CHX-I - problem with the msi installer

I made a mistake: I changed my usual software setup (CHX-I 3.0 and KAV 6.0) without creating a restore point or using another snapshot technology. So I have no option to go back to a point where my system worked as intended by simply restoring

But I hope you can help me figure it out, please

So, what I did: I trialled 2 applications: Injoy firewall ( http://www.fx.dk/firewall/ ) and Network Instruments Observer ( http://www.networkinstruments.com/products/observer/ ).

First one, because I read it was similar to CHX and I wanted to see in what way (I was pretty disappointed actually, it's rule configuration is at the level of CHX-I 2.8, the other bells&whistles didn't make up for it, at least for me). The second one, out of pure curiosity: I wanted to see what it did differently from Ethereal that makes people pay 3,500 $ for it.

The installing/uninstalling went like this (I have KAV 6.0 installed as only other security application, I didn't touch it during these manoeuvres):

uninstalled CHX-I ---> installed Injoy (setup went fine even though Windows XP was not at all happy with a "F/X Communications Network Filter Driver" that was not "signed" for XP) ---> uninstalled Injoy ---> reinstalled CHX-I ---> installed Observer (setup went fine)

When I was playing around with the Observer, I noticed that my machine was replying to some other members of my local network in a way which made me suspect that something was wrong with CHX.

So I went to GRC and indeed, I had a few ports opened (by Observer) and the others were not stealth-ed.

I checked CHX and here it gets messy: the two main services were stopped and there was no way of restarting them. I decided to uninstall it and then reinstall it. But I couldn't anymore.

This is the message I get (the second popup message appears if I chose "Continue" at the first; also, the message from the event viewer):

http://content.imagesocket.com/thumbs/chx_error47b.jpg

If I choose "continue" again, after the second popup, it will finish the installation but, as you can see (image, down), the services are stopped and can't be manually started.

Of course I have Administrator privileges and before this I never encountered this message. Do you have any idea what prompts this and how it can be resolved?

In the mean time I uninstalled Observer also - I assume either it or Injoy messed something up - I even removed some "hidden" drivers left behind by both Injoy and Observer, but still no luck, same event ID 11920, same "Verify that you have sufficient privileges to start system services".

Please ask me for more details if needed, and I'm thankful for any suggestions you have.

PS Windows XP SP2

 

The thread title. CHX-I - problem with the msi installer

All the possible help I can give is if remnants from an fd up .msi installer is your problem.

Windows Install Clean Up
http://support.microsoft.com/kb/290301
http://support.microsoft.com/kb/295823

The Windows Installer CleanUp Utility is provided "as is" to help resolve installation problems for programs that use Microsoft Windows Installer.

Which are all programs that have the .msi extension. Like in the title of this topic. Hope this helps.

 

@zapjb - ty, I'll look into it tomorrow morning, now I'm tired

Meanwhile, I ran the msi from the cmd prompt with /log. This is an excerpt:

Code:

Action 4:00:50: InstallServices. Installing new services
Action 4:00:54: WriteRegistryValues. Writing system registry values
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\ChxMpf, Name: ImagePath, Value: System32\DRIVERS\ChxMpf.sys
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\System\ChxMpf, Name: EventMessageFile, Value: %SystemRoot%\System32\drivers\ChxMpf.sys
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\System\ChxMpf, Name: TypesSupported, Value: #7
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxLogsv, Name: TypesSupported, Value: #7
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxLogsv, Name: CategoryMessageFile, Value: %SystemRoot%\System32\chxlogsv.exe
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxLogsv, Name: CategoryCount, Value: #2
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxLogsv, Name: EventMessageFile, Value: %SystemRoot%\System32\chxlogsv.exe
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxRmtsv, Name: CategoryMessageFile, Value: %SystemRoot%\System32\chxrmtsv.exe
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxRmtsv, Name: EventMessageFile, Value: %SystemRoot%\System32\chxrmtsv.exe
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxRmtsv, Name: CategoryCount, Value: #2
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\Application\ChxRmtsv, Name: TypesSupported, Value: #7
WriteRegistryValues: Key: \Software\Third Brigade\Services, Name: ChxLogsv, Value: 
WriteRegistryValues: Key: \Software\Third Brigade\Services, Name: ChxRmtsv, Value: 
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\System\ChxMpld, Name: TypesSupported, Value: #7
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\Eventlog\System\ChxMpld, Name: EventMessageFile, Value: %SystemRoot%\System32\drivers\ChxMpld.sys
WriteRegistryValues: Key: \SYSTEM\CurrentControlSet\Services\chxmpld, Name: ImagePath, Value: system32\drivers\chxmpld.sys
Action 4:00:54: StartServices. Starting services
StartServices: Service: CHX Packet Filter Module Driver
DEBUG: Error 2835:  The control ErrorIcon was not found on dialog ErrorDialog
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2835. The arguments are: ErrorIcon, ErrorDialog, 
Error 1920. Service 'CHX Packet Filter Module Driver' (ChxMpf) failed to start.  Verify that you have sufficient privileges to start system services.
MSI (s) (B4:28) [04:01:35:371]: Product: Chx Packet Filter and Payload Filter 3.0 -- Error 1920. Service 'CHX Packet Filter Module Driver' (ChxMpf) failed to start.  Verify that you have sufficient privileges to start system services.

DEBUG: Error 2835:  The control ErrorIcon was not found on dialog ErrorDialog
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2835. The arguments are: ErrorIcon, ErrorDialog, 
Are you sure you want to cancel?
Action ended 4:01:37: InstallFinalize. Return value 3.
Action 4:01:37: Rollback. Rolling back action:
Rollback: Starting services
Rollback: Writing system registry values
Rollback: Installing new services

Between 4:00:54 and 04:01:35:371 in ProcMon there is a huge amount of data, unfortunately I can't understand what's the important part (there are a lot of NAME NOT FOUND results, both from msiexec.exe and other system exe's) but if someone here thinks that the report might help (or they could tell me what to look for), I could make it available.

 

I went through all gpedit.msc and compared the security settings against the default settings (from Windows Support) , I didn't find anything that would explain the "Verify that you have sufficient privileges to start system services" message.

I googled my problem, of course, but although this error is not such a rare one, it seems that appears with different softwares on different (windows) OS's and doesn't have one solution.

Did any of you encountered this error message?

I'm not overly concerned with the fact that I'm unable to install CHX-I, it's not the first time when I have a problem with it to which I can't find a solution because it's a product no longer developed/supported. What I do worry a bit is that obviously something changed in my system that I'm unaware of, and it might resurface as a problem elsewhere.

*edit*

What is the default for "Windows Installer" under services.msc > properties > Log on as 'Local System account': does it have the "Allow to interact with the desktop" checked or unchecked?

Thank you.

 

Hi oopsminded

It is important that you re-boot once you uninstall software that uses drivers before installing other software that uses drivers (… like firewalls, anti-virus systems).

It is also important to re-boot after installation, if installation of .msi files has failed then use what user zapjb has suggested, Windows Install Clean Up, and after completed that then re-boot before attempting to re-install CHX-I…

Uninstall CHX-I, are there any problems?

 

I used to install/uninstall CHX-I without rebooting and it worked fine, that's why I didn't do it this time around. The install of Injoy firewall required rebooting, I honestly don't remember if it did require after the uninstall.

I installed a few times CHX-I choosing "Continue" at the popups and I end up with a crippled installation: the services are impossible to restart no matter what (I tried manual, automatic, boot, etc), the "Active Network Connections" part works, but the "Check State Entries" (or how it's called) doesn't.

Regarding the Windows Install Clean Up, it just doesn't see CHX-I when installed. It's not in the list, although it is in my Add/Remove panel, and it can be removed or even repaired (unfortunately with no results) from there.

