Errors in CatRoot2 log, dberr.txt

My log had been growing to an alarming size (Can't install updates or programs - Windows Server | Microsoft Learn), and I was finally able to narrow it down to Comodo, then further to the AV, and lastly to the Memory Scanner. I tried uninstalling the AV component and reinstalling the latest version. Are you aware that it throws errors anywhere from 11 to 25 on each boot or, if it is disabled, when it is activated? Is this part of the AV design to protect itself from viruses?

It’s the same error repeated over and over:
CatalogDB: 8:22:52 PM 9/15/2009: File #2 at line #1236 encountered error 0x00000057

XP Pro SP3
CIS 3.11.108364.552 XP32

Did you try all of the 10 solutions as given by the Microsoft KB article? When you found the solutions that worked, did the problem come back?

I know this probably doesn’t help, but my log file is 128k and the .txt file is 64k.

Eric, thanks for the rely.
My problem was not “You cannot install some updates or programs.” I referenced the article for information on where the errors were being generated. However, I did try several of the solutions to rebuild the catalog and reregister the crypto dll’s. I arrived at the article and at the dberr.txt error log in trying to solve a newly occurring browser problem (Opera 9.64, and subsequently installed 10.0 thinking that might help - it didn’t). I am mostly sure now the problem is not Comodo related because it occurs when CIS is not running. Since the errors are not being generated by Windows I’m not too concerned, and I suppose I can remember to delete the log periodically for backup and defrag when it becomes unnecessarily large.

I guess that AV scans certain files in the catalog directory to see what memory processes should be running. Comodo seems to be operating properly; I just wasn’t sure due to the errors. The Comodo event logs do not show anything related, but the errors are still being placed in that log after applying the MS suggestions.

Heffe, more information is always helpful when you’re trying to track down an elusive problem. I take it your dberr.txt only shows what it should (e.g. CatalogDB: 2:05:41 AM 9/10/2009: Adding Catalog File: KB956844.cat) and not the errors?

I haven’t found anything on the Opera site and very little elsewhere on the errors in the catalog, which I now know are from Comodo and almost certainly unrelated to the Opera problem. Nothing like looking into one problem only to find another. The browser problem doesn’t occur on my clone copy (I use XXClone) which was from only a few days, fortunately, before the problem started. That makes it all the stranger. If I launch Opera without the JavaScript turned on, even though my Site Preferences for tabs that require JS are on, it will not load those sites or any other site that’s trying to set up a SSL connection. Then, if I relaunch Opera I’ve lost all my browser preferences and everything is back at install default and/or I get a pop-up that says it cannot save my preferences file. (And, yes, I’ve scanned for viruses, rootkits, malware, sfc, chkdsk, etc., etc.) I would think that if it were strictly a browser problem, the fresh install of Opera 10.0 would not have the same symptoms and, further, copying over the clone didn’t help, which, btw, is post-Patch Tuesday.
[P.S. - Sorry for rambling on, but this is one of the weirdest problems I’ve ever had.]

Actually I do see the errors. I was commenting on file size as you said yours was growing. I get them more often than at boot though. This is what I see for today.

CatalogDB: 12:28:58 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:02 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:12 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:19 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:19 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:21 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:21 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:22 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:22 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:23 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:23 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:23 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:23 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:23 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:23 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:24 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:36 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:37 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:37 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:37 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:47 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:48 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:49 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:50 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:50 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:50 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:29:53 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:30:02 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:55:39 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 12:55:39 PM 9/16/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 3:44:10 PM 9/16/2009: File #2 at line #1283 encountered error 0x00000057
CatalogDB: 3:44:10 PM 9/16/2009: File #2 at line #1283 encountered error 0x00000057
CatalogDB: 3:44:10 PM 9/16/2009: File #2 at line #1283 encountered error 0x00000057
CatalogDB: 3:44:10 PM 9/16/2009: File #2 at line #1283 encountered error 0x00000057
CatalogDB: 4:02:33 PM 9/16/2009: File #2 at line #1283 encountered error 0x00000057

The 12:29 entries would obviously be the boot, but I’m not sure what the following times may be as the machine has not been rebooted.

