"Please Wait..." on booting

Help for v3
1

OK, I’ve installed Comodo V2 first just recently. Then found V3 and installed it. V3 deleted V2 and then rebooted and I had to install V3 again. As all this was happening, the AV I’m using is EAV Antivirus Suite Free Edition V5.61 (www.your-soft.com).

During the INSTALL, the AV claimed that GUARD32.DLL was ‘infected’. I let it go through and install.

Since then whenever I boot, Right after the WinXP black screen with the blue squares moving in a box, I get the screen that you’d see if CHKDSK were to run. Dark blue bar on the top with Windows XP on the right and same bar on the bottom with a lighter blue in the middle. The words ‘Please Wait’ appears and then directly after that, dots. They keep adding. Something is going on and the number of dots are not always the same.

Trying to track this down I first thought it was CHKNTFS finding dirty bits, but that doesn’t appear to be the case? I checked my other computers and the REGISTRY values are the same on the systems.

Next I looked at My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager in the Registry. I see something odd compared to the other system. I have a PendingFileRenameOperations Key. The data is

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

It seems to grow on each boot?

I do have a GUARD32.DLL on the system (but no GUARD32.DL),

c:>dir guard32.* /s
Volume in drive C is Drive_C_SATA
Volume Serial Number is 880F-4DB4

Directory of c:\Program Files\COMODO\Firewall\Repair

03/10/2008 08:58 AM 139,008 guard32.dll
1 File(s) 139,008 bytes

Directory of c:\WINDOWS\system32

03/10/2008 08:58 AM 139,008 guard32.dll
1 File(s) 139,008 bytes

 Total Files Listed:
           2 File(s)        278,016 bytes
           0 Dir(s)  49,228,763,136 bytes free

I deleted that KEY, system booted WITHOUT that annoying screen. However, when I looked in the Registry after boot, the key was back?

I looked at my CURRENTVERSION3, and that key WAS NOT there? It was in CURRENTVERSION2 however?

Any ideas or suggestions? Is this caused by the AV or the FW?

Thanks,

IrvS

2

First of all you CANNOT just install a newer version over an older one without uninstalling 2.4 first. You need to uninstall 2.4 and 3.0 and start all over. See here also.

https://forums.comodo.com/help_for_v3/comprehensive_instructions_for_completely_removing_comodo_firewall_pro_3_info-t17220.0.html

3

OK, I’m guilty of not looking here for instructions. I just D/L’ed and then ran it. When it said it was uninstalling V2 I thought it would… guess it doesn’t? I also was surprised that after the re-boot it didn’t run the V3 install. Most programs that delete a version usually do that. I’ll delete V3, cleanup, and re-install. Hope that fixes this…

4

Where did you download Comodo from? I always use Revo Uninstaller in Advanced mode. When Comodo says reboot, don’t and delete all registry amd program files entires. Then reboot.

5

Originally from PC MAG’s web site, but V3 I got from Comodo’s site.

c:\downloads>dir cfp_*
Volume in drive C is Drive_C_SATA
Volume Serial Number is 880F-4DB4

Directory of c:\downloads

02/19/2008 02:55 PM 21,014,784 CFP_Setup_3.0.18.309_XP_Vista_x32.exe
1 File(s) 21,014,784 bytes
0 Dir(s) 49,207,586,816 bytes free

I’ve REMOVED via ADD/REMOVE Comodo, followed the delete instructions before rebooting. Some entries were not there, others I couldn’t delete, like GUARD32.DLL.

Rebooted, still got the blue screen?

After the reboot, GUARD32.DLL is gone. So is the key PendingFileRenameOperations.

I’ll reboot a few times to make sure and THEN install V3. Hope it doesn’t come back…

Thanks,
Irv S

6

Did you do the manual clean up like i said?

7

Yes I did. Followed the instructions. The LINK for the file (ZIP) although it d/l’ed I couldn’t open? So I manually followed the instructions in the link.

Many REGISTRY entries were not there. I couldn’t delete GUARD32.DLL at all? However, after reboot it was gone.

I’ve not re-installed V3 yet, but 3 reboots did not produce the bothersome screen or recreate the REGISTRY entry Pendingfilerenameoperations, so I guess I’m OK?

As for what I couldn’t do from the instructions (mostly didn’t exist), here is the list (ADD/REMOVE was used to take out Comodo).

b. C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro
f. *C:\WINDOWS\system32\drivers\cmdGuard.sys
g. *C:\WINDOWS\system32\drivers\cmdhlp.sys

In the registry part, I only had the CMDHELP ones?

