Can not connect to network after uninstall/reinstall -- tcpip.sys 'not found'

During shut-down my machine had 3 programs not responding (that I had to “end now”) several times in a row: Explorer, Task Manager, and PopupSyncId0. After Googling that, I saw that it was a Comodo issue of some sort, so I exited Comodo Firewall (the only bit I have installed) and my machine shut down normally.

I rebooted and uninstalled the Comodo Firewall (v. 3.x – I’m not sure specifically which as it no longer says), rebooted again and attempted to install the most recent version (downloaded from the website today 04/25/2010). It wouldn’t install, and I was unable to connect to any part of my network.

Reason: According to device manager, “tcpip.sys” isn’t there (it is…) and so won’t start. Same for “Ip network address translator”.

After reading through piles of these help tickets, it seems that Comodo uses a hook on these programs?, and that that could cause these errors.

After a rollback (system restore) to my last restore point, all things were back to normal. Well, except for the fact that now the older version of Comodo Firewall is only partially functional, hangs up, and the GUI is dark gray and other odd colors.

I’ve been working on this for hours, trying different ways to install/uninstall and have at this point reached the end of my abilities. If it were just the firewall acting screwy ti wouldn’t be such a big deal, but I can’t have my main PC unable to connect to the network.

Any advice anyone could provide would be greatly appreciated!

Where you running a patched version of tcpip.sys?

You know, I may be. I think I altered the file on one of my machines to allow more half-open connections. I don’t know if it was this one, though. Assuming for the moment that that was the problem, what then? (And is there an easy way to find out if this machine has the altered file?)

Oh, and I’m running XP Pro SP2, if that helps.

Maybe CIS auto-sandboxed it because it found it unsigned causing issues?

You can use Sigtool to verify the validity of the file.

Yes (Hi Ronny). You may also find it difficult to remove from sandbox. If so please tell me as I am working through some of these issues with QA at the moment.

Best wishes


You can find the “patching tool” here:

This can patch the maximum number of half-open connections and could possibly cause issues with Sandbox.

It looks as if this may be the one I patched. I used xp-Antispy to patch it, though (it’s similar to lvllord.) The results from sigcheck are at the bottom of this post. I should note that there are two tcpip.sys files in my system32\drivers directory: tcpip.sys and tcpip6.sys. Maybe the tcpip6.sys file is a backup created by xp-Antispy?

Ok, so what now? If I remove the Firewall (3.1x) that’s running right now, I can’t connect out. I can’t update because I run into a 113 error. Is it just a matter of replacing the tcpip.sys file or is there more to it than that? Any ideas would be appreciated!

Sigcheck results:

Also, here’s what my current (■■■■■■■ up v. 3.1x?) Comodo “About” screen looks like (notice the messed up colors in the GUI and the lack of version number…):

Look like system restore has mixed some stuff up.
Time for a good clean up i guess.

try to verify if you have a original tcpip.sys in the driver cache folder \dllcache and copy that in safe-mode
use the sfc /? command to verify and restore the protected files.

Before you do that I’d advise to download the latest 3.14 binary here:

Download CCleaner or Comodo System Cleaner also.

Run SFC first, then if that’s all done, uninstall CIS and use the cleaning tools to clean out disk/registry
Next reboot just to be sure, and try to reinstall again.

That should at least give you a decent GUI and the correct versions of all affected drivers.