But back to file size, the file seems to be policing its file size instead of growing to 20MB as the examples in the link you posted.

The earliest date I have on the errors is the fourth of this month. Could this mean that the file is purged roughly every month?

Because other than that, I can see no other reason for the log to start there as I see errors listed every day since the fourth. I initially thought that it could possibly coincide with the date I upgraded to version 3.11 because I wait a few days before I update due to Comodo’s penchant to botch releases. 3.11 was released on August 25, so ten days before I updated wouldn’t be out of the question. But looking at the files in my CIS folder, I updated three days after the release. (August 28)

The earliest I found was very close to yours, late the night of the 3rd. Like you, I am cautious about updates, major releases, and patches from anyone, not just Comodo. I didn’t update until the 30th. Although it may not be from the update. It could be from an AV signature update, especially since the errors originate from an AV memory scan. The stray entries in yours may come from a browser launch or some other application. I just tried IE and didn’t get any errors, but that doesn’t mean Opera wouldn’t cause some, which I’ll try later. Skype didn’t from earlier today, so it’s not solely initiating a network connection that bothers the AV.

Have you seen my topic on this? https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/d_screws_up_windows_update_cryptsvc-t44045.0.html

I get exactly the same problem you have. Disabling D+ fixes this, and also allows cryptsvc to repair catroot2 (when it gets corrupted after trying to install Windows Updates).

You all have my sympathy, but I am pleased to see I am not alone ! !

IMPORTANT QUESTION TO EVERY-ONE DID YOU UPDATE OR DO A CLEAN INSTALL AFTER DELETE ?

I removed Eset Antivirus and Comodo 3.5 for a clean install of CIS 3.10, and after a week or two found subtle clues that Windows was a little damaged at that time. Could this have happened to you ?

I have XP Home with SP3.

Comodo Technical Support told me this problem with v3.10 was only seen on VISTA, not XP,
and that v3.11 would fix it - it has not. I have yet to try 3.12

After switching on at 08:50 today, C:\WINDOWS\system32\CatRoot2\dberr.txt received this :-
CatalogDB: 08:51:37 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 08:51:55 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 08:51:58 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 08:51:58 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 08:57:05 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 09:27:37 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 09:57:47 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 10:27:57 19/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 10:58:07 19/09/2009: File #2 at line #1236 encountered error 0x00000057

When I first installed v3.10 there were several times the number of errors per hour.
These errors continued with v3.11, but have been gradually decreasing for no known reason.
Since v3.10 there has always been a burst of errors when the computer boots up,
and then at precisely 1810 second intervals further one or two errors were appended.

I was told catroot2 was corrupted, so I deleted catroot2. No need to wait, I simply rebooted and Catroot2 was rebuilt with obsolete
…\System32\CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
a further reboot and I got
…\System32\CatRoot2{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
Two more reboots and no further developments.
But everything was just as bad.

I have replaced both Catroot2 and Catroot from an Acronis Image taken immediately before I deleted the old protection, i.e. before anything went wrong.
But everything was just as bad.

I have posted in several forums without a single reply.

I returned here today for information on ( and a download of ) 3.12, which I will soon be testing, and fully expected a further failure and was steeling myself to restore the old image of C:\ with obsolete protection, and to remove the old protection and replace with the new protection and, until free of errors, repeatedly restore the old image and remove the old protection etc. etc.

I will now download 3.12 and try it, but wait a bit longer observing developments before starting all over again.

The full details of the “subtle” evidence of Windows being broken etc are below. Perhaps you will find similar evidence on your machines in which case deleting old Comodo could have damaged Windows and given these problems, otherwise it looks like we will have to wait until Comodo deliver an effective fix.

Alan

============ DETAILS AS POSTED ELSEWHERE ============

I think a bit of XP Home died when Comodo Firewall 3.05 was uninstalled on 01/08/2009.

At 16:47:31.pagefile.sys was initialised upon a reboot to complete the removal.
From 16:48:53 to 16:49:13 there were 51 off new *.MOF files in System32\wbem\AutoRecover
Before this incident there were only 11 files with very old time stamps.
Of these 11 :-
4 survived without change
7 were updated and halved in size, and given new timestamps
and 44 brand new files arrived from nowhere.

