Comodo 5 has done very strange things to my user profiles

:-\

Can you help?

I’ve been happily using Comodo Firewall for years, but the upgrade to 5 has done some very odd things to my Vista.

I have installed and removed it several times, using clean installs, and the problem occurs whenever the firewall is installed, and then vanishes completely when it is removed.

I’ll explain the symptoms:

Firstly, on a restart after an install, on logging in to my user account in Vista, I get a grey pop-up that reads “host process for windows services stopped working and was closed

I close this message, but it keeps popping up. I then restart, and when I log in, my desktop has turned black, and Vista has transformed into a ‘retro Windows’ interface that looks like something from the early nineties. It seems to be struggling to find my user profile as all my regular programmes have vanished from the start menu, and the shortcut on my desktop to Firefox doesn’t seem to work.

A restart sometimes lets me into my normal profile, but the grey "Host Process"message reappears, and I’m back in the ever decreasing circles thing again.

Its a real shame as I’ve used Comodo happily for years, but I can’t get the latest version to work. Googling the problem and searching on these forums hasn’t given me any joy either, so I’m guessing that this issue is a bit unusual.

Can you help?

SammyKipper.

This is one of those lovely Windows messages that tells us absolutely nothing :slight_smile: This error is most often caused by, surprise surprise, an incompatibility between Windows and an application/driver/service. It would appear the installation of CIS is triggering this incompatibility, but may not be solely responsible.

To provide a little more information, it would be helpful if you could take a look through the Windows event logs. Open start menu, select run and type eventvwr.msc. We need to find any events in either the system or application logs with a ‘critical’ rating related to the message you received. Then post the details here.

Thanks for coming back to me so quickly. I’ll take a look tonight when I get home from work and post the event log.

In the meantime, some more symptoms have revealed themselves. My wife booted the machine up, logged into her profile, and she got the black desktop, and all of her desktop icons had been replaced with mine? Very odd indeed.

She rebooted and it happened again!

Then she rebooted a third time, and all seemed well, until she got the grey windows box and the recurring “host process for windows services stopped working and was closed” messages again.

Oh, and another thing… Comodo keeps detecting non-existent networks when the machine boots up.

Oh dear… here goes. I got home filled with a sense of purpose and determination. I opened the Run box (very proud of that achievement). I then entered the eventvwr.msc. line as suggested and the Event Viewer opened. Success!

I treated myself to a small brandy in celebration.

Then I settled down to examine the event viewer and, I don’t think it was the brandy, but I couldn’t work out what on earth I was meant to be looking at.

I went back to your post and noted that you mention ‘system’ and ‘application’ logs, and decided to click on the tree thing on the left hand side. I found ‘system’. It told me “Event Viewer cannot open the event log” with a big red ‘X’.

My heart sank.

I then found ‘application’ which was more promising. There was a whole list of confusing looking things in here.

I’ve posted a picture of what I saw. I hope this is what you need. I couldn’t see anything described as ‘critical’ but there were few things in the log marked “error”.

I’ve uploaded all the ones that have “error” next to them that have occurred in the last 24 hours, plus any others I thought looked a bit dodgy.

Is this what you need?

Sam

[attachment deleted by admin]

Thanks for providing the screen shots, unfortunately, they haven’t really given me anything concrete to work with. I may ask you to upload the complete system and application logs, but that can wait for the moment.

Then I settled down to examine the event viewer and, I don't think it was the brandy, but I couldn't work out what on earth I was meant to be looking at.

It can be a little confusing and I should have though to provide more detailed instruction.

I found 'system'. It told me "Event Viewer cannot open the event log" with a big red 'X'.

Does that mean you couldn’t open the System log at all?

There was a whole list of confusing looking things in here.

Indeed, with 50000+ entries. We’ll have to clear those if we need to upload the logs.

Is this what you need?

The errors are interesting, more in a moment. were there any ‘Critical’ events?

With regard to the data in the logs, a few things jump out, it appears you have Windows Defender running, which may or may not cause a conflict.

It’s also interesting, in a lot of the events posted, the fault was related to a specific service, iphlpsvc (used for supporting ipv6 tunnelling) and msvcrt.dll (used to support C++ library functions) These, may simply be red herrings, but it’s worth taking a look. particularly as there’s a piece of malware that targets msvcrt.dll and in so doing can cause system instability.

A few questions if I may.

  1. You said the operating system is Vista, is it 32bit or 64bit?
  2. Do you have installed any other security applications (antivirus/firewall/antitrojan…)
  3. Were there any instability issues before installing CIS
  4. Do these problems only manifest when CIS is installed?

If I decide I need you to upload the logs, I’ll provide full instruction.

Hi Radaghast,

Sincerely, thank you for spending your time looking at this for me. It really is appreciated.

In answer to your questions,

Firstly, it wouldn’t let me open the system log at all. It said that it wasn’t set up to record it. Sorry, I don’t have the exact syntax.

I didn’t see any ‘critical’ events in there.

Regarding the possible malware, is there a spyware removal tool/other voodoo that you would suggest that could check and potentially solve this problem?

