I know the correct syntax as welll. I worked in a PC OS support for 10 years and has access to MS’s code. I was a developer and worked on a PC OS. I’m retired now, but well versed on the h/w and ins and outs of Windows. I can usually SOLVE most things.

If you look back, one of my tries was to put valid syntax into the key and reboot. The data was NOT executed and the key was replaced.

I did reboot, and no blue screen, but the key grew in size. Tried again, got the blue screen, but the key shrunk to 2K?

Bizarre!

I located in SYSINTERNALS a program, PENDMOVES, you can get it here, http://www.microsoft.com/technet/sysinternals/fileanddisk/pendmoves.mspx, which will list and verify the contents of the key.

What I can NOT understand is why when Comodo is uninstalled this goes away?

OK, on to the uninstall. This is REALLY bugging me…

OK, Comodo is off the system using REVO (Advanced).

Rebooted NO BLUE SCREEN!!!

Ran the SysInternals PENDMOVES :

C:\downloads\PendMoves>pendmoves

PendMove v1.1
Copyright (C) 2004 Mark Russinovich
Sysinternals - wwww.sysinternals.com

No pending file rename operations registered.

C:\downloads\PendMoves>

No question in my mind Comodo is the cause of the entries.

Will try one more reinstall to see what happens.

OK, reinstalled and guess what, the BLUE SCREEN is back, sigh… PENDMOVES confirms it as well.

Now that said, I watched VERY closely and I saw something when I responded to the install to reboot the system. For and instance, I saw something about DW20.EXE had to close.

Checking on DW20.EXE I find it to be part of the MS Windows Error Reporting system.

===========
dw20.exe description: Application Error Reporting is a tool which collects (non-private) information when a certain Microsoft Office application crashes.
It then sends this information to Microsoft for further processing.
This helps fixing the bugs in those applications.

Makes no sense, why does Comodo have anything to do with Office?

I’ll leave it on for a day or two, hopefully so someone could get me working here.

Has to be something on my XP Pro SP2 system I guess, no others seem to be having this problem?

I looked in my Event Viewer. Much to my surprise, I see it was SHUTDOWN shortly after the reboot? Not clear why, the few fails are not related to anything with Comodo it seems?

Worst one seems to be

Event Type: Information
Event Source: EAPOL
Event Category: None
Event ID: 2002
Date: 3/13/2008
Time: 3:37:02 PM
User: N/A
Computer: IRVS
Description:
The description for Event ID ( 2002 ) in Source ( EAPOL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The event log file is corrupt…

I’m pretty sure they mean the EAPOL log there?

Interestingly, even with Comodo installed, but NOT opertional and starting with Windows, I get the Blue Screen. Only way it seems to defeat this is to uninstall it?

I believe that DW20 is the Doctor Watson error reporting program which will run if a blue screen happens.

Lee (B)

Some more diagnostic information.

Like I said, I turned off the firewall but left it installed. I was still getting those blue screens (not BSOD’s). PENDMOVES just showed more and more entires into the key.

So I decided to UNINSTALL Comodo. Well, since it wasn’t running, I got a different response from Revo this time. It found some files RUNNING that it couldn’t delete… CMDAGENT.EXE was the program. Maybe it is the SERVICE, I don’t know, don’t have it installed now. Before rebooting I ran PENDMOVE and there at the end of a LONG list was the DELETE for that file and some folders. Just like Revo said it would do. Booted, no blue screens, and then ran PENDMOVE and there are NO ENTRIES in the key.

Conclusion, CMDAGENT was the culprit here.

If anyone can suggest how to ‘fix’ this or what in my system is causing the problem, I’m all ears…

I think – for now – this is the end of Comodo on your system.

The time (and time is money) you’ve invested hasn’t – through no fault of your own – returned much in the way of a permanent solution.

As you know, of course, BSODs are something to be reckoned with, and I certainly would not tolerate them any longer since it is apparent that the Comodo service (cmdagent.exe) was playing a significant role in causing them.

Until a significant update to CFP is released, I would refrain from reinstalling it. Clean up your system as best as you can and try another product. You might consider installing Online Armor, if you haven’t tried it already. It has received high marks in penetration testing.

We gave it our best shot. That’s all we can do. Good luck.

USSS,

It isn’t a BSOD but a ‘normal’ Blue Screen much like you’d see if you ran CHKDSK prior to boot, see my original message,

Since then whenever I boot, Right after the WinXP black screen with the blue squares moving in a box, I get the screen that you’d see if CHKDSK were to run. Dark blue bar on the top with Windows XP on the right and same bar on the bottom with a lighter blue in the middle. The words ‘Please Wait’ appears and then directly after that, dots. They keep adding. Something is going on and the number of dots are not always the same.

I did the removal with Revo as you might recall. Don’t want to go without a FW so I decided to try our PCTOOLs FW’s free 30 day trial. Figured by then, maybe this could be discovered and fixed here or Norton could ‘cure’ N360 V2’s problem for me.

The system had been booted a few times before I tried to install PCTOOLS FW. Even had run Glary Utilities Registry checker to get out any left overs. None were found.

