Windows Update Error (0x80070002) - tried all suggestions
xwing
recieve the "[Error number: 0x80070002] The website has encountered a
problem and cannot display the page you are trying to view. The options
provided below might help you solve the problem. " error.
I believe this was a result of a virus I contracted last weekend. The virus
brought many hitchhikers with it (Win32/Blarul, Win32/Koebface.gen!D,
Win32/NewDotNet, W32.IRCBot, Trojan.Win32.Agent2.iwh,
Backdoor.Win32.Agen.tzl, and more...) I was finally able to remove the virus
from my computer using several scanners, including Windows Live OneCare,
Symantec 9 (which I already had on my computer when it was infected),
AdAware, Malwarebytes Anti-Malware, Windows Malicios Software Removal Tool,
and several other one-off fixes. Now with several scans (both in "safe" mode
and in Normal mode), I cannot find any trace of a virus. However,
significant damage to my registry remains.
I have already fixed several registry problems by comparing with a "known
good" computer that had the same OS and hotfixes. I found that I could not
open regedit (w/o renaming it) or many other programs b/c one of the viruses
had added the "Debugger = ntsd -d" key to a large number of .exe files. I
also found several virus-related entries in my "Run" section of the registry
and removed them.
Right now, the only problem I still have is that I cannot run WindowsUpdate.
When I try to start Automatic Updates service manually, I receive “Error 2:
The system cannot find the file specified.” My associated system log entries
are ” DCOM got error "The system cannot find the file specified. " attempting
to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}” and “The Automatic Updates service
failed to start due to the following error:
The system cannot find the file specified.”
I have searched this forum and others, and tried all the fixes that were
previously suggested.
1. Confirmed that my hardware profile is enabled
(http://support.microsoft.com/kb/241584)
2. Ran Symantec's "FixVundo.exe"
3. Ran "WUFix.bat"
4. Checked "Group Policy" to confirm that Automatic Updates are not disable
or restricted via policy. (http://support.microsoft.com/kb/896224)
5. Renamed all associated files in system32
(http://support.microsoft.com/kb/931852)
6. Deleted software distribution directory
(http://support.microsoft.com/kb/919749 and
http://support.microsoft.com/kb/956698)
7. Set auto configuration (http://support.microsoft.com/kb/958043)
8. IE Browser changes (http://support.microsoft.com/kb/900936)
9. Re-register dll files (http://support.microsoft.com/kb/910359)
10. Clear BITS queue (http://support.microsoft.com/kb/958047)
xwing
11. Rename and re-register files (http://support.microsoft.com/kb/910359)
[DLLRegisterServer in wuaueng.dll failed. Return code was: 0x80070005] all
others succeeded.
12: Parameters and DNS (http://support.microsoft.com/kb/920151)
Per all the "clean" virus scanning, my virus is gone, but I need help in
cleaning up the damage it did. Any ideas would be appreciated. I have
attached the relevent section of my C:\Windows\WindowsUpdate.log file below:
2009-05-10 10:50:34:453 952 cdc Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0500) ===========
2009-05-10 10:50:34:453 952 cdc Misc = Process: C:\Program Files\Internet
Explorer\iexplore.exe
2009-05-10 10:50:34:453 952 cdc Misc = Module:
C:\WINDOWS\system32\wuweb.dll
2009-05-10 10:50:34:453 952 cdc Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv3wuredir.cab:
2009-05-10 10:50:34:468 952 cdc Misc Microsoft signed: Yes
