Cleanuptool doesn't remove old Comodo detritus that blocks my Win-10 upgrade!

Detritus from an ancient Comodo install/removal (2009!) is preventing me from upgrading from Win-7 pro to Win-10 pro. Microsoft has announced that security updates to Win-7 end a week from today.

I reached out to Comodo technical support, then downloaded and ran “ciscleanuptool_x64.exe” as they recommended. While its log says it removed all kinds of stuff, it made zero difference in the behavior of the MS updater. Here is the relevant excerpt from that log the first time it ran:

...
16:25:29 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Product "Comodo Internet Security" installation is detected. If you want to clean up product related files and registry entries, please press "Continue" button.
16:25:29 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:387	>> CIS found: 1
16:25:34 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Creating system restore point. Please wait...
16:26:0 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\restorepoint.cpp:97	>> Restore point creation result: ok(1), status(0), winerror(0), seqnum in(0), seqnum out(884), is RP service disabled(0)
16:26:0 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:395	>> RP created: 1
16:26:0 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing shortcuts...
16:26:0 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing installed services...
16:26:0 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing installed driver(s)...
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\regtools.cpp:43	>> Can't open key (SYSTEM\CurrentControlSet\Services\inspect), error 2
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\regtools.cpp:43	>> Can't open key (SYSTEM\CurrentControlSet\Services\cesfw), error 2
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing registry hives...
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:989	>> Operation guard: C:\Windows\SysWOW64\guard32.dll
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:990	>> Operation key: SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:989	>> Operation guard: guard32.dll
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:990	>> Operation key: SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:989	>> Operation guard: C:\Windows\guard64.dll
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:990	>> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:989	>> Operation guard: guard64.dll
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:990	>> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing installed files...
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:217	>> File/folder deleted: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:217	>> File/folder deleted: C:\Program Files\COMODO\COMODO Internet Security\
16:26:3 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:217	>> File/folder deleted: C:\Program Files\COMODO
16:26:4 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:217	>> File/folder deleted: C:\Windows\System32\drivers\sfi.dat
16:26:4 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\working.cpp:217	>> File/folder deleted: C:\Windows\System32\cmdcsr.dll
16:26:4 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: 5 of 5 files removed
...
16:26:5 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Press "Restart" to restart the computer.
16:26:5 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:401	>> CIS removed: 1
16:26:5 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\restorepoint.cpp:97	>> Restore point creation result: ok(1), status(0), winerror(0), seqnum in(884), seqnum out(884), is RP service disabled(0)


16:28:6 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Press "Continue" button to finalize uninstallation
16:28:8 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing shortcuts...
16:28:8 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing installed services...
16:28:8 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Removing installed driver(s)...
...
16:28:12 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Press "Restart" to restart the computer.
16:28:12 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:401	>> CIS removed: 1


16:30:6 c:\jenkins\workspace\ciscleanuptool2\ciscleanuptool2\ciscleanuptool2\dialog.cpp:482	>> OUT:: Uninstallation is completed. If you still think Comodo product is installed and this application didn't help, please report in Comodo forums.

For those familiar with the “Panther” log files left behind by the Microsoft updater, here is the relevant extract from “setupact.log”:

2020-01-06 20:35:37, Info                  SP     Antivirus software information:
                                   Name: COMODO Antivirus, Path: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe, Timestamp: , State: 397312

The failure happens because that path hasn’t existed on this system since at least 2013 (yes, the system is that old), when I attempted to uninstall ALL Comodo technology. This log file is identical (other than timestamps) each time I run the updater. I’ve manually removed entries from the registry, run ciscleanuptool_x64.exe multiple times, and searched for and removed files and drivers from the file system. None of that has any discernible impact on the result of running the updater.

After each failure, I see the same response in the logs produced by “SetupDiag.exe”, the log extractor provided by Microsoft for help in debugging update failures. The relevant portion of “SetupDiagResults.log” is:

System Information:
	Machine Name = TMS-OFFICE
	Manufacturer = OEM
	Model = OEM
	HostOSArchitecture = x64
	FirmwareType = PCAT
	BiosReleaseDate = 20110825000000.000000+000
	BiosVendor = Phoenix - AwardBIOS v6.00PG
	BiosVersion = 6.00 PG
	HostOSVersion = 6.1.7601
	HostOSBuildString = 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
	TargetOSBuildString = 10.0.18362.418 (19h1_release_svc_prod1.191005-1654)
	HostOSLanguageId = 
	HostOSEdition = Professional
	RegisteredAV = COMODO Antivirus
	FilterDrivers = FileInfo
	UpgradeStartTime = 1/6/2020 4:46:29 PM
	UpgradeEndTime = 1/6/2020 5:19:59 PM
	UpgradeElapsedTime = 00:33:30
	CV = f/WUmGkW6k+fx2Ln
	ReportId = 

I’ve manually removed everything I can find from the registry, and I’ve run ciscleanuptool_x64.exe at least twice. Each subsequent run after the first results in the same behavior – it says that there are no CIS products to remove.

Each time the cleanup tool runs, it asks me to ask the Comodo forum for help if it fails to resolve the problem – hence this new topic.

I’d like to find and change whatever is causing the MS updater to think that “COMODO Antivirus” is my “RegisteredAV” – it is not! I appreciate any guidance any of you might offer.

This is a show-stopper for the upgrade, and I’m running out of time. I suspect I’m not the only one with this issue. Any ideas?

I am not familiar with the logs but could you tell me why you think Windows stops because of Comodo?

How are you trying to update from Windows 7 to Windows 10? By using Windows Update, using Mediacreation tool or running an ISO?

If you are using Windows Update try the following tips and running Windows Update Troubleshooter. Does that make a difference?

I apologize for being unclear.

This issue is causing the win 7 to 10 updater (“MediaCreationTool1909.exe”) to fail. That’s the source of the “Panther” log excerpt I posted. The final log I posted is from the logfile created by the “Windows Update Troubleshooter” referenced in your link.

Windows 7 has been working fine for years, it is the upgrade to Windows 10 that the old Comodo detritus is blocking.

G’day,

I’ve only quickly looked at your post but the first thing I would do is to rebuild the WMI repository. This is how a security product reports to Win7 that it is current. My first thought was that there is a left over from your previous Comodo install in the repository.

TLDR version;

To fully rebuild the WMI Repository follow these steps:

1. Disable and stop the winmgmt service.
2. Remove or rename C:\Windows\System32\wbem\repository.
3. Enable and start the winmgmt service.
4. Open a cmd prompt as Administrator.
5. In the cmd prompt navigate to C:\Windows\System32\wbem\
6. Run the command “for /f %s in (‘dir /b *.mof’) do mofcomp %s”
   This will take a minute or so to complete.
7. Run the command “for /f %s in (‘dir /b en-us*.mfl’) do mofcomp en-us%s”

Hope this helps,
Ewen

EDIT 2 : For clarity, italicised and encapsulated in quotes the console commands.

EDIT : Removed LIST BB codes from the end of line 7 and reminded myself that LIST commands don’t always work as expected. 88)

You also ran the tool as an Administrator correct?