At 16:49:12 Application Event log shows 4 off WinMgmt errors (while recovering repository file)
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF
C:\AC30D119A40F2C8C8708A20576\I386\LICWMI.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATIONFOUNDATION\SERVICEMODEL.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF

Before installing new protection I inspected the event log for errors and saw this WinMgnt stuff, and realised that, much as I feared, COMODO had hooked into the system to resist eviction by malware, and hung on too hard during removal.
I hoped that “while recovering repository file” indicated some sort of recovery process,
and I rebooted several times without further errors and hoped that indicated full recovery had been achieved.

I then installed Comodo CIS v3.10 (Firewall plus Anti-virus etc.) and all seemed well.

Several days later I compared C:\ with an image taken just before removal.
That is when I spotted those 51 off new *.MOF files and guessed they related to 4 WinMgmt errors.
Then I saw C:\WINDOWS\system32\CatRoot2\dberr.txt going berserk.
Suddenly, after Comodo CIS v3.10 was fully installed and rebooted, it reported, e.g.
CatalogDB: 21:21:22 09/09/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 21:51:32 09/09/2009: File #2 at line #1236 encountered error 0x00000057
There are perhaps half a dozen such errors upon a reboot, and then at 1810 second intervals another such error is appended.

In-spite of all these errors, it still captured the normal information from a Patch Tuesday update a few weeks ago.
I see no further system / application event log errors.

It looks like everything sort of works, but it just isn’t right, and I don’t know if XP will capsize and sink.

I think a bit of XP was torn out when Comodo 3.05 was removed, and nothing needed that bit of XP until Comodo 3.10 was installed, and then the dberr.txt errors started and continue no matter what I have done since.

Comodo support have admitted to the “File #2 at line #1236” errors as something that has been seen with Vista, but not with XP, and advised that the subsequent v3.11 has fixed the problem. I updated to v 3.11 and this problem continues in XP.

I was told it could be catroot2 corruption. I deleted Catroot2 and it rebuilt. No real change but further anomalies arose ! !

Catroot2 originally held
…\System32\CatRoot2{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
13/08/2009 17:05 1,056,768 catdb
18/06/2007 19:53 8 TimeStamp
…\System32\CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
13/08/2009 17:05 1,056,768 catdb
19/08/2008 12:45 8 TimeStamp
…\System32\CatRoot2{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
13/08/2009 17:05 7,348,224 catdb
31/07/2009 10:53 8 TimeStamp

After using “net stop cryptsvc” and deleting catroot2 etc, after a reboot I had only
…\System32\CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
13/08/2009 19:06 1,056,768 catdb

After a second reboot I had an additional
…\system32\CatRoot2{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
13/08/2009 21:35 1,056,768 catdb

That seems to have removed 6 MB of bloat from …(F750… ! !
Further reboots made no change - still no …{00AA…

C:\WINDOWS\system32\CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE} holds 220 files.
Apparently obsolete and unused and almost empty are :-
C:\WINDOWS\system32\CatRoot{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
18/06/2007 19:53 8 TimeStamp
16/05/2007 13:49 11,418 WLSetup.cat
C:\WINDOWS\system32\CatRoot{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
19/08/2008 12:45 8 TimeStamp

I have removed these “obsolete” folders, keeping only …\system32\CatRoot{F750…
and again deleted catroot2 and rebooted, and again after the first reboot there was
…\System32\CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
which surprised me since the corresponding folder had been removed from catroot,
and after the second reboot there was
…\System32\CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.

“File #2 at line #1236” errors continued as before.

I restored Catroot and Catroot2 from an Acronis image taken just before anything was removed.
“File #2 at line #1236” errors just keep on going on and on.

Is there a quick fix to this please ?
Should I enter a LOOP :-
{
Restore the system to the original image taken before the removal of the old protection;
Remove original protection
} REPEAT until nothing is broken in XP ?