2009-05-10 10:50:34:484 952 cdc Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2009-05-10 10:50:34:515 952 cdc Misc Microsoft signed: Yes
2009-05-10 10:50:34:609 952 cdc Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2009-05-10 10:50:34:609 952 cdc Misc Microsoft signed: Yes
2009-05-10 10:50:34:750 952 cdc Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2009-05-10 10:50:34:750 952 cdc Misc Microsoft signed: Yes
2009-05-10 10:50:34:781 952 cdc Setup *********** Setup: Checking whether
self-update is required ***********
2009-05-10 10:50:34:812 952 cdc Setup * Inf file:
C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2009-05-10 10:50:34:937 952 cdc Setup Update NOT required for
C:\WINDOWS\system32\cdm.dll: target version = 7.2.6001.788, required version
= 7.2.6001.788
2009-05-10 10:50:34:937 952 cdc Setup FATAL: Update required for
C:\WINDOWS\system32\wuapi.dll: target version = 5.4.3790.2180, required
version = 7.2.6001.788
2009-05-10 10:50:34:953 952 cdc Setup Update NOT required for
C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.2.6001.788, required
version = 7.2.6001.788
2009-05-10 10:50:35:000 952 cdc Setup FATAL: Update required for
C:\WINDOWS\system32\wuauclt.exe: target version = 5.4.3790.2180, required
version = 7.2.6001.788
2009-05-10 10:50:35:000 952 cdc Setup FATAL: Update required for
C:\WINDOWS\system32\wuaucpl.cpl: target version = 5.4.3790.2180, required
version = 7.2.6001.788
2009-05-10 10:50:35:031 952 cdc Setup Update NOT required for
C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.2.6001.788, required
version = 7.2.6001.788
2009-05-10 10:50:35:031 952 cdc Setup FATAL: Update required for
C:\WINDOWS\system32\wuaueng.dll: target version = 5.4.3790.2180, required
version = 7.2.6001.788
2009-05-10 10:50:35:062 952 cdc Setup Update NOT required for
C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.2.6001.788, required
version = 7.2.6001.788
2009-05-10 10:50:35:062 952 cdc Setup FATAL: Update required for
C:\WINDOWS\system32\wucltui.dll: target version = 5.4.3790.2180, required
version = 7.2.6001.788
2009-05-10 10:50:35:078 952 cdc Setup Update NOT required for
C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.2.6001.788, required
version = 7.2.6001.788
2009-05-10 10:50:35:078 952 cdc Setup FATAL: Update required for
C:\WINDOWS\system32\wups.dll: target version = 5.4.3790.2180, required
version = 7.2.6001.788
2009-05-10 10:50:35:078 952 cdc Setup Update NOT required for
C:\WINDOWS\system32\wups2.dll: target version = 7.2.6001.788, required
version = 7.2.6001.788
2009-05-10 10:50:35:078 952 cdc Setup * IsUpdateRequired = Yes
2009-05-10 10:50:42:843 952 d74 Setup *************
2009-05-10 10:50:42:843 952 d74 Setup ** START ** Setup: Downloading
client CABs
2009-05-10 10:50:42:843 952 d74 Setup *********
2009-05-10 10:50:42:843 952 d74 Setup * Main CAB URL:
http://download.windowsupdate.com/v8/windowsupdate/b/selfupdate/WSUS3/x86/Other
2009-05-10 10:50:42:843 952 d74 Setup * MUI CAB URL:
http://download.windowsupdate.com/v8/windowsupdate/b/selfupdate/WSUS3/x86/Other
2009-05-10 10:50:42:843 952 d74 Setup * Download directory:
C:\WINDOWS\SoftwareDistribution\WebSetup
2009-05-10 10:50:43:515 952 d74 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wuapi.cab:
2009-05-10 10:50:43:515 952 d74 Misc Microsoft signed: Yes
2009-05-10 10:50:43:703 952 d74 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wuauclt.cab:
2009-05-10 10:50:43:718 952 d74 Misc Microsoft signed: Yes
2009-05-10 10:50:44:125 952 d74 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wuaucpl.cab:
2009-05-10 10:50:44:125 952 d74 Misc Microsoft signed: Yes
