[SOLVED] Avast & System Restore causing serious issues

L

lordxx

Member
Joined
Nov 29, 2014
Posts
11
Hello,

I am seeking assistance with some issues that I am currently have with my laptop. About a few days ago I was testing Avast IS running on my device and I uninstalled it shortly after (about three days ago). Once my computer was restarted post-uninstall, Windows Firewall was disabled. I attempted to enable the firewall via Action Center and that failed. Attempting to enable the firewall manually resulted in nothing as well. I researched SEVERAL forums and articles online about the issue, among others, and still have yet to find a resolution that doesn't result in a clean install/refresh of my Win 8.1 machine. After I couldn't find a resolution, I was glad to remember that Avast saved a restore point prior to the install of the software. So I did a restore to the point prior to the installation of Avast IS. Here is where a crap ton of issues started coming up:

I) Windows Update could successfully search for updates, however, every time it would fail to install any update.
II) Windows Firewall is still disabled and doesn't respond to any fixes, including some terminal commands I saw in a few ms technet posts.
III) The antivirus software I had prior to installing avast wouldn't load, it stated that there were COM files missing and I needed to restart the services of the program. I found that only one, out of the four services showed up in services.msc. No clue why they disappeared. Reinstalling the program did absolutely nothing.

I researched tirelessly on some resolutions for the issues I am having and if it would cause any issue with installing antivirus programs that are dependent on the firewall, which is in turn, dependent on other services and no answer to that question either. I found some fixes such as the DISM fix and SFC, and chkdsk. Unfortunately the issues that SFC stated in its log file were the following, and they weren't reparable:
2014-11-28 23:31:14, Info CSI 000000cf [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be decompressed
2014-11-28 23:31:24, Info CSI 000000e5 [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be decompressed

There were two other issues with a printer driver (canon apparently that I didn't really care about. Those were fixed by what was done above, including SFCFix.exe.


Now I am here, seeking some ideas as to what to do and if this MSDTC.LOG is causing an issue with my firewall and windows update.
 
Hi,

I've moved this to the Windows Update forum, because that is where we deal with SFC issues - and one of your issues here is related to SFC.

I don't think that the MSDTC.LOG issue is related to AVAST!, but this issues has been plaguing us for months and we have recently discovered a fix for it.

Can you please upload your whole CBS folder for me to analyse?

SFCFix CBS Collection


  1. Download SFCFix.exe using the following link and save the tool to your Desktop: [sfcfixdownload]Download SFCFix[/sfcfixdownload]
  2. Download SFCFixScript.txt and save this to your Desktop as well: https://dl.dropboxusercontent.com/u...ts/~Generic/Collect/CBS/SFCFixScript.txt?dl=1
  3. On your Desktop, you should now see two files: SFCFix.exe and SFCFixScript.txt.
  4. Drag the file SFCFixScript.txt onto the file SFCFix.exe and release it.
  5. SFCFix will now begin to upload your CBS logfiles to our server.


Regards,
Stephen
 
Hi Tekno

Thank you for the reply. My apologies, I read the thread about SFC after posting.


I've ran the script and it seems to have processed without error.
 
Thanks for that.

We have two issues to deal with here, the "cannot be decompressed" issues and a STATUS_RM_NOT_ACTIVE error.

The compression issue is the one that we have recently discovered a fix for. Can you start by finding some info for me?

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.


  1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
  2. Download the attached file, SFCFixScript.txt, and save this to your Desktop. Ensure that this file is named SFCFixScript.txt - do not rename it.
  3. Save any open documents and close all open windows.
  4. On your Desktop, you should see two files: SFCFix.exe and SFCFixScript.txt.
  5. Drag the file SFCFixScript.txt onto the file SFCFix.exe and release it.
  6. SFCFix will now process the script.
  7. Upon completion, a log should be created on your Desktop: SFCFix.txt.
  8. Copy (Ctrl + C) and Paste (Ctrl + V) the contents of this into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.


SFCFixScript.txt: https://app.box.com/s/4v0jtl32qc2xetjb93gw

Stephen
 
Code: 
SFCFix version 2.4.1.0 by niemiro.Start time: 2014-11-29 16:00:01.228
Using .txt script file at C:\Users\xxx\Desktop\SFCFixScript.txt [0]








FileScan::
[0: 1] C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6\MSDTC.LOG
File is untraceable.
 Found: SD6OMNd/nMSy7P0Ob02ZGPT4cYglTnq4Gz0i2cQTLNo=
 Version number not available.
Trace not available.






[1: 1] C:\Windows\System32\MsDtc\MSDTC.LOG
File is untraceable.
 Hash not available.
 Version number not available.
Trace not available.