During the FW install it told me that Comodo was installed and did I want to continue? Odd? I stopped and manually searched the Registry and Services. Nothing found, restarted the install and told it to proceed. Works fine? Suspect that maybe the Windows Firewall which was enabled during the uninstall of Comodo might have retained the information of the FW name last used somwhere. I’m searching my drives for files that contain COMODO now, but I’d not expect to find any that matter. It does appear in a TON of files, normal stuff like my Roboform entry, mail logs, inbox, etc, even cookies. I might miss the file that matter for all I know here? In a few minutes 95 files were found, and it is nowhere near the Windows directory to search yet.

I looked at the website for Online Armor. I think I’ll pass. The ‘free’ version seems to be a ‘crippled’ version of the one you pay for. Not sure how crippled it is though.

Ohhh…that Blue Screen. Well, that does make a big difference. For me, though, it only deepens the mystery.

Do you think your User Profile or User Account has become corrupted? When Windows is fetching your personal settings as it boots up, it’s possible something is going haywire in the background that causes the pre-desktop Blue Screen to appear.

The only other thing that might work is using some kind of startup manager. If the Comodo service (cmdagent.exe) is loading a bit too early during the bootup routine, that might be causing the problem. Delaying the startup of cmdagent.exe might make a difference. This is all conjecture on my part, but might be worth investigating.

I do have a STARTUP manager, but it isn’t delaying anything.

My search did complete and it found 595 files with Comodo in it. Oddly enough, some were from WAY back? Most were in TEMP directories, RESTORE directories, logs and cookies. I gave up trying tto locate if it was anywhere that would indicate it was installed.

The real question “why does cmdagent try to write something into the Registry?” For the last time when I checked the registry AFTER uninstalling Comodo it had in it the bad filename umpteen times and the delete for cmdagent.exe. On the next reboot, the blue screen, and then I checked the registry and it was NOT there (the pending… key data).

It is off my system now, but I’ve thought a little more about this? I have 2 theories and maybe you can determine if either is valid?

• My AV is doing it in? It is EAV Antivirus suite (free). I looked through it and it doesn’t seem to have blocks or Comodo entries, but if this is happening during the boot process, maybe it can’t log the actions? I should have turned it off and tried installing, but I didn’t think of doing that until now.
• Since once cmdagent.exe was deleted the registry data was not rewritten, then what could be triggering cmdagent to write the data? Since the delete of cmdagent was in the data and the data was completely gone on the boot, cmdagent probably was not started until after the registry data was handled or I would have seen an error that it couldn’t find the file I assume. So, then something was making cmdagent write that data. I saw during the uninstall as REPAIR folder. What is this for? Why were files (assumed at least) to be in it? My thought here was that cmdagent saw files and tried to copy them over. Couldn’t replace GUARD32.DLL as it was open. So it wrote that instruction to the registry key data. However, it kept trying to write the file and before the registry data could be written, was clearing the buffer used for the write.

Any of these 2 make sense?

I’ve still got the install file here if I need to assist and try something.

Point 1: Your AV may be causing the problem.

If you are not doing so, ALWAYS shut down or disable your AV when installing CFP.

In fact, you need to shut down ALL unnecessary processes – including your Internet connection – before installing CFP. I use a program called EndItAll, but I go a step further and shut down additional processes in Task Manager that are not closed or killed by EndItAll.

Point 2: The problems you describe here may be caused by your AV as well.

I am not familiar with EAV. It might be worth the effort to uninstall EAV completely, then reinstall CFP to see if the Blue Screen symptom still persists. If it does, then you’ve likely narrowed down the source of your problem.

You could then reinstall EAV and see if the order of installation makes a difference. For example, I have to install Kaspersky first, then CFP. There have been numerous problems reported with this combination of AV/FW, but it is usually resolved by installing the programs in a certain order. The same thing might apply in your case.

USSS,

I have uninstalled both PC Tools FW and EAV AV suite. I can report that my blue screen problem is no more!

In my initial message I stated

===================
As all this was happening, the AV I’m using is EAV Antivirus Suite Free Edition V5.61 (www.your-soft.com).

During the INSTALL, the AV claimed that GUARD32.DLL was ‘infected’. I let it go through and install.

I suspect the AV did more than just think GUARD32.DLL was infected.

Anyway, I’ve booted twice, ran PENDMOVES and nothing is in the key data.

I think I’ll switch AV’s here, probably AVAST or AVG at this time.

As for shutting down an AV while installing, I’d personally rather not. Too many rogue programs out there that can be infected, even from reliable sources. Even CD’s/DVD’s you purchase in a store.

Anyway, at this point in time, I think I’m OK. Time will tell.

Using Avast! as my AV now.

Same problem as others have reported, no Systray Icon’s. Have to run ashdisp.exe after booting.

I’m assuming, other than this, all is OK?

I guess you’re OK…what is ashdisp.exe?

Have you updated to v.320?

USSS, yes, updated yesterday.

ashdisp.exe is the ‘workaround’ to get the icons for Avast to show on the desktop. Other users are experiencing the same problem and also reported on Avast forums specifically with Comodo. However, those messages were OLD ones.

I now see that for some reason, my program I’m using to look at the STARTUPS has ashdisp maked as disabled? I’ll reset that, should clear the problem.

BTW, I only noticed there were updates when looking at the topics here. For some reason, even though I have automated updates checked, it never happened, I had to do it manually?