[SOLVED] SFCFix: request for an analyst's help

[ChicaWoo]

I discover, gratefully, that this forum supplies help with problems that SFC cannot fix.

I am experiencing a somewhat notorious problem - the problem of remnants of Avast security software causing SFC to error-out.

I have tried: removing all traces of Avast from my system, manually; using Avast's uninstaller utility.

I attach my SFCFix log - though it seems to contain little information.

Here are lines from SFC's own log:

2023-08-10 23:07:52, Info                  CSI    00000020 [SR] Cannot verify component files for Avast.VC140.CRT, version 14.0.27012.0, arch amd64, versionScope neutral, pkt {l:8 b:fcc99ee6193ebbca}, type [l:5]'win32', manifest is damaged (false)
2023-08-10 23:07:52, Info                  CSI    00000021 [SR] Cannot verify component files for Avast.VC140.MFC, version 14.0.27012.0, arch amd64, versionScope neutral, pkt {l:8 b:fcc99ee6193ebbca}, type [l:5]'win32', manifest is damaged (false)
[. . .]
2023-08-10 23:09:28, Info                  CSI    00000177 [SR] Cannot verify component files for Policy.14.0.Avast.VC140.CRT, version 14.0.27012.0, arch amd64, versionScope neutral, pkt {l:8 b:fcc99ee6193ebbca}, type [l:12]'win32-policy', manifest is damaged (false)
2023-08-10 23:09:28, Info                  CSI    00000178 [SR] Cannot verify component files for Policy.14.0.Avast.VC140.MFC, version 14.0.27012.0, arch amd64, versionScope neutral, pkt {l:8 b:fcc99ee6193ebbca}, type [l:12]'win32-policy', manifest is damaged (false)

Help greatly appreciated.

 

[Maxstar]

Hi and welcome to Sysnative,

Please follow the Windows Update Forum Posting Instructions (you can skip step 1 and 2), just provide the files from step 3 and 4 in your next post.

 

[ChicaWoo]

> Hi and welcome to Sysnative.

Well, thank you!

(That 'component scanner' has a rather nice icon.)

Herewith.

 

[Maxstar]

Please provide a copy of the COMPONENTS hive as well.

Upload your COMPONENTS hive.

• Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
• Please copy this file to your desktop.
• Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
• Right-click on this file on your desktop and select Send To > Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
• If the file is too large to upload here, upload the file to www.wetransfer.com and post the link in your next reply.

 

[ChicaWoo]

Herewith!

 

[Maxstar]

It seems that you are currently using AVG instead of Avast, is that right?

 

[ChicaWoo]

No - no AVG and no Avast; I am using ESET. (Windows Defender would have been alright, except that it removed stuff . . without asking and could not be configured to do otherwise.) I have run the utility for removing Avast that Avast provides (but not anything similar for AVG; the system has had a lot of different software on it over the years, although, with the exception of the current SFC problem, the system runs well).

 

[Maxstar]

Avast

amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_5ca6eb17137337f1
amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.27012.0_none_6186ed0910476724

AVG

amd64_avg.vc140.crt_f92d94485545da78_14.0.28127.0_none_71b849adcdf881e1
amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95

Okay, I see similar entry's for AVG as well, but let's remove the Avast entry's first with FRST and run SFC again.


Step 1. Download

Acelogix RegBak (Portable) to create a backup of the registry.

• Extract RegBak.zip and right-click regbak64.exe and select "Run as administrator".
• Click on the button New backup and choose the location where you want to save the backup.
• Optional: enter a description for this backup.
• Now click on the option "Click here to view details".
• Ensure the option Select hives not loaded by Windows is checked, to be sure the following items are included in the backup.
  
  
• Click Ok to save these settings and press Start to create the backup.
• When completed you will see the message: Finished succesfully.

Step 2. Download the

Farbar Recovery Scan Tool and save it to your Desktop:

Download the 64 bit version: - Farbar Recovery Scan Tool Link

Warning: This script was written specifically for this system. Do not run this script on another system.

• Download the attachment fixlist.txt and save it to your desktop.
• Right-click on FRST.exe and select "Run as administrator".
• Press the Fix button.
• If for some reason the tool needs a restart, please make sure you let the system restart normally.
• When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
• Post the logfile Fixlog.txt as attachment in your next reply.

 

[ChicaWoo]

Thank you. Herewith.

I ran sfc /scannow. It showed no errors. Hitherto I have been familiar with this level of sorcery only on Linux. I will be donating to this site. It is a wonderful service that you provide. Thank you very much.

 

[ChicaWoo]

Postscript: I see the following on Avast's Wikipedia page. Avast bought AVG. The costless version of both products - Avast's free offering and AVG's (for, both products survived the acquisition) sold customer data to advertisers until a backlash forced the end of the practice. The Czech government (Avast is Czech) is (or was? perhaps the Wikipedia page is outdated) investigating Avast.

 

[Maxstar]

Hi,

You're welcome and thanks for your donation to Sysnative! And yes Avast bought AVG back into 2016 - attached a fixlist you can use to remove the AVG remnants from the COMPONENTS hive.

Start the

Farbar Recovery Scan Tool again.

Warning: This script was written specifically for this system. Do not run this script on another system.

• Download the attachment fixlist.txt and save it to your desktop.
• Right-click on FRST.exe and select "Run as administrator".
• Press the Fix button.
• If for some reason the tool needs a restart, please make sure you let the system restart normally.
• When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
• Post the logfile Fixlog.txt as attachment in your next reply.

 

[ChicaWoo]

Thank you for the further step, Maxstar.

I fear that I messed things up - temporarily, I hope - by running, unbidden and immediately after sfc started giving the all clear, a self-removal tool published by _AVG_. After running it, and rebooting, the sfc error returned. I tried reapplying the FRST fix but no dice. I tried a system restore and, after an age, Windows told me that the restore was unsuccessful - there was some error to do with my antivirus (ESET). I contemplated restoring from an image, but sfc was now giving the all clear again. So I ran the latest FRST fix that you were good enough to supply (and rebooted). And now sfc once again reports no errors. But I think I'd better reboot and test again.

 

[ChicaWoo]

> sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

 

[Maxstar]

Hi,

(...) I hope - by running, unbidden and immediately after sfc started giving the all clear, a self-removal tool published by _AVG_. After running it, and rebooting, the sfc error returned.

Hmm, that's interesting. Then it seems that only the manifest files were deleted by the removal tool, but not the associated registry keys..