Windows Update Service Not Running


  1. Posts : 4
    Windows 7 Home Premium x64
       #1

    Windows Update Service Not Running


    I've hit a wall with this one... I do not have the Windows Update service showing up at all and I've tried all the various bits commands and database rebuild commands, all of them say nothing exists when I try them.

    When I try the SURT tool I'm provided with this error:
    Installed encountered an error: 0x80070424
    The specified service does not exist as an installed service.

    I have had a few nasty malware viruses in the past, all of which have been removed via only using malware bytes and webroot.

    Here is the FSS log I get after scanning:

    Farbar Service Scanner Version: 25-02-2014
    Ran by Caleb (administrator) on 07-04-2014 at 23:31:23
    Running from "C:\Users\Caleb\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.

    bfe Service is not running. Checking service configuration:
    The start type of bfe service is OK.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.


    Firewall Disabled Policy:
    ==================
    "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
    Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Thanks in advance.
      My Computer


  2. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #2

    You've been hit by what looks like a variant of the ZeroAccess malware.

    Your simplest solution now is probably to run the Windows Repair tool - the Services Repair ONLY.
    Windows Repair (All In One)

    Download the All-in-one tool, and run it - uncheck everything!
    Then check ONLY the Services repair option and allow the toll to do its work.

    reboot, then run the Farbar Service Scanner again - post the new log and the results of attempting to use Windows Updates.
      My Computer


  3. Posts : 4
    Windows 7 Home Premium x64
    Thread Starter
       #3

    That did the trick! Windows update and Windows firewall are now both working correctly again. Thank you.

    Farbar Service Scanner Version: 25-02-2014
    Ran by Caleb (administrator) on 08-04-2014 at 13:34:50
    Running from "C:\Users\Caleb\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.



    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer


  4. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #4

    Still a few problems

    I'll come back with some diagnostics later, and we'll work on the remaining problems.
      My Computer


  5. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #5

    First, let's run a couple of fixes for the obvious problems....

    Here's the first.


    I've uploaded a file - ssows64.zip - to my OneDrive at Noel's OneDrive
    Please download and save it to your desktop.
    Right-click on the saved file and select Extract all...
    Save it to the default location
    This should create a file ssows64.reg

    right-click on the file, and select Merge
    Accept the warnings, - you should then get a 'Success' message.
    Close all windows, and reboot.

    ....
    here's the second



    I've uploaded a file - iphlpsvcx64.zip - to my OneDrive at Noel's OneDrive
    Please download and save it to your desktop.
    Right-click on the saved file and select Extract all...
    Save it to the default location
    This should create a file ihlpsvcx64.reg

    right-click on the file, and select Merge
    Accept the warnings, - you should then get a 'Success' message.
    Close all windows, and reboot.

    The run the Farbar scanner again, and post a new report.



      My Computer


  6. Posts : 4
    Windows 7 Home Premium x64
    Thread Starter
       #6

    Merged the two files, seems to have fixed any errors. Thanks again for all the help.
    Farbar Service Scanner Version: 25-02-2014
    Ran by Caleb (administrator) on 11-04-2014 at 22:18:44
    Running from "C:\Users\Caleb\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer


  7. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #7

    The two services still aren't running properly - but no indication from Farbar as to why...

    I need to have a look at your Event Logs...

    Open Event Viewer
    click on the Windows logs entry in the left pane to expand it.
    Now click on the Application entry - wait while it loads.
    Click on 'File' in the menu bar and select Save...
    Save the file as Appevt.evtx
    Repeat for the System log
    then zip both, and upload them.
      My Computer


  8. Posts : 4
    Windows 7 Home Premium x64
    Thread Starter
       #8
      My Computer


  9. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #9

    Interesting CHKDSK result from earlier....#


    Code:
     
