Hello! I looked through these files and the big thing that stuck out to me was this;
Error: (12/19/2019 09:36:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
Over and over, every time I tried running the scan in WU I see that log. So that led me back to Google, and I noticed the first time I tried to go to that URL in Chrome, I got a name error mismatch warning. The original site error says This server could not prove that it is ctldl.windowsupdate.com; it's security certificate is from *.ssl.hwcdn.net - I thought that was odd that it didn't seem to be from M$ - potentially a driver manufactures site or something? I don't know. Google led me to believe this may be a Certificate problem based on that error so I followed steps here,
Updating List of Trusted Root Certificates in Windows 10/8.1/7 | Windows OS Hub, to attempt to get all of the certificates up to date. I found something odd here, when I try to run the command "certutil -generatesstfromwu roots.sst" I got an error on the server saying;
c:\temp>certutil -generatesstfromwu roots.sst
The data is invalid. 0x8007000d (WIN32: 13 ERROR_INVALID_DATA) -- authrootstl.ca
b
CertUtil: -generateSSTFromWU command FAILED: 0x8007000d (WIN32: 13 ERROR_INVALID
_DATA)
CertUtil: The data is invalid.
I ran the same command on my workstation and it worked, so I proceeded to move the file over to the server and then ran the PowerShell portion to add the certs in, which seemed to run successfully. Now when I try to go to the same site, I see that it's no longer showing the *.ssl.hwcdn.net cert, but now it's an AKAMI one, which I'm familiar with being a content delivery provider for Microsoft. I thought maybe I was headed in the right direction, so even after doing things like clearing some caches, certutil -urlcache * delete, and then restarting the WU service and flushing DNS, no improvement. Now I have run the FRST tool and here's the files you requested, I'm pulling my hair out trying to figure out what's going on here.