2009-05-10 10:50:46:296 952 d74 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wuaueng.cab:
2009-05-10 10:50:46:312 952 d74 Misc Microsoft signed: Yes
2009-05-10 10:50:46:875 952 d74 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wucltui.cab:
2009-05-10 10:50:46:875 952 d74 Misc Microsoft signed: Yes
2009-05-10 10:50:47:250 952 d74 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wucltui_en.cab:
2009-05-10 10:50:47:250 952 d74 Misc Microsoft signed: Yes
2009-05-10 10:50:47:390 952 d74 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WebSetup\wups.cab:
2009-05-10 10:50:47:406 952 d74 Misc Microsoft signed: Yes
2009-05-10 10:50:47:406 952 d74 Setup *********
2009-05-10 10:50:47:406 952 d74 Setup ** END ** Setup: Downloading
client CABs
2009-05-10 10:50:47:406 952 d74 Setup *************
2009-05-10 10:50:47:421 952 d74 Setup *************
2009-05-10 10:50:47:421 952 d74 Setup ** START ** Setup: Installing client
binaries
2009-05-10 10:50:47:421 952 d74 Setup *********
2009-05-10 10:50:47:421 952 d74 Setup * Download directory:
C:\WINDOWS\SoftwareDistribution\WebSetup
2009-05-10 10:50:47:421 952 d74 Setup * Stop and start service: Yes
2009-05-10 10:50:47:500 952 d74 Setup Starting file operations for section
wuapi
2009-05-10 10:50:47:671 952 d74 Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\WebSetup\wuapi.dll to
C:\WINDOWS\system32\wuapi.dll.wusetup.1057203.new
2009-05-10 10:50:47:671 952 d74 Setup WARNING: Could not move
C:\WINDOWS\system32\wuapi.dll to
C:\WINDOWS\system32\wuapi.dll.wusetup.1057218.bak due to 0x80070020
2009-05-10 10:50:47:734 952 d74 Setup File operations for section wuapi
completed successfully
2009-05-10 10:50:47:734 952 d74 Setup Starting file operations for section
wuauclt
2009-05-10 10:50:47:828 952 d74 Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\WebSetup\wuauclt.exe to
C:\WINDOWS\system32\wuauclt.exe.wusetup.1057343.new
2009-05-10 10:50:47:859 952 d74 Setup Setup successfullly moved
C:\WINDOWS\system32\wuauclt.exe.wusetup.1057343.new to
C:\WINDOWS\system32\wuauclt.exe
2009-05-10 10:50:47:859 952 d74 Setup File operations for section wuauclt
completed successfully
2009-05-10 10:50:47:875 952 d74 Setup Starting file operations for section
wuaucpl
2009-05-10 10:50:47:921 952 d74 Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\WebSetup\wuaucpl.cpl to
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.1057453.new
2009-05-10 10:50:47:937 952 d74 Setup Setup successfullly moved
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.1057453.new to
C:\WINDOWS\system32\wuaucpl.cpl
2009-05-10 10:50:47:937 952 d74 Setup File operations for section wuaucpl
completed successfully
2009-05-10 10:50:47:937 952 d74 Setup Starting file operations for section
wuaueng_WebSetup
2009-05-10 10:50:48:046 952 d74 Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\WebSetup\wuaueng.dll to
C:\WINDOWS\system32\wuaueng.dll.wusetup.1057578.new
2009-05-10 10:50:48:062 952 d74 Setup Setup successfullly moved
C:\WINDOWS\system32\wuaueng.dll.wusetup.1057578.new to
C:\WINDOWS\system32\wuaueng.dll
2009-05-10 10:50:48:062 952 d74 Setup File operations for section
wuaueng_WebSetup completed successfully
2009-05-10 10:50:48:078 952 d74 Setup Starting file operations for section
wucltui
2009-05-10 10:50:48:140 952 d74 Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\WebSetup\wucltui.dll to
C:\WINDOWS\system32\wucltui.dll.wusetup.1057671.new
2009-05-10 10:50:48:156 952 d74 Setup Setup successfullly moved
C:\WINDOWS\system32\wucltui.dll.wusetup.1057671.new to
C:\WINDOWS\system32\wucltui.dll
2009-05-10 10:50:48:343 952 d74 Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\WebSetup\en\wuau.adm to
