Most Stubborn Registry ever

Hello Comodo users and staff, I recently got a notification to update to the latest version of Comodo Internet Security 4.0

Long Story:

The problem is when I extract the files after downloading nothing happens, no warning of uninstalling old comodo and no automatic installer. This was going to be the second computer I would upgrade the comodo version so I went to add/remove programs removed the old version of Comodo 3.1. Once it said uninstall sucessful nothing happen. It did not even ask me to restart my PC like it should… so I Restarted the PC knowing that was suppose to happen then manually found the extracted file and ran it.

After running the installation it gets to the last part (Registering Components) and then after that suddenly the next thing I see is rollback. I try running the installer again, but Comodo tells me I need to restart the computer.

So I do, about 5 times. Finally I decide to do a bit of research. It recommends clearing the folders and cleaning the registry. Manually if you have to, so I did. I first delete all the files and folders then went to clean the registry. Most of the stuff have been removed by the uninstaller.

The problem… Everytime my registry scanners scan a specific location of the registry, the application closes out and (abruptly terminates) I thought to myself, hmm… thats a first and thought maybe it was just a bug with the software. I ran another software and again same results. Now I thought to myself now this does not seem right.

The next thing I do is use a registry finder and look for all instances and all registry relating to the word “comodo” again same problem the program searches the registry then suddenly abruptly closes and exits.

This time I try to pinpoint at what point the registry closes and why…

The short version
The registry seems to be closing at HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo

So I go there using regedit and the registry pops up after poking around to see if any comodo registries are listed in the subfolders like ControlSet001 and ControlSet003.(None was found).

So I decide to delete that folder located at HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo then oddly enough it just kicked me out of the registry editor. Just kicked me out/closed. I open it again and I try to delete It again… again it kicks me out…

I go into safe mode to delete… It again kicks me out ???
I login to the computer using the name “Administrator” instead of my admin account. Went there and yet again it kicked me out again! There is something evil there but I can not find out why.

Upon closer inspection HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\102\Rules\\\\ I put all those slashes at the end because there is a + next to them that is suppose to expand however this took me in an infinite loop of empty folders with nothing in them.

I try deleting those subfolders and yet again… It kicked me out…

I have never seen registry this stubborn before, and I have never seen registry editor kicking people out for trying to delete a folder or registry. Anyone have any ideas?

I checked running process for comodo and none was found. The comodo folder was deleted and does not exsist. So I have no idea why registry would just kick me out and not let me delete it.

Anyone have any ideas or what I should do to fix this? This thing has really got me stumped.

Everytime I try to install the new version of comodo everything seems to go fine until the very end. It says registering components->rollback-> then a message that says Comodo installer has abruptly ended.

Did you try uninstalling CIS and running the Clean Up Tool?

https://forums.comodo.com/install-setup-configuration-help-cis/cleanup-tool-for-comodo-internet-security-t36499.0.html

Yes, the application is uninstalled. I just ran the batch file above and got alot of Error: The system was unable to find the specified registry key or value. only 2 invalid keys

I got an error 1060 after the registry scan. I let it finished and it says comodo should be completely removed from the system.

I just reran the installer again and no luck the setup ended prematurely again,To install this program at a later time run setup wizard again. at least it got to kernel components when I was watching it installed. It did look like the installer was doing more this time then last time.

Oh I should include my system specs if it is needed.
Intel Celeron M 1.3Ghz
512MB RAM
40GB-4200RPM HD

Toshiba Satellite M35X-S114

I am accustomed to Windows refusing to allow deletion of a registry key.
I expect relevant error messages if RegEdit fails;
I expect more confusing error messages if Reg.exe fails.
BUT I have never known a deletion failure to shut down RegEdit.

It seems to me that Comodo may still be protecting its files from attack by malware.
It would be worth launching Windows Task Manager and inspecting the “Processes” TAB,
looking for either cfp.exe or cmdagent.exe - if they are running they protect their stuff.

Alan

That is why I was surprised that everytime I try to delete that registry the program just abruptly closes/exits out without any error messages or anything.

I did look at my task manager. No cmdagent or cpf.exe running in the background. Its odd how this happens in safemode also. i’ll attach a copy of the Hijack this log. I looked through it and didn’t see anything suspicious or bad in it. I don’t see anything in the process that would block this installation. I ran a full scan and check before the uninstallation.

Im doing a system file checker and scandisk again to see if the computer finds anything, so far its telling me everything is ok.

[attachment deleted by admin]

Try reinstalling CIS and then uninstalling it.

It sounds like part of its self-defense module may still be active.

Ok, I just reinstall version 3.14 and uninstall it ran the registry cleaner and same problem. 3.14 installed without any problems and ran just fine when I reinstalled it.

