Diagnostic utility finds a problem..

This morning the computer started to run slow, with explorer taking longer than usual to respond. This was evidenced with any application taking longer to disply/open when selected or right clicked. The pc alarm beeped a couple of times while this was occurring, as if the fan had failed to respond to a commanded temperature change. While attempting to open a program to examine the system, explorer “part” crashed, half the system tray icons dissappeared, task manager showed the program concerned as open, but the GUI was absent, ditto any means of controlling it.
Decided to perform a shutdown/restart, shutdown failed to complete and stalled, so after about 15minutes I powered down. Re started again after a good 3 minutes, everything appeared normal.
As part of the following troubleshoot, I ran a diagnostic check on CFP (, “miscellaneous>diagnostics”.
The message following said that “problems were discovered with the installation. Would you like it repaired?” Clicked yes. It then came up with “Unable to fix some problems. Would you like a log?” Clicked yes. (See attached txt.) Can’t really make head or tail of the log, the only thing that appears odd to me is an entry near the beginning that reads: “[guard32]
Key=No”, where the preceding entries read “yes”.
Reinstalled the firewall. Ran the diagnostics. Same result. (It is this log that is attached.) Had previously run the diagnostics after first installing this firewall, and all was good. SP3 was installed at that point.
Computer behaviour otherwise appears normal, as does the firewall and D+ behaviour.

XP (Home) SP3 AMD3500+, 2G RAM. Avast Home, Threatfire, CMF, CBoclean (a recent addition) and that’s about it.
Help, please.

[attachment deleted by admin]

Threatfire is not needed if your using Comodo with D+. You said reinstalled but did you do a Complete Uninstall first? Use Revo Uninstaller in advanced mode. When Comodo says reboot,don’t and click next on Revo and delete all left over registry and program entires it finds. Then reboot. Use CCleaner registry cleaner and reboot. Download and install the latest version of Comodo. Also have you updated Avast to the latest version? There is alot of bug fixes for it.

Thankyou for replying.
The Threatfire info is understood. I don’t think that is the issue, though, since they worked well together for well over a week.
Too late for Revo uninstaller, I’m afraid. Don’t have it.
I have just (again) uninstalled/reinstalled CFP. This time I edited the registry to delete all entries I could verify as belonging to CFP. (Not the Boclean nor CMF ones.)
The problem here is that entries described as “Legacy” would not be deleted, due to access permissions. Did a computer search for any CMDAGENT leftover in the system, nothing found. Used Ccleaner, in “issues” (registry) mode, following the commanded reboot, too. Checked program files folders, and Docs/settings/application data (under my user profile; nothing found.
Is it possible the failure to delete these Legacy keys likely to have caused the issue?
How serious is this issue likely to be from a security standpoint?

Its never too late for Revo. Just install it. Also see here.


OK, so will Revo uninstaller recognize the changes made by the Comodo install, even if Revo is installed now, and will it fix this issue? Or would you recommend going thoroughly through the procedure in the link?

If you currently have Comodo installed and are trying to fix a problem then try doing a complete uninstall using Revo Uninstaller in advanced mode. When Comodo says reboot,dont and click next on Revo. Delete all registry and program entires it finds then reboot. Use CCleaner registry cleaner and reboot. Install a fresh version of Comodo. If it doesnt work then use the comprehensive procedure.

Welcome to the forum, Tarq57

Reading over your initial posting, it sounds like there might be something else going on, and CFP is one of several programs that is showing symptoms of an underlying problem. Have you checked the WinXP event log for any diagnostic or warning messages? To see those messages, click Start → Run, enter “eventvwr.msc”, then highlight System, and then double-click any message line to display the text.

What you’ve described so far sounds like it could be a hardware problem with the disk drive, which can cause all manner of things to act strangely. There are some diagnostics checks that can be done, some native to WinXP and some not, that can be useful if there is a problem. Looking at the WinXP event log is the first check.

Hi Vettetech, I’ll install Revo and have a crack at that in due course, if there is nothing outstanding that needs addressing from the event viewer.

Hi grue 155,
The event viewer contains a number of entries under “System”. Analysis of some of them indicated they were due to services having been disabled, which is true. I had disabled some services in accordance with info provided on BlackViper’s tweak XP website; set some others to manual. (I have reset most of these to “automatic” now, and restarted.)
Another frequent error is related to “atim2tag”, the description is “CRT invalid type”’, no advanced help is available.
There are some more, from 2 days+ ago, (19/05/08) that read “The following boot-start or system-start driver(s) failed to load:
aswTdi” This is an event type “7026”.
I have, at about the time indicated, uninstalled my Avast Home AV, which was on the “D” partition, and reinstalled it to the “C” partition. It appears to be operating correctly.
There are a number of warnings from the 16/05/08, stating “UnlockerDriver5” with an error type of “54”, no further info available. (I do have the “unlocker” program installed, and the 16th was probably about the last time I used it. Perhaps a reinstall is advised, here, if that is what the error is referencing?
All the other errors seem to relate to services failing to start/dependencies failing to start, and are listed as DCOM, and Service control manager, and reference UNP&P, SSDP discovery service, and a couple from 17/05/08 "DCOM got error "The dependency service or group failed to start. attempting to start the service upnphost with arguments in order to run the server:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.",
plus the errors referencing Avast, which appeared to be limited to the one day/time window when the reinstall occurred.
Sorry if this is needlessly long winded, I don’t have much idea about analyzing this sort of thing, if you can help I’ll be pretty darn impressed! Hope enough information is provided.

