Hi Alan,
If your current Security Center does not show any “comodo” stuff installed and/or inactive etc then you can skip this part of the process.
Thank you
After starting the Security Centre service I could see the centre reporting A.V. by Comodo and Firewall by Comodo, so hopefully when I un-install the old version of Comodo I will immediately see these reports blanked out.
I have now disabled the Windows Security Centre service so that Comodo may continue to protect me without interference.
I noticed that the Security Centre failed to indicate who provided Defense+ or HIPS.
Microsoft seem to be unaware of such things.
I guess Comodo are playing in the Professional league of security protection,
whilst Microsoft are merely apprentice players in the amateur league ! ! !
Again, many thanks, I feel I am now “good to go”
Regards
Alan
REGISTRY KEY ERRORS - CLEAN-UP SCRIPT TARGETS DO NOT EXIST
I am about to release a clean-up script with error detection and reporting capability that immediately shows any files or registry keys that need manual intervention to overcome permission issues.
This lists all the items that it intends to delete, and if authorised will then delete them, after which it will show anything that refused to go away.
With a fully functional working Comodo 3.13, the initial LIST stage shows that out of 143 registry key targets, only 44 are available for deletion - there are 99 which do not exist whilst Comodo is installed.
38 Registry keys are not present because I declined the offer of the Ask Toolbar
61 Registry keys are not present.
I am concerned that 61 keys have been wrongly spelt,
and because of a spelling error they will remain behind and cause future problems.
e.g.
…\CLSID{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} should that be spelt
…\CLSID{FD04B231-DA4B-4daf-81E4-DFEE4931A4AA} ?
I would appreciate advice upon whether all the following 61 items are correctly spelt,
or whether a slight adjustment is appropriate.
Regards
Alan
"HKEY_CURRENT_USER\Software\CFP"
"HKEY_CURRENT_USER\Software\ComodoGroup\CFPSkin"
"HKEY_CURRENT_USER\Software\AppDataLow\AskBarDis"
"HKEY_CURRENT_USER\Software\AskBarDis"
"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\COMODO"
"HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CPFFileSubmission"
"HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\SafeSurf"
"HKEY_LOCAL_MACHINE\SYSTEM\Software\SafeSurf"
"HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\CDI\13"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdAgent"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdGuard"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Firewall Pro"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\COMODO Firewall Pro"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\COMODO SafeSurf"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\COMDOO SafeSurf"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Help Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Help Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B238-DA4B-4daf-81E4-DFEE4931A4AA}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42ce-8F74-39FB23B49767}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B004FD67-F058-49e6-96DA-99237A82133C}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1D2C70-8CDE-4013-BE72-2B08A2C54B6B}"
"HKEY_CLASSES_ROOT\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}"
"HKEY_CLASSES_ROOT\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510}"
"HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}"
"HKEY_CLASSES_ROOT\CLSID\{F0D4B238-DA4B-4daf-81E4-DFEE4931A4AA}"
"HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"
"HKEY_CLASSES_ROOT\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}"
"HKEY_CLASSES_ROOT\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}"
"HKEY_CLASSES_ROOT\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}"
"HKEY_CLASSES_ROOT\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
"HKEY_CLASSES_ROOT\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
"HKEY_CLASSES_ROOT\CLSID\{528B5866-2BA6-42ce-8F74-39FB23B49767}"
"HKEY_CLASSES_ROOT\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}"
"HKEY_CLASSES_ROOT\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}"
"HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}"
"HKEY_CLASSES_ROOT\CLSID\{B004FD67-F058-49e6-96DA-99237A82133C}"
"HKEY_CLASSES_ROOT\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}"
"HKEY_CLASSES_ROOT\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}"
"HKEY_CLASSES_ROOT\CLSID\{EC1D2C70-8CDE-4013-BE72-2B08A2C54B6B}"
"HKEY_USERS\S-1-5-21-1417001333-329068152-839522115-1003\Software\CFP"
"HKEY_USERS\S-1-5-21-1960408961-839522115-1957994488-500\Software\AppDataLow\AskBarDis"
"HKEY_USERS\S-1-5-21-1960408961-839522115-1957994488-500\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
I realize you’re talking about registry keys here, but I’d love it if a clean up script would delete the sfi.dat file.