I think I will just keep version 3.14 as 3.14 is still pretty up to date in a way as long as they continue to provide virus defintions for the end of the remaining year.

It seems like 3.14 defense might be stuck on my computer for a very long time -_-

Are you really sure there were no other errors ?
Last year I ran an earlier version, and the display was swamped and overflowing with
"unable to find the specified registry key "

BUT IN ADDITION several other things flashed into view and disappeared of the top of the screen, e.g.
“Access is denied”
I corrected the script, redirecting to NUL all the “unable to find” messages,
and altered CMD.EXE properties to a display height of 300 lines,
and only then could I see all the “Access is denied” messages with no indication of which key.
Then a large amount of “@echo on” and “@echo off” allowed me to see which keys had no access.

I posted my solution, ZapBeta.TXT (ZapBeta.BAT was not allowed) in my reply #31 at
https://forums.comodo.com/install-setup-configuration-help-cis/cleanup-tool-for-comodo-internet-security-t36499.30.html
This shows all the items that were stuck due to “Access is denied”

I find “Access is denied” is most easily solved by Registrar Lite v 2.00
It is obsolete free-ware that can “take ownership” fix registry permission issues.
There are up-to-date free ware versions which have better eye candy, and may do more powerful things,
but those require an upgrade payment to de-cripple the “take ownership” capability.
As of 30 minutes ago you can download from :-
http://downloads.bjgarrick.com/files/RegistrarLite.zip

I suggest you look at my replies dealing with the use of Registrar Lite, my replies #45 and later at :-
https://forums.comodo.com/install-setup-configuration-help-cis/cleanup-tool-for-comodo-internet-security-t36499.45.html.

I see you have just replied and are resigned to a long wait before going up from 3.14.
All my above information should help when you make your next attempt,
BUT
I have now altered my local version of the script to work for all languages,
so it no longer has any interest in the specific English messages “unable to find” and “Access is denied”.
languy99 has posted a new link to

This has perhaps a 40% increase in the number of residues that have been identified.
I am about to incorporate these extra items in my script and release it as CIS-ZAP+SHOW.bat
With luck I should be posting it this week at
https://forums.comodo.com/install-setup-configuration-help-cis/cleanup-tool-for-comodo-internet-security-t36499.45.html

Regards
Alan

Hi again, its me! Sorry for bumping this post but I thought I try and give it another shot today to see if I can upgrade my Comodo Internet Security to 4.0

This time I ran Registar Lite and try to delete the key HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo and got a denied message. The problem is it will not let me change the registry permission.

This time I un-install CIS v3.14 ran msconfig and rebooted with minimal settings and ran the registry cleaner. Restarted with diagnostic mode still on and when I try to delete it permission denied. I went to Security try to take it over and adjust permission. It would always revert back to “Special Permission”

So I can not delete it. There must be some sort of security running in the background somewhere but even with “Diagnostic Mode” through msconfig surely nothing started up?

This registry just wont go away! I can not take full control of this registry for some reason. It reverts back. The registry cleaner can not adjust the permission and when I try to delete it, my CPU spikes to 100% and for some odd reason it eats up all my memory and my paging file jumps up to 800MB from 101MB

To the person that reply I will try safe mode also I will see what happens. It is an improvement with denied message then kicking me out.

Obviously you have NOT removed the old version and it is still protecting itself and all that is important to itself.

Had you looked at Task Manager you should have seen what was using 100% CPU and seen an identifiable Comodo process.

Or maybe not - you really should post the information on the processes that are responsible for :-
100% CPU spike ;
699 MB (800 - 101) increase in memory consumption.
That would give us useful data - without which we are just guessing.

Another wild guess, perhaps you got the wrong Registrar Lite - there is an awful lot of it about and mostly they have crippled the “permissions” aspect. The version that works for me came from
http://downloads.bjgarrick.com/files/RegistrarLite.zip

Alan

Yes, that is the program where I downloaded the application from… I looked at running process and oddly enough system idle process jumps while registar lite CPU goes down, but it is using up 404,000K of memory?! Its not a comodo process that was running I was looking at my task manager for any suspicious files but didn’t find any at all. I just finished recording my desktop on me trying to delete the registry that is left behind. I also ran your batch file so you should see what messages I get when running it. I am on a DSL network so uploading might take a while. There is a lot of lag when recording so you can just fast forwards to parts that interest you.

Running your batch file is close to the end I show all my running process though my Hijack log is still there and you can see what is running. I could record my Comodo installer to show you where I am stuck. It looks like everything is installing fine. It just reaches that very last end part then it rolls back.

Ok, I finally got the video up on my problem. Tried to put it on youtube but it was 22 min because of the lag with screen recorder and trying to delete that registry: Comodo Virus scanner was successfully removed from the registry for some odd reason comodo firewall refuses to disappear.

