Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: No Win Update, cannot download KB981028

16 Mar 2014   #21
paramaibo

Windows 7 Ultimate 64/32bit
 
 

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>ICACLS C:\Windows\System32\catroot2
C:\Windows\System32\catroot2 NT SERVICE\CryptSvc:(OI)(CI)(F)
                             NT SERVICE\TrustedInstaller:(I)(F)
                             NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                             BUILTIN\Administrators:(I)(F)
                             CREATOR OWNER:(I)(OI)(CI)(IO)(F)
                             BUILTIN\Administrators:(I)(OI)(IO)(F)
                             BUILTIN\Administrators:(I)(CI)(IO)(F)
                             NT AUTHORITY\SYSTEM:(I)(OI)(IO)(F)
                             NT AUTHORITY\SYSTEM:(I)(CI)(F)
                             Everyone:(I)(OI)(IO)(F)
                             Everyone:(I)(CI)(F)
                             BUILTIN\Users:(I)(OI)(IO)(F)
                             BUILTIN\Users:(I)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32
C:\Windows\System32 NT SERVICE\TrustedInstaller:(F)
                    NT SERVICE\TrustedInstaller:(CI)(IO)(F)
                    CREATOR OWNER:(OI)(CI)(IO)(F)
                    BUILTIN\Administrators:(OI)(IO)(F)
                    BUILTIN\Administrators:(CI)(F)
                    NT AUTHORITY\SYSTEM:(OI)(IO)(F)
                    NT AUTHORITY\SYSTEM:(CI)(F)
                    Everyone:(OI)(IO)(F)
                    Everyone:(CI)(F)
                    BUILTIN\Users:(OI)(IO)(F)
                    BUILTIN\Users:(CI)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ATTRIB C:\Windows\System32\catroot2\*.*
A       I    C:\Windows\System32\catroot2\dberr.txt

C:\Windows\system32>SC QC Cryptsvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Cryptsvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : TruPrevent
        TAG                : 0
        DISPLAY_NAME       : Cryptographic Services
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT Authority\NetworkService

C:\Windows\system32>SC QUERYEX Cryptsvc

SERVICE_NAME: Cryptsvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1196
        FLAGS              :

C:\Windows\system32>



My System SpecsSystem Spec
.
16 Mar 2014   #22
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Have you been using some kind of system repair tool, such as the Tweaking.com WIndows Repair tool?
You have some very strange permissions there which will significantly lower your machine's security.

Please run the following commands and post the results...

SC QC APPID
SC QUERYEX APPID

There is an unusual entry in the LAOD_ORDER_GROUP entry above, which is from Panda, and appears to have been superceded in 2010 by another technology.

What exact version of Panda in actually installed?
My System SpecsSystem Spec
16 Mar 2014   #23
paramaibo

Windows 7 Ultimate 64/32bit
 
 

I used Tweaking.com when this issue first arose.

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>SC QC APPID
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: APPID
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : \SystemRoot\system32\drivers\appid.sys
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : AppID Driver
        DEPENDENCIES       : FltMgr
                           : DisCache
        SERVICE_START_NAME :

C:\Windows\system32>SC QUERYEX APPID

SERVICE_NAME: APPID
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

C:\Windows\system32>
Currently I have Panda Antivirus Pro 2014 13.01.00. I have no idea why the load order has changed, and certainly not why Panda initiated it. However, I have had rare cases of malware infestation a couple of years ago that required other Panda tools (assuming they would leave the same signature).

As regards permissions etc., I had connected a hdd to the wlan this time last year, and have been plagued by pemissions and sodding errors telling me that I'm not entitled to fiddle as I wish. In the end, I have managed to get the hdd working to my liking. Would these changes have any bearing on what you are referring to?
My System SpecsSystem Spec
.

16 Mar 2014   #24
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

It may be normal for a Panda install - we don't see many here, and I suspect that it may depend also on which version is installed.
It's quite common for AV's to slip themselves into the startup axis, so that they get loaded early in the boot process and get the chance to prevent startup malware.
It can however make troubleshooting more difficult, as it introduces an extra layer into the complexities of booting.

Perhaps I should explain what I'm looking for...
Your system is showing problems with the cryptography associated with all the monitored files for the Software Protection Service.
These problems are usually (about80% of the time) corrected by re/installing the IRST drivers, and where that doesn't work, most systems will respond to the CATROOT2 rename - sometimes it fails, as in your case.

The problem then is one of working out where the disconnect is - it's probably in the registry, but that is a rather large database that changes on a daily basis, so it's like looking for size 12 needle in a bin of size 13s that being continually stirred and refilled.

All we can see is the effects, as a rule, unless we know where to start. Up until now, we don't really have much of a clue, except that it's definitely something to do with the CATROOT2 folder.
This is controlled (at least partly) by the Windows Management Instrumentation Service - but so far, no machine we've checked has shown any problems with the service itself.

Let's check that, and a few other things as well, anyhow..

Run the following commands, and post the results.

SC QC WINMGMT
SC QUERYEX WINMGMT


also, please follow the Blue Screen of Death (BSOD) Posting Instructions and post the results - it'll give us a lot of information that may prod me into spotting something relevant.
My System SpecsSystem Spec
16 Mar 2014   #25
paramaibo

Windows 7 Ultimate 64/32bit
 
 

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>SC QC WINMGMT
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WINMGMT
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Management Instrumentation
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : localSystem

C:\Windows\system32>SC QUERYEX WINMGMT

SERVICE_NAME: WINMGMT
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1964
        FLAGS              :

C:\Windows\system32>
What would behaviour/actions would typically tamper/corrupt the cryptographic services. I ask in order to prompt my memory of any relevant events that may hasten your search. I confess that up until now I had been unaware of the existence of cryptographic services and Windows manifests, but you have probably guessed that.
My System SpecsSystem Spec
16 Mar 2014   #26
paramaibo

Windows 7 Ultimate 64/32bit
 
 

I've just thought of something.