C:\WINDOWS\INF\wuau.adm.wusetup.1057890.new
2009-05-10 10:50:48:343 952 d74 Setup Setup successfullly moved
C:\WINDOWS\INF\wuau.adm.wusetup.1057890.new to C:\WINDOWS\INF\wuau.adm
2009-05-10 10:50:48:343 952 d74 Setup File operations for section wucltui
completed successfully
2009-05-10 10:50:48:359 952 d74 Setup Starting file operations for section
wups
2009-05-10 10:50:48:421 952 d74 Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\WebSetup\wups.dll to
C:\WINDOWS\system32\wups.dll.wusetup.1057968.new
2009-05-10 10:50:48:453 952 d74 Setup File operations for section wups
completed successfully
2009-05-10 10:50:48:453 952 d74 Setup Starting registry operations for
section wuapi
2009-05-10 10:50:48:468 952 d74 Setup Completed registration operations for
section wuapi: status 0
2009-05-10 10:50:48:468 952 d74 Setup Starting registry operations for
section wuauclt
2009-05-10 10:50:48:468 952 d74 Setup Completed registration operations for
section wuauclt: status 0
2009-05-10 10:50:48:468 952 d74 Setup Starting registry operations for
section wuaucpl
2009-05-10 10:50:48:468 952 d74 Setup Completed registration operations for
section wuaucpl: status 0
2009-05-10 10:50:48:468 952 d74 Setup Starting registry operations for
section wuaueng_WebSetup
2009-05-10 10:50:48:468 952 d74 Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\wuaueng.dll"
2009-05-10 10:50:48:765 2128 bc Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0500) ===========
2009-05-10 10:50:48:765 2128 bc Misc = Process:
C:\WINDOWS\system32\regsvr32.exe
2009-05-10 10:50:48:765 2128 bc Misc = Module:
C:\WINDOWS\system32\wuaueng.dll
2009-05-10 10:50:48:765 2128 bc Service FATAL: ChangeServiceConfig failed
with error 0x80070005
2009-05-10 10:50:48:781 2128 bc Service FATAL: WU client fail to create WU
service with error 0x80070005
2009-05-10 10:50:48:875 952 d74 Misc FATAL: Self registration of
C:\WINDOWS\system32\wuaueng.dll failed, error = 0x8024D007
2009-05-10 10:50:48:875 952 d74 Setup WARNING: Completed registration
operations for section wuaueng_WebSetup: status 0x8024d007
2009-05-10 10:50:48:875 952 d74 Setup WARNING: Setup failed while
processing registry operations, error = 0x8024D007. Rolling back changes.
2009-05-10 10:50:48:921 952 d74 Setup Rollback: Successfully copied
C:\WINDOWS\system32\wuauclt.exe.wusetup.1057375.bak back to
C:\WINDOWS\system32\wuauclt.exe
2009-05-10 10:50:48:921 952 d74 Setup Rollback: Successfully copied
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.1057468.bak back to
C:\WINDOWS\system32\wuaucpl.cpl
2009-05-10 10:50:48:921 952 d74 Setup Rollback: Successfully copied
C:\WINDOWS\system32\wuaueng.dll.wusetup.1057593.bak back to
C:\WINDOWS\system32\wuaueng.dll
2009-05-10 10:50:48:937 952 d74 Setup Rollback: Successfully copied
C:\WINDOWS\system32\wucltui.dll.wusetup.1057687.bak back to
C:\WINDOWS\system32\wucltui.dll
2009-05-10 10:50:48:937 952 d74 Setup Rollback: Successfully copied
C:\WINDOWS\INF\wuau.adm.wusetup.1057890.bak back to C:\WINDOWS\INF\wuau.adm
2009-05-10 10:50:48:953 952 d74 Setup * WARNING: Exit code = 0x8024D007
2009-05-10 10:50:48:953 952 d74 Setup *********
2009-05-10 10:50:48:953 952 d74 Setup ** END ** Setup: Installing client
binaries
2009-05-10 10:50:48:953 952 d74 Setup *************
2009-05-10 10:50:48:953 952 d74 Setup FATAL: InstallUpdatedBinaries failed
with error 0x8024d007
2009-05-10 10:50:48:953 952 d74 WUWeb FATAL: InstallUpdatedBinaries failed
with error:0x8024d007
2009-05-10 10:50:48:953 952 d74 WUWeb FATAL: UpdateClientWorker failed:
error 0x8024d007
Robert Aldwinckle
...