As for running process, that was a good point. I looked and did not find any running process from comodo. Rather something odd as shown on the video.

The registry cleaner you provided me jumped to 400MB of memory usage and cpu goes down to 10%. System Idle Process goes to 90% and yet CPU usage is 100%? Usually task manager ignores system idle process so it seems like there is a hidden process somewhere on my computer.

Also I thought it was a defense problem. So I reinstalled Comodo 3.14 and then went to the Defense+ security. From there I disabled it and set it to off, restarted the computer then uninstall Comodo.

Anyways here are my running processes:

Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\CamStudio\Recorder.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Simon\Desktop\HijackThis.exe

And here is a link to the video. It looked nice when I recorded but they compressed alot of stuff so it got blurry. I put it on Zshare since youtube would not except the length of the video.

I ran the batch file about 13 minutes in if your wondering. I did not get any denied messages. Just about something being corrupted near the end of the batch file. Alot of invalid keys and can not find registry.

Link to video of me trying to remove the registry: http://www.zshare.net/video/77706350eea5fe9b/
*Quality went down very low because they compressed. If you have any questions about any step I did just ask. There is no sound and there is lag at certain points(which caused the movie to be longer then it was suppose to). Better to just let the video load and just scroll to see if there is something you are curious about.

If someone can help me to get Comodo to finish finalizing the installation then I won’t have to worry about it I suppose. The problem is everything seems just fine when installing comodo 4.0 only when it tries to finalize the installation near the very end it roll back changes and says comodo has abruptly ended. Retry? If somehow I can get it to finalize then that would solve all my problem.

When I run Comodo installer this is what happens: - YouTube

version 3.14 installs fine. version 4 never gets to finialize everything. I redownloaded the file several times usign different browsers.

Hope my problem was a simple problem and this registry can be ignored.

have you looked in my network settings, adapters, properties for a listing called comodo firewall? I have seen that driver left over will kill a lot of installs. If it is there you can uninstall it from there, then reboot, rerun the batch file, reboot and try installing again.

You have in the running processes :-
1 off a-squared Free
3 off Spy Sweeper.

These seem to me to be active, and presumably are real-time protection,
and as such may interfere with other protective software, such as Comodo.

They may claim to co-exist with other undefined firewalls, Anti-Virus etc.,
but that does not deny that they could damage some protection they have not tested.

Even worse, even if they allow Comodo etc. etc to provide protection,
they may accidentally interfere with the removal and/or upgrade of Comodo,
and it is always possible they may deliberately block removal/upgrade if they consider this to be an abnormal event caused by a malware attack.

The video of the clean-up tool is useless - too blurred for me to read.

I suggest you read the start of my script :-

ECHO OFF
CLS
setlocal enabledelayedexpansion
title Comodo Internet Security File and Registry Cleaner
ECHO 28/01/2010  Alan added detection and reporting of Permission Issues etc.
ECHO To see all Issues etc. set CMD.EXE properties / screen buffer height above 300.

That will capture for review the last 300 messages.
The last bit is the important bit.
All you have to do is :-
Right Click on the CMD.EXE screen and from the context menu choose “Select All”,
with the immediate result that all the screen changes to Black text on White Background,
THEN hit the “Enter” key which has two results :-
Screen returns to White text on Black background, and
Your “Paste Buffer” now holds a copy of all the text that was selected so Ctrl’V will paste a copy wherever you like, either into a text file for attaching to your next post, or straight to screen like this short example.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Dad>

Alan

I checked in the network settings and looked at all the adapters and could not find anything related to Comodo. I did find something in the device manager if I show all devices, I deleted it restarted the computer and try to reinstall but again last minute of finalizing still says ended for some odd reason.

I did manage to copy the last few lines of that weird error message:

This is what I see at the end.

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value
System error 1060 has occurred.

The specified service does not exist as an installed service.

DOS/32A – Protected Mode Run-time Version 7.2
Copyright (C) Supernar Systems, Ltd. 1996-2002
SC/32A fatal: DOS/32A environment variable is not set up properly
You need to reinstall DOS/32 Advanced DOS Extender on this computer
System error 1060 has occurred.

The specified service does not exist as an installed service.

DOS/32A – Protected Mode Run-time Version 7.2
Copyright (C) Supernar Systems, Ltd. 1996-2002
SC/32A fatal: DOS/32A environment variable is not set up properly
You need to reinstall DOS/32 Advanced DOS Extender on this computer
The Windows Management Instrumentation service is stopping…

Here is what it looks like in the beginning

This batch file will now attempt to delete all left-over files and registry entries created by Comodo Internet Security... Press any key to continue . . . The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified.

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

Error: The system was unable to find the specified registry key or value

This goes on all the way to the last part shown above. The services are stopped and restarted fine.