One long long very long standing anomaly, where on earth is “oem43.CAT”
The last dberr.txt log before things went bad was
CatalogDB: 10:49:57 31/07/2009: Adding Catalog File: oem43.CAT
CatalogDB: 10:49:58 31/07/2009: DONE Adding Catalog File: oem43.CAT
CatalogDB: 10:51:18 31/07/2009: Adding Catalog File: oem43.CAT
CatalogDB: 10:51:19 31/07/2009: DONE Adding Catalog File: oem43.CAT
CatalogDB: 10:52:40 31/07/2009: Adding Catalog File: oem43.CAT
CatalogDB: 10:52:40 31/07/2009: DONE Adding Catalog File: oem43.CAT
CatalogDB: 10:53:07 31/07/2009: Adding Catalog File: KB972260-IE7.cat
CatalogDB: 10:53:07 31/07/2009: DONE Adding Catalog File: KB972260-IE7.cat

C:\WINDOWS\system32\CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE} holds :-
oem0.cat through to oem56.cat, with a few gaps.
it holds oem42.cat and oem44.cat but absolutely no oem43.cat.

These “DONE Adding Catalog File: oem43.CAT” messages have happened for many Patch Tuesdays,
and none of the Acronis images from this period of time have captured any oem43.cat.

Incidentally, why did Catroot and Catroot2 start with 3 off …{} folders ?
Is it related to SP1 and SP2 and SP3 being installed at different times ?
And why does a rebuild of Catroot2 never create …{00AAC56B… etc,
but always creates the other two ?
regardless of whether Catroot holds only the relevant …{F750E6C3 or all 3 of the …{}

If I ever get this fixed, and Catroot2 is as it was, will it be safe to have XP rebuild it and presumable prune the 6 MB space and time wasting bloat in 7,348,224 catdb ;
and to lose the apparently redundant …{00AAC56B… etc. ?

I am using XP Home edition with SP3.

I can restore the system from various Acronis partition images, including :-
Before removal of old protection ;
After installing new protection and before I knew there was a problem ;
After I knew there was a problem and before I started trying to fix it.

I would appreciate any advice upon fixing this, or I will continue to worry about when XP will crash.

Regards
Alan

wj32, thanks for the pointer to your other post. It got me to try and rebuild the Catroot2 again. I thought I had rebuilt it with Comodo completely shut down, but maybe not. This time it seemed to work, for the time being (there have been times when I’ve spoken too soon). Opera seems to be working properly again, too. While I generally only change one thing at a time when debugging, there was one other possibility for the problems that I had rerun the other day. I use jkDefrag and 4.1.2 was a bad build, at least for my system (Jeroen is very good but, hey, nobody’s perfect). During the defrag there’s a lot of file locking and marking as unmovable. The defrag had froze and I reran with 4.1.1, a good one. Today when I had a chance to get back to all this I rebuilt the Catroot2, successfully this time, and tested to see how everything was working. There are too many moving parts to say exactly where the problems originated - and I’m not about to start experimenting. Thanks, again.

I did an update.
The last time, previous to today’s successful one, I only got CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE} on the first reboot. I suspect that if that happened your rebuild was not successful because today’s reconstructed both.
I presume you’ve tried these rebuilds with Comodo not being loaded when you reboot.
Did you ever have a bad install from MS Update? I did for the first time not too long ago, but it seemed to be before my problems started. It’s not always easy to tell. I wouldn’t have known unless I didn’t happen to see a slew of temp directories under my \system32.
You might try reregistering the cryptsvc dll’s, per the MS page from my original post. [copy & paste from the MS page is the least time consuming way to do it.] It was one of the “moving parts” I did again today.

Regarding oem43.cat, do you have something like these on your system?
Huawei modem, Novatel driver package V2.00.51, Mobile Broadband Drivers
http://www.siteadvisor.com/sites/t-mobile.de/downloads/15820490/
AT&T Communication Manager 6.2.10.0, Nokia Connectivity Adapter Cable DKU-5
http://siteadvisor.de/sites/cingular.com/downloads/9771834/

How do you rebuild?