My version applies the options /F /A when deleting files, so has a better chance of removing write protected files.
The big benefit is that any file or key, and any inaccessible path that may harbour files, will be reported as FROZEN if it cannot be cleaned, and that identifies the files and keys the user needs to take ownership over so they can be manually purged.
When Push comes to Shove, I would be prepared to manually take down SFI.DAT with CACLS,
but I would fear horrendous consequences if my script were to include such an action.
I have not yet had any SFI.DAT aggravation, but if it will not go quietly that suggests to me that Comodo is still actively protecting its files, and perhaps my script will then get quarantined as malware ! ! !
Below is the output showing how my code presents the results when the target list is just a few items to which for test purposes I have caused various access problems.
N.B. the test script makes two attempts at removing folder “COMODO_TEST_0” and file “comodo_test.txt”. They are both declared frozen because my debug test starts a CMD.EXE instance with current directory at COMODO_TEST_0 so Windows will not allow its removal, and it spends a few seconds doing PING redirected into “comodo_test.txt” so that file is also protected. The main script delays a bit longer until PING is done and the new instance of CMD.EXE closes, after which these two items are no longer frozen and can be killed.
Incidentally, “HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\Alan\Test2” is frozen because I added a sub-key and took ownership and write protected it against everyone.
I have thought of and tested against everything evil I can think of,
but experience has taught me that Windows has always got more evil gotchas up its sleeves !
Regards
Alan
---- KILL Comodo Files and REG_Keys ; 21:42:18.65 ----
KILL ? Y(es) / N(o) :- Y
Access is denied.
Needs Manual Intervention, Code 5 - Permissions Issues ?
FROZEN "C:\Documents and Settings\suzanne\"
ABSENT "C:\Documents and Settings\suza\"
VALID "C:\DOCUME~1\Dad\LOCALS~1\Temp\ZAP_CFP"
SEEKING FILES ...
The process cannot access the file because it is being used by another process.
++ FROZEN "COMODO_TEST_0" [RD /S /Q]
C:\DOCUME~1\Dad\LOCALS~1\Temp\ZAP_CFP\comodo_test.txt
The process cannot access the file because it is being used by another process.
++ FROZEN "comodo_test.txt" [DEL /F /A]
ABSENT "comodo_test.lst" [DEL /F /A]
KILLED "comodo_test.txt" [DEL /F /A]
KILLED "COMODO_TEST_0" [RD /S /Q]
SEEKING REGISTRY KEYS
Error: Access is denied.
++ FROZEN:- "HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\Alan"
Error: Access is denied.
++ FROZEN:- "HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\Alan\Test2"
KILLED:- "HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\Alan\Test3"
PATHS :- VALID = 1; FROZEN = 1; ABSENT = 1
FILES :- FOUND = 0; FROZEN = 2; KILLED = 2; ABSENT = 1
REG_Keys :- FOUND = 0; FROZEN = 2; KILLED = 1; ABSENT = 1
NEED FIX :- FOUND = 0; FROZEN = 5; KILLED = 3;
---- SHOW Comodo Files and REG_Keys ; 21:43:32.20 ----
SHOW ? Y(es) / N(o) :- Y
Oh, it goes quietly when CIS is uinstalled. It’s just that it’s left there after the uninstaller finishes its business. Isn’t that the point of the clean-up tool, to get rid of everything the uninstaller leaves behind?
I have added C:\WINDOWS\system32\drivers\SFI.dat as a removal target
Regards
Alan
??? when I try to download this clean up tool I get all sort of adware and no download
Please look for this link, i think the ads are because it’s a “sponsored” link site…
(and this is not an official Comodo Tool, the OP decided to host it there)
[attachment deleted by admin]
I have almost finished testing my version on myself, and then I will post on this forum.
I expect to post before CIS version4 comes out of Beta ! ! !
I am aiming for tomorrow.