The details from the Windows event log sound like the fairly routine Windows logging chatter. Windows, like almost all OS’s these days, tends to have very good disk error correction and recovery methods. And like most, it tends not to log problems till its almost too late. I’ll take nothing in the event log as a good sign.

Two more Windows native checks to try:

One is the classic disk defrag, of every partition on your disk. In doing the defrag, the goal is to trip up over the disk error-correction hardware, and see if something complains about an error reading or writing to the disk.

The second is seeing if the Windows Device Manager ( Start, My Computer properties, Device Manager, highlight the disk drive, and use the hardware troubleshoot facilities ). That may trip something also.

A tool to download, is SpeedFan, available at http://www.almico.com/speedfan.php and using it to monitor your machine cooling, including any sensor data from your disk drive. You’ll need to install it, and watch the results for a while to see if there is a problem. Disk drives don’t like heat, and their error rate will increase as the temperature goes up.

Righto, Device manager>disk drives indicates no problems. I have a program installed by Gabriel Topola, called System information, which includes a display of the hardware sensors. Both (CPU and HD) are currently indicating 34C. I’ve never seen them above 41C. Have been checking quite regularly, especially today.
The hard drive is a Seagate 7200, about three years old, still under warranty, I think.
Do you think I need to run the speedfan program?
About to commence a defrag. Will report the results.

According to your first txt file, CFP 3 is missing guard32.dll, which I believe is the Defense+ driver. It should be in C:\WINDOWS\system32. I remember recently I did a test by moving some CFP files and got the same message when running the diagnostics: “Unable to fix some problems.”

Apparently, something is preventing that file from being installed onto your PC. When installing CFP3, I always recommending disabling other programs, namely security programs. Shutting them down is even safer (with disconnected internet of course).

Disk Defrag operated, both partitions. At the end of each defrag, it stated “some files could not be defragged…view report” Which I’ve saved. The reports both indicate, however, that there were no files that could not be defragged.
Guard32.dll is present in system32. It’s 135bytes, and signed by Comodo. Maybe it’s there, but not registered or operating as it should?
Just done a spyware scan with SAS (to be sure), all clear.
Anyone correct me if I’m wrong, but I’m thinking the next step is to uninstall the firewall, use the revo uninstaller, disable all security software then re-install. (Rebooting as commanded after using the Revo program.)
Services for A2 and AVG AS also run (as they do) even when the programs are not opened. Maybe I’ll disable them, too, when re-installing Comodo.
D+ is currently in training mode. When it’s set to “safe” mode, it appears to function normally, with plenty of popups for any unknown applications I run. I wonder if it could just be a problem with the diagnostic checker? Seems a long shot; it worked before.

I would do that.

Nope, you don’t need speedfan. Your temps are good. If you were up to 45 or 50C, then I’d be worried. I think we’ve ruled out the prospect of there being any kind of disk hardware problem.

Well, tried the Revo uninstall, it found a few items leftover and deleted them. Strangely, with the windows firewall “Off”, the security centre continued to report that Comodo firewall was on.
I’m suspecting the registry entries to do with the legacy drivers.
I’m also starting to get just a little weary of how difficult this program appears to be to completely remove.
The original problem with the diagnostics remains.
Sorely tempted to uninstall all Comodo products for now and delete all Comodo registry keys, changing the permissions if need be to do so. (I’m a virgo.)
If I change the permissions for these legacy keys to enable their deletion, and later install any Comodo products, will the keys be re-created, but with the new relaxed permissions? Or will the default permission be built ito the keys during the reinstall? And, either way, does it matter?

Comodo showing up in the Security Center is normal. Alot of security programs have this problem with Windows. You need to rebuilt the repository folder. Go to run and type “services.msc”. Then find the WMI (Windows Management Instrumentation) and stop it. Then migrate to C\Windows\System32\Wbem and delete the repository folder and reboot.

Thanks, Vettetech, I remember that trick now. Still, don’t think it’s associated with the original problem.
What do you think about those legacy driver entries in the registry? Worth a crack at deleting?

The comprehensive guide to remove CFP3 states legacy keys are harmless and are created well after a software is installed. Instead of following those step-by-step instructions, why not just scroll to the bottom of the first post and execute the .bat file? It does the work for you. Yes, they will return after installing and they all legacy keys never give full control. Dunno why, but I would delete them if the script doesn’t cover them and then clean reinstall CFP with disabled security programs.

Well, here’s where I’m at. Uninstalled it, used the Revo uninstaller, changed the permissions/deleted all Legacy keys, (having already uninstalled Boclean and CMF), using regedit removed everything Comodo, looked in Device Manager (hidden entries)- nothing present, removed the wbem repository from System 32 having disabled WMI, rebooted, downloaded and ran the .bat file.
In other words, pretty much everything in the detailed instructions in that awesome forum post.
Just ran with the Windows firewall for a time, but it’s a bit like a “space saver” spare tyre, not really good for serious security. Tried Onliine Armour firewall, again, (but briefly; it has almost frozen my computer in the past, and this time was no exception. Have no idea why. But I used the Revo uininstaller to remove it.)
Reinstalled the latest CFP. Seems to work ok.
Ran the Diagnostic Test. Same result. Totally flummoxed. It once showed the installation as working perfectly, and now does not, no matter what. Can’t work out what’s changed. ???

Why run the diag test if Comodo is working. Or are you getting a message stating that Comodo isnt working properly?