I shut down cryptsvc, but when I try to rename or move catroot2, the files/folders are in use.

Do I need to try this from safe mode?

Note: This attempt was with CIS completely uninstalled.

MRCS

You started this topic by reporting the same “…File #2 at line #1236…” which I am seeing.
You now say that you have repeated a rebuild of Catroot2 and it is now successful.
Please confirm that this has now fixed your “…File #2 at line #1236…” errors.

I have read that some people delete Catroot2 and then do “net start cryptsvc”,
and then just wait and wait - and perhaps 10 hours later it is rebuilt.
I found and followed alternative advice that there was no need to wait,
a reboot would instantly finish the job.
I was slightly dissapointed that the first reboot resulted in only
…\System32\CatRoot2{127D0A1D-…
I assumed I was following the advice of some-one who had only
…\System32\CatRoot2{F750E6C3-…
I will try again.

Since I was unable to rename CatRoot2 until I had stopped the service,
and since Catroot2 was rebuilt after starting the service and rebooting,
I thought I had done all that was needed.
I was aware that cryptsvc dlls could need registering,
but I thought it was o.k. because a very recent Patch Update caused the usual :-
CatalogDB: 20:18:28 20/08/2009: Adding Catalog File: KB971657.cat
CatalogDB: 20:18:28 20/08/2009: DONE Adding Catalog File: KB971657.cat
CatalogDB: 20:18:39 20/08/2009: Adding Catalog File: oem43.CAT
CatalogDB: 20:18:39 20/08/2009: DONE Adding Catalog File: oem43.CAT
CatalogDB: 20:19:01 20/08/2009: Adding Catalog File: KB960859.cat
CatalogDB: 20:19:01 20/08/2009: DONE Adding Catalog File: KB960859.cat
Followed by the inevitable
CatalogDB: 20:33:56 20/08/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 20:33:57 20/08/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 20:34:25 20/08/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 20:34:26 20/08/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 20:34:32 20/08/2009: File #2 at line #1236 encountered error 0x00000057
I am happy to follow in your footsteps if reregistering has given you success.

The only Nicrosoft update that failed was in November 2007,
Security patch KB928365 for .NET Framework Version 2.0.
It failed for many people. It seems to have been fixed with SP3.

Comodo was active when I rebuilt, but there were no pop-ups to indicate any conflict.
How do you suggest I reboot without Comodo being loaded ?
Should I set security level to disabled for Antivirus, Firewall, and Defense+,
and does it matter which configuration I use when doing so ?
Should I prevent launching of cfp.exe ?
Should I also block cmdagent.exe by changing the service from Automatic to Disabled ?
Or is it better to uninstall v3.11 first.

I believe I have no Huawei modems because I have no c:\Program Files\Huawei Modems\

I saw within http://www.siteadvisor.com/sites/t-mobile.de/downloads/15820490/
ADD c:\WINDOWS\inf\oem43.inf
ADD c:\WINDOWS\inf\oem43.PNF
ADD c:\WINDOWS\LastGood\INF\oem43.inf
ADD c:\WINDOWS\LastGood\INF\oem43.PNF
ADD c:\WINDOWS\system32\CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem43.CAT
I also see similar entries for oem42, oem 44, and many others.
Previously I only knew of …CatRoot{F750E6C3-…
I now find I too have c:\WINDOWS\inf\oem*., etc, and it corresponds to …Catroot…
i.e. it has an oem??.inf plus oem??.PNF for most (but not all) oem??.CAT
but there is no oem43. anywhere.
Is it possible that the oem43 is the current-in-use animal that only lives in the registry,
and it will only appear in the “inf” and Catroot folders when it is archived after a different animal becomes current ?

I have no folder c:\WINDOWS\LastGood
I assume this only exists as a recovery option when something has been installed and could cause a problem,
and Windows removes it after a few reboots without needing it.
Please tell me if its absence is something I should be worried about.

I find no sign of AT&T folders as per http://www.siteadvisor.de/sites/cingular.com/downloads/9771834/

Regards
Alan

HeffeD

You may need to follow MRCS advice and re-register the cryptsvc dll’s.