[2: 1] C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.17415_none_0a5dfdcc33c06e7e\MSDTC.LOG
File is untraceable.
 Found: ZOM2A1sI9i25LVFShSopEimnFtVKIQLW3+GD3agBpQI=
 Version number not available.
Trace not available.
FileScan:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2014-11-29 16:00:07.535
Script hash: yqmxX1j/+8ZyX3y6rPOmoWChAp9FEXuZ4bDqiXrV6rc=
----------------------EOF-----------------------
 
Hi,

Let's try replacing the file first - if not, we'll have to change a registry key so SFC expects the correct compression.

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.


  1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
  2. Download the file below, SFCFix.zip, and save this to your Desktop.
  3. Save any open documents and close all open windows.
  4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  6. SFCFix will now process the script.
  7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
  8. Copy (Ctrl + C) and Paste (Ctrl + V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.


https://app.box.com/s/abwgyi3at9l7nf43ujg1

SFC Scan


  1. Press the Windows Key on your keyboard and X to open up the Power User Tasks Menu
  2. Click (or tap) Command Prompt (admin)
  3. When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue (approximately 15 minutes)

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt

  4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.


Stephen
 
Thank you for the quick replies.


Code: 
SFCFix version 2.4.1.0 by niemiro.Start time: 2014-11-29 16:14:40.102
Using .zip script file at C:\Users\xxx\Desktop\lordxx.zip [0]








PowerCopy::
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6\MSDTC.LOG


Line blocked (SFCFix.txt): "C:\Users\xxx\AppData\Local\niemiro\Archive\SFCFix.txt" C:\Windows\winsxs\SFCFix.txt.
Successfully copied file C:\Users\xxx\AppData\Local\niemiro\Archive\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6\MSDTC.LOG to C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6\MSDTC.LOG.


Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6\MSDTC.LOG
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6\MSDTC.LOG
PowerCopy:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2014-11-29 16:14:40.274
Script hash: ZFmp/+oHKnZQk4KwdAHcDTgMk5yt6p1Q/0y/iqMatc8=
----------------------EOF-----------------------


CBS log attached.
 

Attachments

It seems that SFC still doesn't like it:

Code: 
2014-11-29 16:23:50, Error                 CSI    0000089e (F) Failed on regenerating file [l:18{9}]"MSDTC.LOG"[gle=0x80004005]
2014-11-29 16:23:50, Info                  CSI    0000089f [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be decompressed

Can you now do the following:

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.


  1. Click on the Start
    Start%20Orb.jpg
    button and in the search box, type Command Prompt
  2. When you see Command Prompt on the list, right-click on it and select Run as administrator
  3. When command prompt opens, copy and paste the following commands into it, press enter after each

    reg load HKLM\COMPONENTS %windir%\System32\config\COMPONENTS
    reg query HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6\

  4. Right-click on the Command Prompt window and click Select All, this will invert all of the colours by selecting the text, now press enter. All of this text is now copied.
  5. Paste (Ctrl+V) it into your next post please.

Stephen
 
Code: 
Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.


C:\Windows\system32>reg load HKLM\COMPONENTS %windir%\System32\config\COMPONENTS


The operation completed successfully.


C:\Windows\system32>reg query HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Componen
ts\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_
0a1162f033fa01f6\


HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-com
-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6
    S256H    REG_BINARY    65D50E554CFF9AF7C8423758BFB4BD55813227B6743A3352612D0
B5DAF9445EC
    identity    REG_BINARY    4D6963726F736F66742D57696E646F77732D434F4D2D445443
2D52756E74696D652C2043756C747572653D6E65757472616C2C2056657273696F6E3D362E332E39
3630302E31363338342C205075626C69634B6579546F6B656E3D3331626633383536616433363465
33352C2050726F636573736F724172636869746563747572653D616D6436342C2076657273696F6E
53636F70653D4E6F6E537853
    c!microsoft-w..-deployment_31bf3856ad364e35_6.3.9600.16384_19f730b5f5963bc8
   REG_BINARY
    f!msdtc.log    REG_DWORD    0x21
    f!msdtc.exe    REG_DWORD    0x1
    f!msdtckrm.dll    REG_DWORD    0x1
    CF    REG_DWORD    0x280




C:\Windows\system32>
 
Hi,

Next set of commands :)

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Click on the Start
    Start%20Orb.jpg
    button and in the search box, type Command Prompt
  2. When you see Command Prompt on the list, right-click on it and select Run as administrator
  3. When command prompt opens, copy and paste the following commands into it, press enter after each

    reg load HKLM\COMPONENTS %windir%\System32\config\COMPONENTS

    reg add "HKLM\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f6" /v f!msdtc.log /t REG_DWORD /d 00000001 /f
  4. Right-click on the Command Prompt window and click Select All, this will invert all of the colours by selecting the text, now press enter. All of this text is now copied.
  5. Paste (Ctrl+V) it into your next post please.