  1. You said the operating system is Vista, is it 32bit or 64bit? 32bit

  2. Do you have installed any other security applications (antivirus/firewall/antitrojan…) I used to have AVG (Free) as my antivirus, and in trying to discover the source of this problem uninstalled it, then put CIS on (incorporating Comodos Antivirus). This caused the problem to appear. I then thought ‘aha’ what if the firewall bit of CIS is fine, and it is CIS antivirus that is causing the problem, so I uninstalled the whole lot, put AVG back on and installed Comodo Firewall. The same errors started again.

I have never uninstalled Windows Defender or Windows firewall. I’ve always assumed that as they begin with the word ‘Windows’ they are inherent to Vista and removing them might be disastrous. Especially as although there are free commercial alternatives, (ZoneAlarm and Comodo), one day you might stop supporting them, and I’d be stranded and Firewall-less.

I’ve currently removed Comodo, and have ZoneAlarm installed whilst we try to fix this issue, but I used ZoneAlarm for years before I discovered Comodo, and wasn’t a huge fan. ZoneAlarm conflicts with my iTunes as well (it prevents my iphoe from updating) which is very annoying. I want my Comodo back!

As far as I’m aware, there aren’t any other security style programmes running, and I’m reasonably good at spotting dodgy sites and emails.

  1. Were there any instability issues before installing CIS - Not really. I’ve had a few scuffles with the computer in the past, but I’ve usually managed to resolve them with the minimum of grief. About a year ago a windows update sent it into a black hole from which it threatened never to return, but several brandies and tears shed later, and a number of restarts in safe mode returned the computer to a period of relatively happy stability. Considering the fact that everyone I know who has had Vista hates it with a passion, I think I’m probably pretty lucky to have it so good!

  2. Do these problems only manifest when CIS is installed? I’ve been through a number of iterations, and every time the Comodo Firewall is installed, the symptoms arise. As soon as I uninstall it, the symptoms vanish. I’ve done this four or five times now with exactly the same errors occurring. I’m 99% confident that the issues are all related to the Comodo Firewall installation.

Thanks for the feedback.

I have never uninstalled Windows Defender or Windows firewall. I've always assumed that as they begin with the word 'Windows' they are inherent to Vista and removing them might be disastrous. Especially as although there are free commercial alternatives, (ZoneAlarm and Comodo), one day you might stop supporting them, and I'd be stranded and Firewall-less.

Quite understandable, however, I wasn’t referring to removing these applications, just ensuring they are disabled. Usually, when installing a third-party security application that contains a firewall, the Windows firewall is automatically disabled. Sometimes, for what ever reason, this doesn’t happen and it’s really not sensible to run two security applications, of the same kind, at the same time.

I think at this point, bearing in mind you’ve already installed and removed several security applications, it’s worth trying to get ourselves back to a point, where we can consider the system free of the various components, these types of applications invariably leave behind. I also think it’s worth while running a scan or two, for any potential malware. First to removal.

Unfortunately, it’s become a fact of life that a lot of applications, when uninstalled, leave behind parts of themselves, this is particularly true of security applications. What we need to do is ensure all traces of these have been removed. This can be done in one of two ways, either by running the appropriate removal tool form each company:

AVG - Download tools
zonealarm removal tool
COMODO uninstall tool

Or, you can try an ‘all-in-one’ approach:

AppRemover

Let these tools do their thing, I’d reboot between each one, and hopefully the system will be a little cleaner. Now for a scan or two.

Download and install:

Malwarebytes
HitmanPro

They’re both free, although there are paid options, too. Install these, update if necessary and let them scan. Hopefully, they’ll come-up clean.

Once that’s done, we can think about reinstalling Comodo. Let me know the results first.

I suppose this is a good thing - the malware programmes both drew a blank.

Apparently, I have a clean bill of health. :smiley:

Malwarebytes’ Anti-Malware 1.50.1.1100

Database version: 6079

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

16/03/2011 22:29:19
mbam-log-2011-03-16 (22-29-19).txt

Scan type: Full scan (C:|D:|E:|)
Objects scanned: 499157
Time elapsed: 2 hour(s), 15 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hmmm. what next, I wonder?

That’s good news :slight_smile:

If you’ve been through the process of running the removal tools, we’re more or less ready to try a new install of CIS. The only thing that has me slightly worried is the issue with the system log. It may be that it’s simply corrupted, so here’s what to do first.

  1. Open the start menu, select run and type eventvwr.msc
  2. When the event viewer opens, expand ‘Windows Logs’ in the left window
  3. Right click on the ‘System’ log and select ‘Clear Log’
  4. When the dialogue opens, select ‘Save and Clear’
  5. Give the log a name and save it somewhere you’ll remember

Hopefully, this will clear any corruption and allow new entries to be captured and viewed. I suggest monitoring the log for a few minutes to ensure this is happening.

I think it’s also worth checking the programs and processes that are scheduled to start with Windows.

  1. Open the start menu, select run and type msconfig
  2. select the ‘Startup’ tab
  3. check the programs listed to see if they are recognisable (you can check with me if unsure)

Hopefully we’re getting there…