IrvS
h. *C:\WINDOWS\system32\drivers\inspect.sys

8

OK, after a day of running and booting fine, I tried to install V3. V3 and old V2 had been cleaned out using the suggested info. There was NO GUARD32.DLL on my system.

So I installed the latest V3 from this site. Installed CLEAN, no error messages and my AV didn’t trip up on the GUARD32.DLL file. SCAN showed no malware I would delete (many unknown and I knew what they were).

Did a REBOOT, BLUE SCREEN was back, but I expected that as I looked in the registry and saw the PENDING key was back. Not to worry, maybe it needed to do that to move a file somewhere.

So I rebooted again, and the SAME BLUE SCREEN.

Something is CLEARLY wrong, at least on my system.

Suggestions or should I get another firewall?

I had Norton’s 360, and it was working fine, that is until I installed V2 (had V1). It gave me BSOD’s. They are not too fast in trying to locate the problem.

I wish I knew what the FW was trying to do? The data in the key is real screwy,

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

??\c:\windows\system32\guard32.dl

It seems like only 1/2 the command was written, this is the Pendingfilerenameoperations, and as such, I’d have expected 2 filenames? It seems the install only writes 30 some odd characters into the key and maybe had a problem and tries again? If I reboot, the list gets longer it seems… and probably the reason I see more '.'s on the screen.

Any ideas? I think the firewall is installed and working correctly? Anyone know ‘who’ is trying to update the registry and when?

9

You probably still have remnants of Norton 360 on your system that is interfering with a clean installation of CFP 3.0.

If Norton offers a standalone product removal tool, download and use it. Norton/Symantec products are notoriously difficult to eradicate completely from a system.

10

Thanks for the reply, but Norton is COMPLETELY gone. Ran their clean tool a few times to be sure. Live Update too…

The problem is the registry key here. First, it isn’t what it should be as far as data. It should have TWO locations, the file from and file too and or renaming it as it goes. Once this is done, the KEY should be removed. Obviously, the filename is either wrong or incomplete (ends with .DL) and there is no target information.

================
c:>dir guard32.dl* /s
Volume in drive C is Drive_C_SATA
Volume Serial Number is 880F-4DB4

Directory of c:\Program Files\COMODO\Firewall\Repair

03/12/2008 09:01 AM 139,008 guard32.dll
1 File(s) 139,008 bytes

Directory of c:\WINDOWS\system32

03/12/2008 09:01 AM 139,008 guard32.dll
1 File(s) 139,008 bytes

 Total Files Listed:
           2 File(s)        278,016 bytes
           0 Dir(s)  49,166,708,736 bytes free

==============

So, the problem is what should be in the KEY and WHAT is creating the key and adding to it on each boot? It has NOTHING to do with Norton in my estimation.

11

Have you tried this tool.

12

This one is a real puzzler.

I’m at somewhat of a disadvantage in heling you since I don’t have Vista installed on my system.

My suggestion at this point to export (copy) the registry key(s) causing the problem, then delete them from the registry. After that, uninstall CFP 3.0 then reinstall it.

Even after removing Symantec AV from my laptop several months ago using Norton’s dedicated removal tool, I still occasionally find a registry key or value that references their product. So you may need to perform a very comprehensive search of the entire registry to ensure that all references to Norton 360 are eliminated.

Post back and we’ll keep trying to help you as best as we can.

13

USSS, thanks for the reply.

Well, I’ve been able to shed MORE light on this. Forget Norton, it is a RED HERRING I think.

Here is what I’ve tried…

Thinking the problem is that the ‘copy’ operation isn’t completed, and it can’t with invalid names, I decided to create a REAL one. I had it copy the GUARD32.DLL to C:\DELETETHIS.BIN and rebooted. My theory was the operation WOULD complete and that would solve the problem.

Rebooted, very fast and never saw the Blue screen. OK!!! Now mind you there were too many of those ‘bad’ lines in there to count and the prior boot gave me 2 1/2 lines of dots, so I thought I was home…

I opened the Registry and much to my dismay, IT WAS BACK (I did delete the key once before and it came back btw)!!!

Now I see a BIGGER hint in the data though…

??\C:\WINDOWS\System32\spool\drivers\W32X86\3\New

Where did this come from???

Looking at the directory, again, nothing there with new? Nothing starting with it either?

However, that directory is my HP 5400 driver files it looks like? Why is this one messing up with Comodo installed. Did NOT happen with the old V2 I had installed? New with V3? Not sure about the contents though, saw some BMP files for things I printed months ago? Printer is an HP 5400 if that matters.