I will see if I can shutdown both Spysweeper and a2free. Though I have no idea why a2 free would be in memory because its the free version and provides NO real time protection. Also I have had trouble terminating it from memory because it would always startup again automatically for some odd reason.

These applications did work well with Comodo 3.14 and they seem to be no problems on my desktops, only on my laptop.

spysweeper might be a problem if you have it in real time, a2 is not a problem, it needs that realtime component to work and it does not interfere with comodo at all.

look at this http://support.citrix.com/article/CTX108387 it might give you some ideas as to what might cause that error, maybe you have a service that does not match the name anymore and comodo can’t do what it wants to becasue it is trying to use a name that your computer does not recognize. That might be causing it to roll back.

I see nothing in your last post to indicate you were using my script.

Did you run my script ?
The first 3 stages are LIST, KILL, and SHOW.
Each stage clearly stipulates the name of every folder/file/registry key that causes difficulty,
no STUPID Microsoft message “… unable to find the specified registry key or value”
with no clue given as to the identity of the key.

On my system the LIST stage concludes with :-

FOUND :- "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Comodo Antivirus"
FOUND :- "HKEY_CLASSES_ROOT\file\shellex\ContextMenuHandlers\Comodo Antivirus"
FOUND :- "HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Comodo Antivirus"
ABSENT:- "HKEY_USERS\S-1-5-21-1417001333-329068152-839522115-1003\Software\CFP"
ABSENT:- "HKEY_USERS\S-1-5-21-1960408961-839522115-1957994488-500\Software\AppDataLow\AskBarDis"
ABSENT:- "HKEY_USERS\S-1-5-21-1960408961-839522115-1957994488-500\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"

PATHS    :- VALID = 8; FROZEN = 0;             ABSENT = 2
FILES    :- FOUND = 8; FROZEN = 0; KILLED = 0; ABSENT = 8
REG_Keys :- FOUND = 44; FROZEN = 0; KILLED = 0; ABSENT = 99
NEED FIX :- FOUND = 52; FROZEN = 0; KILLED = 0;
52 Off Permissions/Residuals to correct.

 ----  KILL Comodo Files and REG_Keys ; 13:50:08.36  ----
KILL ?  Y(es) / N(o) :- N

The KILL stage is similar, but because REG.EXE tells lies when told to delete keys the summary is unreliable,
and the grand total “52 Off Permissions/Residuals to correct” is therefore totally omitted.

The SHOW stage is like the LIST stage, but if KILL was complete the grand total should read
“00 Off Permissions/Residuals to correct.”
If it has a non-zero total then QUIT should be used and the identified obstacles manually removed,
then try again.

After success with the first 3 stages, then the RUN_ONCE stage will prepare Windows to do some more cleanup upon reboot, and it is better to allow RUN_ONCE and then quit and reboot to get the last vestiges of Comodo off the system.

I strongly advise that if The Windows Security System can then no longer see Comodo, there should be no need for the 5th stage that deletes the Repository in the hope that it can automatically rebuild so Windows Security System will no longer detect Comodo and will no longer object to a second dose of Comodo.

It is possible you have major problems with building the repository.
Microsoft do warn that if an apparently functional “Repository” is deleted,
the subsequent automatic rebuild may fail,
and I do not know if Windows will ever recover without a format and re-install ! !

It did damage to my .NET Framework - 4 items could not be rebuilt.
That is why I allow this to be executed, but advise against it.

I have very recently found more Comodo remnants scattered around the system which none of the clean-up tools address.
I am now in a further final debug stage to improve things, and am now resolving unexpected side-effects under extreme conditions - then I can launch something better.
The existing clean-up is sufficient for removing Comodo 3.??? and installing earlier 4.???.
If the latest 4.??? trips over remaining residuals then my next version MAY have better luck.

Questions :-
does EVERY version of XP Home edition + SP3 have installation problems with the latest Comodo 4.???
Is it impossible to install the latest Comodo 4.??? on an XP Home + SP3 which has NEVER had Comodo ?

Alan

Is there some documented evidence that only home version of xp should be concerned, and only sp3?

Yes - there is documented evidence !

The official system requirements are (from what I remember 2 hours ago) :-
Windows 7; Vista / XP SP 2

I have seen one post where some-one explained they wanted to try Comodo,
but chose not to because they had XP + SP3 which did not meet the specified XP SP2.
I still have not seen an official response to that topic.
and there seem to be various people with XP + SP3 that are unable to install the latest Comodo.

My belief is that Comodo has a MINIMUM requirement of SP2 on XP, and that XP + SP3 is fine,
but what this forum really needs is :-
User feedback that with XP + SP3 they had no problem;
and official confirmation that XP + SP3 meets Comodo requirements.

Alan