> Right now, the only problem I still have is that I cannot run WindowsUpdate.
> When I try to start Automatic Updates service manually, I receive "Error 2:
> The system cannot find the file specified." My associated system log entries
> are " DCOM got error "The system cannot find the file specified. " attempting
> to start the service wuauserv with arguments "" in order to run the server:
> {E60687F7-01A1-40AA-86AC-DB1CBF673334}" and "The Automatic Updates service
> failed to start due to the following error:
> The system cannot find the file specified."
>
> I have searched this forum and others, and tried all the fixes that were
> previously suggested.
...
Before you can try fixes you should do sufficient diagnosis to know whether
they apply to your case or not. E.g. 0x80070002 implies that something is
missing. What is missing? My suggestion usually is that if there aren't enough
clues in the logs, even with verbose mode enabled (e.g. when you do a
manual install instead of an automatic one or in your case if you follow the
instructions at the bottom of KB902093), that you trace another attempt
with ProcMon and use its interleaved trace of registry and file accesses
to supplement whatever diagnostics you do see.
Good luck
Robert Aldwinckle
---
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
"FixVundo.exe" hasn't been effective for over 2 years.)
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.
2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**
If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
=====================
Start a free Windows Update support incident request:
https://support.microsoft.com/oas/default.aspx?gprid=6527
Support for Windows Update:
http://support.microsoft.com/gp/wusupport
For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
xwing wrote:
> I also tried:
> 11. Rename and re-register files (http://support.microsoft.com/kb/910359)
> [DLLRegisterServer in wuaueng.dll failed. Return code was: 0x80070005]
> all others succeeded.
> 12: Parameters and DNS (http://support.microsoft.com/kb/920151)
>
> Per all the "clean" virus scanning, my virus is gone, but I need help in
> cleaning up the damage it did. Any ideas would be appreciated. I have
> attached the relevent section of my C:\Windows\WindowsUpdate.log file
> below:
<snip>
<paste>
xwing
b/c of some change the virus left behind. After removing the virus, I ran >
7 different scanners, all coming up clean. This includes the 2 you recommend
below (MSRT and Windows Live Safety scanner.) In the HijackThis log, I’ve
been able to track every process running as a legitimate process. The only
thing I found suspect is the Automatic Update notation: “Service: Automatic
Updates (wuauserv) – Unknown owner – C:\WINDOWS\” I think it’s strange that
it is listed as “unknown owner”, and listed as C:\WINDOWS instead of
C:\WINDOWS\system32, but I'm not sure if this is actually wrong.
What I’m looking for here is additional suggestions on what to try to fix
this particular service. Is there anything I should be looking for
specifically in the registry? Is there a specific way to force-reinstall the
appropriate files from my WinXP CD (besides the steps I already took to do
that based on the KB article)? Is there another setting I should change
anywhere in Windows?
There's got to be a way to reinstall or reset the "Automatic Update" service
so that I can utilize WindowsUpdate again. I appreciate any help if find out
how to do so.
PA Bear [MS MVP]
> 3. Run a thorough check for hijackware, including posting the requested
> logs in an appropriate forum, not here.
>
> Checking for/Help with Hijackware
> http://aumha.net/viewtopic.php?f=30&t=4075
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> **Seek expert assistance in
> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://www.dslreports.com/forum/cleanup,
> http://aumha.net/viewforum.php?f=30
> or other appropriate forums.**
>
> If these procedures look too complex - and there is no shame in admitting
> this isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
PS: A format & clean install of Windows *will* fix the problem.
xwing
In my registry, the virus had replaced "%systemroot%" with "%fystemroot%"
in several spots, so the correct files could not be found. I did a search
for "fystemroot" in regedit, and replaced with "systemroot". (I did have to
click "Edit" / "Permissions" and allow full control in each of the folders
first. Evidently the virus disabled the permissions first.) I hope this
helps anyone else who has a similar issue.