Can you then run SFC as you did earlier and attach the CBS.txt file.

-Stephen
 
Code: 
Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.


C:\Windows\system32>reg load HKLM\COMPONENTS %windir%\System32\config\COMPONENTS


The operation completed successfully.


C:\Windows\system32>reg add "HKLM\COMPONENTS\DerivedData\Components\amd64_micros
oft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.16384_none_0a1162f033fa01f
6" /v f!msdtc.log /t REG_DWORD /d 00000001 /f
The operation completed successfully.


C:\Windows\system32>


CBS log is attached.
 

Attachments

Right, now that's fixed we can focus on this error:

Code: 
2014-11-29 16:48:15, Error                 CSI    0000000a (F) STATUS_RM_NOT_ACTIVE #150# from Windows::Rtl::SystemImplementation::CSystemIsolationLayer_IRtlSystemIsolationLayerTearoff::OpenRegistryKey(flags = (OpenForBackupIntent), da = (KEY_SET_VALUE), kn = [ml:58{29},l:56{28}]"\Registry\Machine\COMPONENTS", key = NULL, disp = (null))[gle=0xd0190005]
2014-11-29 16:48:15, Info                  CSI    0000000b Warning: Failed to delete pending transaction content. Error code: STATUS_RM_NOT_ACTIVE

This error can be a real pain to solve, but I'm going to attack it by following the steps that we've had most success with in the past.

Windows Module Installer

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Press the Windows Key on your keyboard and X to open up the Power User Tasks Menu
  2. Click or tap Run
  3. Type services.msc
  4. Scroll down until you see Windows Modules Installer
  5. Right click it and click properties
  6. Change startup type to Automatic
  7. Reboot the computer and try Windows Update again

Stephen
 
Hello


I followed the steps above, and tried to install the updates (even one by one). WU still failed with the same error code for each, as well as the past, 80071A91, which I believe corresponds to the RM_NOT_ACTIVE issue. Windows Firewall remains in a non-working state as well.
 
Hi,

OK, time for the next weapon :p I didn't expect the previous fix to work, but it's always worth a shot because it has no chance of damaging anything and is easy to do.

Clear Transactional Logfiles

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good, especially if the computer is not experiencing these exact issues. Do not attempt this fix unless instructed to do so. If you are after assistance,please start a thread of your own.

Please start an Elevated Command Prompt: https://www.sysnative.com/forums/wi...in-command-prompt-window-windows-8-8-1-a.html

and copy and paste in the following:

fsutil resource setautoreset true %SystemDrive%\

attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
del %SystemRoot%\System32\Config\TxR\*

attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
del %SystemRoot%\System32\SMI\Store\Machine\*.blf
del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms

Type Y and press enter if you are asked "Are you sure?" to any line. Ignore any failure messages, they are perfectly normal and nothing to worry about.

Then give Windows Update another try and let me know how it performs.

Stephen
 
I'll continue with the rest of the commands, but I get an error for the "attrib -r -s -h %SystemRoot%\System32\Config\TxR\*" command. Which shows "Path not found - C:\Windows\System32\Config\TxR"

I searched for a folder called "TxR" and found one in SysWOW64, but its empty (I can view hidden files and folders).

I'll go through the others and let you know if WU works.
 
I attempted to install the updates, it was showing download progress of 0% for about ten seconds then it failed with the same error code, 80071A91.
 
Hey Tekno,

So I finished all the commands above and restarted my PC. I've used the "fsutil resource setautoreset true %SystemDrive%\" command in the past before, as well as the other commands when surfing for resolutions however, something seemed to fix my firewall issue as well as the STATUS_RM_NOT_ACTIVE issue. Because there was no TxR folder in system32/config, I went ahead and created one assuming nothing would go south in doing so... Following the restart, I did an SFC to double check if everything was OK, searching for the NOT_ACTIVE issue in the CBS log file and it's no where to be found. I haven't tried WU yet, but I am hoping that it'll be resolved since the two main issues are now fixed and the error code WU gave was for the NOT_ACTIVE error. I'll report back once I get WU running.

Thanks a ton for the help.
 
Everything including Windows Update is working with no issues now. Thanks again for the help boss, it is much appreciated.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top