    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk. 
    CHKDSK is verifying files (stage 1 of 3)...
    The attribute of type 0x80 and instance tag 0x4 in file 0x8ccf
    has allocated length of 0x1f0000 instead of 0xf0000.
    Deleting corrupt attribute record (128, "")
    from file record segment 36047.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0xf0218 for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0xf7e8 is already in use.
    Deleting corrupt attribute record (128, "")
    from file record segment 63464.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0xee9c8 for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x19ccf is already in use.
    Deleting corrupt attribute record (128, "")
    from file record segment 105679.
    262656 file records processed. File verification completed.
    990 large file records processed. 0 bad file records processed. 4 EA records processed. 92 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)...
    Unable to locate the file name attribute of index entry FontCache3.0.0.0.dat
    of index $I30 with parent 0x85c in file 0xa6ef.
    Deleting index entry FontCache3.0.0.0.dat in index $I30 of file 2140.
    Unable to locate the file name attribute of index entry FONTCA~3.DAT
    of index $I30 with parent 0x85c in file 0xa6ef.
    Deleting index entry FONTCA~3.DAT in index $I30 of file 2140.
    Unable to locate the file name attribute of index entry 00010001.ci
    of index $I30 with parent 0xf3cd in file 0xac26.
    Deleting index entry 00010001.ci in index $I30 of file 62413.
    Unable to locate the file name attribute of index entry 00010001.dir
    of index $I30 with parent 0xf3cd in file 0xacfc.
    Deleting index entry 00010001.dir in index $I30 of file 62413.
    Correcting error in index $I30 for file 117661.
    Correcting error in index $I30 for file 117661.
    The index bitmap $I30 in file 0x1cb9d is incorrect.
    Correcting error in index $I30 for file 117661.
    The down pointer of current index entry with length 0x18 is invalid.
    00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
    ff ff ff ff ff ff ff ff 9c 51 d9 91 64 55 cd 01 .........Q..dU..
    ec b3 fe 91 64 55 cd 01 ac 88 00 92 64 55 cd 01 ....dU......dU..
    Sorting index $I30 in file 117661.
    328254 index entries processed. Index verification completed.
    CHKDSK is scanning unindexed files for reconnect to their original directory.
    3 unindexed files scanned. Recovering orphaned file WEBSHL~1.TXT (116510) into directory file 117661.
    Recovering orphaned file Webshlock.txt (116510) into directory file 117661.
    CHKDSK is recovering remaining unindexed files.
    2 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)...
    262656 file SDs/SIDs processed. Cleaning up 215 unused index entries from index $SII of file 0x9.
    Cleaning up 215 unused index entries from index $SDH of file 0x9.
    Cleaning up 215 unused security descriptors.
    Security descriptor verification completed.
    Inserting data attribute into file 36047.
    Inserting data attribute into file 63464.
    Inserting data attribute into file 105679.
    32803 data files processed. CHKDSK is verifying Usn Journal...
    34968904 USN bytes processed. Usn Journal verification completed.
    Correcting errors in the master file table's (MFT) BITMAP attribute.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.
    It's probably these errors which caused the system problems in the first place - and they appear to have been around for a while... The System log only goes back to 18/3 and there's a mass of them there.

    You have a huge number of DCOM errors -
    Code:
    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
    and APPID 
    {344ED43D-D086-4961-86A6-1106F4ACAD9B}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    ... which I'll have to research.


    and you have a number of incompatible programs installed, attempting to start services.
    I'll go through those in detail later.
      My Computer


  10. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #10

    The DCOM error can be solved in the way described here - DCOM error 10016 in event viewer / windows 7 home premium, 64bit - Microsoft Community

    Now for the errant services, etc :)

    Application Nr2003.exe - NASCAR Racing?-- seems to be causing problems for some reason - please try running it in Compatibility mode (XPSP3, probably).

    Verizon Utilities seem to be crashing regularly - perhaps uninstalling and installing a fresh download woul be a good idea.

    The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired.
    This password shouldn't expire - it's built in. Perhaps installing updated drivers would help?

    The following boot-start or system-start driver(s) failed to load: hwinterface, papycpu2, papyjoy
    The Senstic Pocket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    \SystemRoot\SysWow64\Drivers\hwinterface.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    \SystemRoot\SysWow64\DRIVERS\papyjoy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    \SystemRoot\SysWow64\DRIVERS\papycpu2.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    See here: MEMORY_MANAGEMENT BSOD - Microsoft Community

    I would think that uninstalling NASCAR Racing 2003 will sole most of your problems!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:44.
Find Us