode. Yes, when/if it pops up about the configuration, just click Yes.

Eric

green_flamingo · April 13, 2008, 3:40am

Well I have good news and bad news. I went into safe mode and deleted the unnecessary files, refreshed, and everything that I deleted didn’t come back. I restarted my computer and none of those files loaded. Just to make sure I shut down my computer then turned it back on and voila everything was back including Comodo. There is obviously something that is restoring those startup files every time. If it is malware I haven’t come across it yet
I don’t know if this relevant or not. I have a Dell Optiplex 330 (I’m not proud of it), it’s just temporary until I get all my parts together to build my own. Anyway I was given a Dell before this and I had the same exact problem. If this is just a coincidence that I have the same exact issue on both my computers, that would be nice. I don’t think it is though. If it is malware or some remaining bit of something that messed with my startup but didn’t get fully removed then there has to be some antispyware software out there that could find the problem. I use Ad-Aware SE Pro. Just a side note but I have never really had spyware on my computer. I don’t install flashy cursors or stuff like that. I use Firefox with adblock and noscript so I NEVER get tracking cookies or pop-ups that exploit some security flaw like in IE. What I’m saying is that my surfing habits are secure. Anyway if there is some top of the line spyware, malware, root kit remover that you could recommend just so I can confirm that this is not the problem that would be great. Thank you.

EricCryptid · April 13, 2008, 10:03am

It’s probably re-appearing because of Window Restore Facility. Right clck on your “My Computer” Icon and click Properties. Click on “Disable System Restore” and then try it. System restore automatically brings back stuff that you’ve deleted like startup entries. Once you’ve done your deletions create a restore point, reboot and turn system restore back on.

A number of rootkit scanners/revealers can be found here:
http://www.techsupportalert.com/best_46_free_utilities.htm

green_flamingo · April 14, 2008, 5:45pm

I turned off system restore in normal mode and tried to delete startup files but I got the same thing where they reappear when I refresh. I decided to delete them in safe mode because that is the only way I was able to delete them before. You can’t create a system restore point if system restore is off, but you can’t turn system restore back on in safe mode. So I had to restart my computer and then create the restore point. I then shut off my computer to turn it back on again just to make sure that the setting had stayed. When I restarted my computer from safe mode the files didn’t load on normal startup. When I turned it back on the files had loaded. Now I’m going to try it again but not shut down and turn my computer back on. I’ll just continue from the restart from safe mode. I had to turn system restore on before I created a restore point. I created my restore point and restarted. When I logged on the files started up.

That link is awesome!
I tried:IceSword,RootkitRevealer (RR),Spyware Doctor, Spyware Terminator, Threat Fire (TF), and Windows Defender.
I havent used Spyware Terminator, TF, or Windows Defender before.

TF and RR both found this C:\sccfg.sys It is hidden very well whatever it is. It is not a hidden or system file. It just doesnt show up at all. It doesnt show up in command prompt.
RR says “852 bytes, Hidden from Windows API” whatever that means. I dont think TF removed it though cause i ran RR again and it still shows up.

EricCryptid · April 14, 2008, 6:30pm

Glad you liked the link… One of my favourites. Spyware Terminator’s just released version 2.2 significantly improving its signature database to “3 Times what it was”. I’ve not used IceSword RR yet but will probably give it a go later on in the evening… Redoing my security setup tonight as Avast 4.8 is doing my head in!

Eric

green_flamingo · April 15, 2008, 2:23am

I tried Avast a while back but i keep on going back to Kaspersky.

check this out.
http://www.av-comparatives.org/

green_flamingo · May 8, 2008, 6:45am

My startup problem is fixed. I downloaded as-aware 2007 and it found

“C:\WINDOWS\system32\windrvNT.sys belonging to Adware.Agent”

It was quarantined and now i do not have a problem. My comp starts up from login in about 5 seconds now.
:BNC
Thank you Eric for all your help. I really appreciate it.

EricCryptid · May 8, 2008, 5:12pm

Not a problem… Anytime…

I’ll close this topic again…

Eric