Regards
Alan
Attached is a file showing the result of running my new script on my PC.
This is only the first “LIST” stage which identifies the items to be KILLED,
and whether they are actually FOUND or ABSENT on this system at this time.
The report concludes with
PATHS :- VALID = 8; FROZEN = 0; ABSENT = 2
FILES :- FOUND = 8; FROZEN = 0; KILLED = 0; ABSENT = 8
REG_Keys :- FOUND = 44; FROZEN = 0; KILLED = 0; ABSENT = 99
NEED FIX :- FOUND = 52; FROZEN = 0; KILLED = 0;
52 Off Permissions/Residuals to correct.
On this XP Home edition SP3 system with an intact fully operational CIS v3.13 it finds :-
8 files and 44 Registry Keys that should be removed ;
8 files and 99 Registry keys that are ABSENT.
The 8 + 99 = 107 ABSENT items may need spelling corrections.
Otherwise I suspect they may occur on systems with the ASK Tool Bar,
or with an earlier version of Comodo, or with a different operating system.
Please advise me of any errors or omissions in the list of removal targets.
I intend to evaluate the performance of this script upon both CIS 3.13 and 3.5,
comparing this script with the use of Revouninstaller,
and then post results together with my “final” cleanup script.
I will disconnect the LAN cable for safety from the internet before un-installing CIS.
I find that when I set Comodo Configuration to Install/Uninstall it disables Defense+ and AntiVirus,
but the Firewall remains in SAFE mode.
Would it be prudent to additionally disable the Firewall ?
Is there anything else that could interfere with removal ?
Is it prudent to reboot BEFORE removal so that all these disablements have taken full effect ?
Regards
Alan
[attachment deleted by admin]
I attach ZapBeta.txt - please rename as *.BAT. It is “perfect” and proven for removing Comodo 3.13.etc.
I will take this out of Beta when I have exhaustively tested this upon a system image that was badly trashed using a script I downloaded and ran last year without inspecting.
The benefits over the previous clean-up scripts are :-
- It clearly identifies every obstinate file/folder/registry-key that refuses to go away;
- All “DEL” and “RD” commands are skipped if the intended path does not exist
(otherwise the wrong file in a different path could be deleted if it has the same target name) - “DEL” and “RD” commands WILL hit their targets even if this script is run from a FLASH drive.
Note - the target is hit by “DEL %WINDIR%\SYSTEM32\GUARD32.DLL”
It is now also hit by "CD /D %WINDIR%\SYSTEM32" followed by “DEL GUARD32.DLL”
Previous scripts could fail with "CD %WINDIR%\SYSTEM32" because “DEL GUARD32.DLL” might be looking at the wrong path on the drive that holds the script.
NB Subtle feature, I actually use “DEL GUARD32.DLL*” because I found older variants DLL1 and DLL2 - obviously when Comodo was replaced years ago guard32.dll was protected from deletion during the clean-up, but during the subsequent installation it was not protected so the installer was able to get the old version out of the way - unfortunately by renaming it instead of deleting it.
I disconnected the LAN cable to the Internet for safety and achieved perfect purging by :-
- disabling Anti-virus and Defence+ and Firewall to avoid any possible gotchas
- using START \ ALLPROGRAMS \ Comodo \ “Uninstal or Upgrade” link
- rebooting when complete
- running my new script.
NB if the stage 3 reboot is omitted, several files are still locked and cannot be removed until a reboot and a further rerun.
NB I fo not know if the disablement of stage 1 is needed - but if I keep on testing I will never post.
After purging with my cleanup script, I had no problem re-installing Comodo.
USEFUL HINT - DO NOT REBOOT WHEN A NEW INSTALLATION IS FINISHED -
Instead, FIRST seize the opportunity to replace the 2 off dummy 4.5 MB “bases.cav” files with previously copied or downloaded versions of the real 91 MB “bases.cav” -
Comodo does NOT protect its files until AFTER the reboot.
THEN you should reboot to complete installation and protection.