I could not alter Catroot2 until I used Start → Run → CMD for a command prompt
then I issued the command “net stop cryptsvc”
it fairly quickly stopped the service and I could rename C:\Windows\System32\catroot2
then I issued the command “net start cryptsvc”
and fairly soon after it started the service and I rebooted.

I did this in normal mode - I never needed SAFE mode.

I use XP, I do not know if you have Vista.

I learnt about Catroot2 from a UAC posting at
http://forum.sysinternals.com/forum_posts.asp?TID=18690

Alan

Yes, this is what I did. The service was stopped, but I could not move or rename Catroot2.

HeffD

After you told it to stop, did it tell you it had stopped, or did you assume success when it was ready for the next command ?

Do you have Vista ?

Perhaps you need to re-register.

Alan

Did cryptsvc say it had been shut down successfully? If it did, I would start with a clean boot. Use msconfig to uncheck all but the most essential ones. For me, it’s my mouse and video. If you have anything in your start-up folder, hold down the shift key when you reboot. Then try to stop the cryptsvc. It’s simpler to stop it from Services, which you can get to by Administrative Tools or by running services.msc from the Run box (besides, it will give you a clearer message if it was unable to shut down). Otherwise, I’d check Task Manager to see what’s interfering. I didn’t have to use Safe Mode.

One other thought, I’ve never had Windows set to automatically update, but that could be blocking a good cryptsvc shutdown.

It said the service had been stopped successfully.

I don’t have Windows set to automatically update.

I guess I’ll try a clean reboot.

So after rebuilding like this, has CIS stopped filling the log with errors?

Confirmed. But like I said in my other post I’m not going to speak too soon until I’ve been up and running for a couple of days.

10 hours is way unnecessary. If it doesn’t rebuild in a couple of minutes, max, it’s not going to.

Since your log says “DONE Adding Catalog File: oem43.CAT” that is off the table as part of your difficulty. Same for your failed MS update from November 2007, if you haven’t had these problems until now.

To prevent Comodo from being loaded at boot, see my last post for Heffe about using msconfig, go to the Startup tab and uncheck cfp. Of course I don’t recommend someone not having their firewall running with an always on connection so you may want to turn off or unplug your router or modem, but I don’t bother.

I never have any updates set to automatic, usually notify, except for MS which is completely turned off. However, I don’t think cmdagent.exe will be running if you don’t load cfp.

Edit: I don’t want to conflict with what wj32 had to say on sysinternals, so I should have said, it shouldn’t take more than a couple of minutes “on my system”. I run with the least amount of garbage as possible. Others may legitimately have a lot more to rebuild. My CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE} has 147 files.

Hmmm… Hasn’t fixed it for me.

Completely uninstalled CIS using Revo Uninstaller.

Used the “diagnostic restart” option in msconfig that only allows the necessary startups. Cryptsvc doesn’t even start in this configuration. Was able to rename Catroot2. Switched back to normal restart and rebooted.

Catroot was rebuilt, and the only entry in dberr.txt was:

CatalogDB: 4:21:08 PM 9/19/2009: WAITSVC: Calling StartService():  CryptSvc
CatalogDB: 4:21:23 PM 9/19/2009: WAITSVC: Service is running:  CryptSvc

I then installed version 3.12 of CIS. After rebooting, I see this:

CatalogDB: 4:26:59 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:00 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:01 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:01 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:01 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:01 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:01 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:02 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:03 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:04 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:04 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:04 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:05 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:05 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:06 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:07 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:12 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:12 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:12 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:13 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:13 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:13 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:13 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:13 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:13 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:14 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:15 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:16 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:16 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:16 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:16 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:16 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:16 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:18 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:22 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:22 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:24 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:25 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057
CatalogDB: 4:27:34 PM 9/19/2009: File #2 at line #1236 encountered error 0x00000057

So it’s definitely not fixed, and it’s not a Vista issue…

Win XP Pro, SP2 32 Bit.
AMD Athlon X2 Dual Core 4200+
2GB RAM

CIS 3.12.111745.560
DB 2373

Could we get any word from the devs on this? ???