Now I just looked at my PENDING FILES in the FW. There WERE some to that directory, C:\WINDOWS\System32\spool\drivers\W32X86\3\New. Could this be the problem? Am I also holding up something to do with GUARD32.DLL?

Suggestions on setting up the FW to ‘fix’ this if so? What should I look for?

I got a feeling if I boot without the FW activated I’ll not have this problem?

I’m at a loss, but I’m 99.9% sure Norton has NOTHING to do with this.

14

Still sounds like a corrupt install. i have uninstalled Comodo on my laptop and desktop about 5 times each pc and no problems. Have you tried using Revo Uninstsller in Advanced mode? Using a good registry clean up tool like Registry Mechanic? After uninstalling and rebooting look through your registy yourself for anything Comodo related. There are hidden files and folders in Documents and Settings.

15

I will try the uninstaller… I can’t tolerate the long boot times with the pending key getting in the way and it makes me wonder ‘what else’ is wrong possibly.

I’m using the GLARY UTILITY to clean out the REGISTRY. It finds plenty of stuff I’ve missed and unlike other cleaners I’ve tried, this one doesn’t clean out ‘good stuff’ as well. I’ve run this after each of the uninstalls I’ve done and after I’ve searched the directories and the registry itself. It found one or two entries, nothing more, and usually just ‘history’ ones and MRU’s which are really nothing to worry about.

I’m concentrating on the theory that the FW is causing the problem of a program not running or an internet connection not being made, but so far, I’ve not located anything remotely like that in all the settings and possible options I can select in all the parts?

Hoping someone could give me some real good places to look that I’ve not looked before. LOGS are clean and don’t seem to show much…

16

I think I recall seeing some posts awhile back that referenced problems with some HP printer drivers. No, I don’t remember the specific models, but you might search the forum for this information. Probably a long shot, but at this point, I have no other suggestions for resolving this issue.

17

I searched for “hp drivers” and there were no hits in this forum?

I’m going to un-install with Revo later today and see what happens when I reinstall. Still gives the blue screen, I’ll decide if I’ll keep using it or not?

I’m out of ideas here.

I can’t even lock the registry and see who it trying to write to it as it happens well before windows comes up. The FW also seems to be the last icon added to the Systray, so it might also be the last to come up. That alone isn’t too good as the first things opened it my network connection. Norton appeared on the Systray a lot sooner and had hooks into the network stack.

18

You discovered how difficult it is to search in this forum. I’m sorry I couldn’t recall specific keywords or perhaps the forum member(s) who started the threads on the HP drivers.

Comodo’s protection begins well before your entire system tray is populated. The icon that appears “last” is the Comodo GUI. So your network connection is protected almost immediately after you power up your system.

Well, I know this whole ordeal has been nothing but exasperation for you, and I hope your next reinstallation succeeds. We’ll be pullin’ for ya!

19

OK, something I thought had changed? It really didn’t, but I stopped getting the Blue Screen?

Did it finally give up?

Well, NOT really…

The KEY is now 26K long, endless repeats of “??\c:\windows\system32\guard32.dl”. Maybe it is so big it can’t be processed? Probably growing every boot?

Would you check to see if you have a Pendingfilerenameoperations in My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager?

Maybe a lot of people have this and they don’t know it?

I’m going to reboot a few more times and make sure I don’t see the blue screen and the key grows in size. If it doesn’t, I’ll live with it. If does grow, I’ll use REVO to uninstall it completely and re-install and see what happens.

20

I checked both my desktop and laptop systems, and I found the key, “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations”, but there is no value assigned to it (empty). The same holds true for CurrentControlSet001, CurrentControlSet002 and CurrentControlSet003.

The “Pending” flag probably should only appear immediately after an uninstallation but before a reboot that would complete the renaming operation. That’s weird behavior in your registry; somehow the renaming operation never completes. Perhaps the command syntax for renaming that file is corrupted: just a guess. If you could boot into Safe Mode or perform a clean boot, you might be able to perform the file renaming operation yourself, but I don’t know if that is possible under Vista. Under Windows XP, it is:

Rename Command Syntax:

rename [drive:][path] filename1 filename2

drive: = This is the drive letter containing the file you want to rename.

path = This is the folder or folder/subfolders located on the drive:, containing filename1 that you want to rename…

filename1 = This is the name of the file you want to rename.

filename2 = This is the name you want to rename filename1 to. You can not specify a new drive or path for the renamed file.

Example: rename c:\windows\win.ini win.old