Regards
Alan
[attachment deleted by admin]
Revo also has a nice portable version which can be run from a flash drive:
http://www.revouninstaller.com/revo_uninstaller_free_download_other.html
Hi Alan, I think I’m getting completely mad!! I run your BAT routine but there are still 2 registry keys that remain FROZEN. I mean I cannot access them from within regedit. The keys are:
HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro and all subsequents (child)
NB. I used CIS free version 3.13 …
Any suggestions? Did I forgot some actions?
Thanks for helping.
PS. Could you be more specific about that “bases.cav” file? What it that? Where to download it? Or it’s a file that come from an installation or upgrade?
Thanks again.
Riki
Hi
I have several posts in this topic. This one is relevant to you
The intended benefit of my script is to clearly show the files / folders / keys that Windows has retained.
I am afraid it is up to you to step in and “take ownership”.
I have used CACLS to deal with Files and Folders, and RegEdit to deal with registry keys.
I would rather not risk making a mistake when giving you specific guidance on how to do these things.
I am sure there are more experienced and capable people that can advise you.
I will suggest using ERUNT as a registry backup.
Bases.cav is held in
C:\Program Files\COMODO\COMODO Internet Security\scanners
Regards
Alan
Thanks Alan, indeed I found your script extremely useful in finding those pesky frozen keys.
What is driving me mad is that I cannot succeed in obtaining the necessary privileges/permissions whatsoever, nor logging as administrator neither starting WinXP Pro in safe mode. The result is always the same. Those keys remain inaccessible. I wonder if the cause is due to a system crash occurred when I was removing CIS. I figured out that the crash prevented CIS from freeing those keys and now I’m afraid that nothing could do the task. Am I right? (this question is for everyone who has the knowledge to help me, thanks in advance).
Could it be a solution reinstalling CIS and following Alan’s procedure to remove it again?
Many thanks
Riki
Comodo protects some of its files and keys so malware cannot kill it.
I think this is now done in Defense+
This protection can probably be cancelled before removing Comodo,
but I assume that simply un-installing Comodo should also notify Windows to cancel protection,
but if the system crashed during un-installation then keys may be frozen.
My daughter bought our laptop, and as sole user and administrator installed Comodo 2.4.
She subsequently passed this on to me and I became administrator with a new profile,
whilst she retained her profile but dropped down to User level.
When I upgraded Comodo there was no crash, but I could not update due to a frozen registry key.
This might have been a fault of Comodo, but Windows can trash its own registry without needing third party assistance. Perhaps Windows might have allowed removal had my daughter still been administrator.
This registry editor solved my problem, and should solve yours.
Registrar Lite - v 2.00 build 200.30803, August 2nd 2002
I obtained it free of charge from http://www.resplendence.com
Unfortunately this old version does not seem to be available from them now,
and the newer versions are more powerful at a cost,
or a bit crippled for the free versions.
It is however available from
That tool allowed me to see that the main Comodo key had about 2000 keys in about 6 sub-levels,
and two were marked RED and inaccessible and for that reason they could not be deleted and therefore the parent keys that contained them could not be deleted.
I selected the main Comodo key and right clicked for Properties,
and then I had buttons for Permissions and Take Ownership.
3 or 4 more clicks and I owned the lot and one more click eliminated them.
I forget exactly what I did and cannot test it because I am now tracking down a problem with my system.
Just be very careful and consider using ERUNT as a backup.
n.b. You can also right click keys with Windows RegEdit,
but that is a game of “blind man’s buff” - so many ways to go wrong.
Regards
Alan
Thanks Alan for your advices. Will try again this evening.
Regards
Riki
There is a possibility that Comodo Registry Cleaner (in the Comodo System Cleaner Suite) may clean up your registry problem if you can’t find a solution.
http://www.comodo.com/home/support-maintenance/system-cleaner.php
Thanks for the advice Grizzly but I already tried that … no joy.
Anyway at the moment I installed CIS 3.14. … (last rev.) and apart from the weird fact that the “diagnostics” reports that there is a problem in the integrity of the installation which cannot be solved (WHY??), CIS seems working … let’s see.
Regards
Riki