Would it be any help to you if I reinsert my old OS hdd which may still yield underlying corruptions, though these have not been further stirred up by more recent interferences/incompatibilities?
My System SpecsSystem Spec
17 Mar 2014   #27
paramaibo

Windows 7 Ultimate 64/32bit
 
 

I also have a couple of practical observations that have occurred recently.

The last command that you asked me to run has improved the boot time, however, the file transfer speed over WLAN has just about halved over the last few days. Incidentally, I experienced a significant improvement in transfer speed after tweaking.com repairs to repair WU.

Funny ol' world.

This morning I've also been receiving a spate of "This copy of Windows is not genuine" - which has also added to my my good cheer.
My System SpecsSystem Spec
17 Mar 2014   #28
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

the 'not genuine' messages are interesting - next time one appears, please post the results of an MGADiag scan before attempting any fixes.

To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool
(download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
Once saved, run the tool.

Click on the Continue button, which will produce the report.
To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
My System SpecsSystem Spec
17 Mar 2014   #29
paramaibo

Windows 7 Ultimate 64/32bit
 
 

I don't understand, I already have the MGADiag tool and have posted loads of these scans.

I was rather hoping that you may have found anything interesting as a result of #24/25 from last night.

Here are the MGAD scan results:

Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-24FM6-626F6-2X46Y
Windows Product Key Hash: aVSvaN08Cpfya6UCZ7EqSoPkgu0=
Windows Product ID: 00426-OEM-9179745-04135
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {8E5EB5B9-4D07-4C2F-9401-3615F8138954}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Plus 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Maxthon3\Bin\Maxthon.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8E5EB5B9-4D07-4C2F-9401-3615F8138954}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2X46Y</PKey><PID>00426-OEM-9179745-04135</PID><PIDType>3</PIDType><SID>S-1-5-21-575296468-2180832810-2140896998</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Qosmio G50</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 2.30</Version><SMBIOSVersion major="2" minor="5"/><Date>20090828000000.000000+000</Date></BIOS><HWID>39BB3C07018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GTB Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSHIB</OEMID><OEMTableID>A0060   </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>83770C147C39586</Val><Hash>HujjXRyTgOYjf4RCWfGtC0B0HlY=</Hash><Pid>89409-707-1230233-65598</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: cfb3e52c-d707-4861-af51-11b27ee6169c
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00182-797-404135-02-2057-7601.0000-2402013
Installation ID: 017280694241765211214676292446964325955474601770711190
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2X46Y
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 17/03/2014 19:39:36

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 3:16:2014 16:59
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys


HWID Data-->
HWID Hash Current: OAAAAAEABAABAAEAAAACAAAABAABAAEAeqjmUe715I1c+viHEB6GGQa2nmJcPz64hm0Uz4ztRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			TOSHIB		A0060   
  FACP			TOSHIB		A0060   
  DBGP			TOSHIB		A0060   
  HPET			TOSHIB		A0060   
  MCFG			TOSHIB		A0060   
  SSDT			TOSHIB		A0060   
  TCPA			TOSHIB		A0060   
  SLIC			TOSHIB		A0060   
  SSDT			TOSHIB		A0060
My System SpecsSystem Spec
18 Mar 2014   #30
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Sorry - I was in a hurry (posting at work behind the boss's back) so only looked at the thread title and the last post

I'll review the thread at leisure today, and post back later.
My System SpecsSystem Spec
Reply

 No Win Update, cannot download KB981028




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Efficiency; download and update at the same time
I just installed Windows 7 on a new HDD in my laptop. The first thing I did after connecting to the Internet was to initiate Windows Update. It's now downloading 140 updates which will commence sequential installation after the download is complete. I'd like to know why the first update doesn't...
Windows Updates & Activation
Can't update or download anything
Hello, I'm running Windows 7, 64 bit. I am unable to update or download any software from websites. I just ran avast and have run malwarebytes and AVG and all have reported and removed affected files. But I still have the same problem. PLEASE HELP!!! For example, I try to download the new adobe...
Windows Updates & Activation
Update Stops mid-download
Am new to this.....computer trying to download updates....gets to 17 of 27 and stops....just sits there and runs....error number ends in 0016:cry::confused:
Windows Updates & Activation
Is it possible to download/update just wmplayer?
wmplayer is built into my Win7-64 Pro. If I have reason to suspect that functionality issues may be due to a possible corruption of Media Player, what must I do to force an update?
Media Center
Download W7 Update
Before i begin i have used the search tool on this site. Is there any way you can download the latest Windows 7 updates as an actual file? Rather than "Check for updates". I currently get an error on a few machines and it would be easier to just go around and install the updates from a file......
Windows Updates & Activation
Update wont download the update
Hello I had my PC for about 5 months now, and suddenly now Update wont download any updates. Anyone got any tips or solutions to this problem? I rather not reinnstall windows, because I lost the CD xD I got a valid copy. http://img192.imageshack.us/img192/9149/utennavny.png This is in...
Windows Updates & Activation


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App