One more thing: after installing/uninstalling CHX-I, CrapCleaner's registry cleaner always finds the same remains, some InProcServer32... If I delete those, and I manually remove any other CHX or Third Brigade entry from the registry, the msi fails differently, it just does an incomplete install and then automatically rollbacks without any intervention on my part. After a reboot, I can reproduce the first type of error, if I choose to try another install.

As I said, I can live with this application not agreeing with my system, I just wonder what else could be affected by whatever is generating this "sufficient privileges to start system services" message.

 

Uninstall CHX-I, and create a text file and for it's contents copy and paste the following;

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ChxMpf]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\chxmpld]
[-HKEY_LOCAL_MACHINE\Software\Third Brigade]

rename the text file extension from .txt to .reg and execute, RE-BOOT, attempt to re-install CHX-I.

 

Thanks a lot for helping, but:
http://img208.imageshack.us/img208/7999/chx1sd7.th.jpg

And, btw, this is how my HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ looks at the moment (CHX uninstalled since yesterday):
http://img208.imageshack.us/img208/1796/chx2yq8.th.jpg

 

No prob, try again from the beginning...

 

Ok, it added the information to the registry this time, still the same result after the reboot and attempting a new install.

I have one other option I will try later. When I try to install it with KAV on I get the pop-ups from Registry Guard about the attempts to start services. Of course I'm allowing them all. Although I already tried the install with KAV off, I think there are some things left active from it that could still interfere. I will try to uninstall KAV and try CHX again.

 

Yea it is a possibility anything for security software that covers system services can be problematic…

When you downloaded that .msi off of the official website, have you tried right-clicking on the .msi file and going into ‘Properties’ and clicking ‘Unblock’ button found at the bottom of the GENERAL screen before installing?

 

I guess that's a IE + Attachment Manager settings, thing, right? I downloaded with Opera, no "Unblock" to uncheck. I will uninstall KAV now, even though, being a msi installer as well, I wonder if I'll be able to reinstall it

 

Can’t see it being MSI installer, you can try "msiexec /unreg" [PAUSE a min] "msiexec /regserver"

 

What I meant is this:

http://img221.imageshack.us/img221/8513/chxxr9.th.jpg

And by googleing a bit I read that I would've have to change some Attachment Manager settings to make that Unblock visible and it wasn't clear if the file itself must've been downloaded through IE or as an email attachment for that to apply.

Anyway, I sure didn't "unblock" any msi before on this PC and I installed quite a few.

I reinstalled KAV, all went well, I wasn't able to install CHX even without it on my system.

What's really bothering me is that a message like "Verify that you have sufficient privileges to start system services" should mean something specific and so it should be the resolution. Instead I'm afraid I'm doing more harm than good now, going about through all sorts of settings I never touched before

 

Please disable the Microsoft Windows DEP option.
Restart the computer and then perform the steps.
To disable DEP go to My Computer > Properties > Advanced > Performance > DEP.

 

I just disabled DEP editing the boot.ini file. Same result, I'm afraid. Very frustrating though, for instance: CHX has 4 "services" of which 3 should be started on installation (their default is automatic) - the Log Management Service, the Packet Filter Module Driver and the Payload Module Driver. The forth is set on "manual" and it's called Remote Management Service.

If I go ahead with the installation in spite of the error warnings, I am able to stop/start both "Service" services, but none of the "Driver" services. The files on which those 2 drivers/services are based (as seen in Autoruns>Drivers) are copied in the system32\drivers folder, but are not visible as drivers (not even when I choose 'show hidden devices') in the Device manager.

Edit: Not even DriverView or RKU are seeing those .sys ( chxim.sys - this in Autoruns is described as CHX IM Driver, chxmpf.sys - in Autoruns: Packet Filter ChxIM Extension, chxmpld.sys - Payload ChxIM Extension) files as drivers. Is there a way to manually "transform" those sys files from system32\drivers into actual drivers?