Wndows 7 x64 Pro -- Security / Rollups always fail (0x80070057) -- Other types fine

[Miffed]

Hello,
I have a Win7 x64 Pro system that stopped being able to apply Security/Monthly Roll-Up updates about a year ago. Always fails with error 0x80070057. Other update types install normally without issue.

I have finally decided to track this issue down and have exhausted all resources I can think of, so hoping I can get some help here. My results of the initial steps are below:

Step 2:
SFC does find a corrupt file it cannot fix, this is basebrd.dll which was edited 4 or 5 years ago to modify the login screen. Updates worked fine after that edit

Step 3:
SURT Executed

Step 4:
note: as mentioned in step 2; basebrd.dll was edited years ago to change the login screen and had no effect on updates, current update behavior started occuring 1-1.5 years ago

SFCFix version 3.0.1.0 by niemiro.
Start time: 2019-01-22 17:28:48.466
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.

AutoAnalysis::
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-b..g-base-professional_31bf3856ad364e35_6.1.7600.16385_none_5033cc0ab905012a\basebrd.dll

SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
CBS & SFC total detected corruption count: 1
CBS & SFC total unimportant corruption count: 0
CBS & SFC total fixed corruption count: 0
SURT total detected corruption count: 0
SURT total unimportant corruption count: 0
SURT total fixed corruption count: 0
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.1.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2019-01-22 17:29:16.020
----------------------EOF-----------------------

Step 5:
CBS.zip

 

[Sysnative Windows Update]

Hello and welcome!

Step#1 - Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Try installing the update just like you have in the past.
3. Stop Process Monitor as soon as it fails. You can simply do this by clicking the magnifying glass on the toolbar as shown below.

4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and attach the LogFile.PML file as well as your CBS.log

 

[Miffed]

Done and done, file are linked below:

LogFile.PML zip
CBS.log zip

Thanks.

 

[Sysnative Windows Update]

The ProcMon log file appears to be corrupt. Would you please retry?

 

[Miffed]

Re-zipped, if this doesn't work I have the space available to upload the raw PML file.

Try #2

 

[Sysnative Windows Update]

Still the same. Can you retry from the Clean Boot mode with your security software disabled?

https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

 

[Miffed]

Not sure why they are having problems, I am able to open them on a separate computer. I have made new logs from a Clean Boot and uploaded the PML uncompressed in case something was happening during compression.

New CBS
New PML

 

[Sysnative Windows Update]

It worked this time.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
6. Try updates and if any fail, attach CBS.log.

 

[Miffed]

Unfortunately the update failed.

CBS Log

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by agauthier (25-01-2019 15:38:17) Run:1
Running from C:\Users\agauthier\Desktop
Loaded Profiles: agauthier (Available Profiles: agauthier & QBDataServiceUser28)
Boot Mode: Normal
==============================================


fixlist content:
*****************
CreateRestorePoint:
cmd: sc config trustedinstaller start=auto
cmd: net start trustedinstaller
cmd: fsutil resource setautoreset true %SystemDrive%\
cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
cmd: echo y | del %SystemRoot%\System32\Config\TxR\*
cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
C:\Windows\winsxs\pending.xml
EmptyTemp:
*****************


Restore point was successfully created.


========= sc config trustedinstaller start=auto =========


DESCRIPTION:
Modifies a service entry in the registry and Service Database.
USAGE:
sc <server> config [service name] <option1> <option2>...


OPTIONS:
NOTE: The option name includes the equal sign.
A space is required between the equal sign and the value.
type= <own|share|interact|kernel|filesys|rec|adapt>
start= <boot|system|auto|demand|disabled|delayed-auto>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>


========= End of CMD: =========




========= net start trustedinstaller =========


The requested service has already been started.


More help is available by typing NET HELPMSG 2182.




========= End of CMD: =========




========= fsutil resource setautoreset true %SystemDrive%\ =========


The operation completed successfully.


========= End of CMD: =========




========= attrib -r -s -h %SystemRoot%\System32\Config\TxR\* =========




========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\Config\TxR\* =========


C:\Windows\System32\Config\TxR\*, Are you sure (Y/N)? y
C:\Windows\System32\Config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000008.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000009.regtrans-ms
The process cannot access the file because it is being used by another process.


========= End of CMD: =========




========= attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\* =========




========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm* =========


C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{231f0157-1e8c-11e9-bed3-806e6f6e6963}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{231f0157-1e8c-11e9-bed3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{231f0157-1e8c-11e9-bed3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.


========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf =========


C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{231f0157-1e8c-11e9-bed3-806e6f6e6963}.TM.blf
The process cannot access the file because it is being used by another process.


========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms =========


C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{231f0157-1e8c-11e9-bed3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{231f0157-1e8c-11e9-bed3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.


========= End of CMD: =========


"C:\Windows\winsxs\pending.xml" => not found


=========== EmptyTemp: ==========


BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82972354 B
Java, Flash, Steam htmlcache => 56175621 B
Windows/system/drivers => -7450354 B
Edge => 0 B
Chrome => 1153990974 B
Firefox => 0 B
Opera => 0 B


Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 87718 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 66528 B
LocalService => 16384 B
NetworkService => 13720222 B
agauthier => 581072761 B
QBDataServiceUser28 => 87718 B


RecycleBin => 453093649 B
EmptyTemp: => 2.2 GB temporary data Removed.


================================




The system needed a reboot.


==== End of Fixlog 15:38:39 ====

 

[Sysnative Windows Update]

Retrieve Components Hive
1. Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
2. Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
3. Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
4. The file will likely be too large to upload here so please upload to a file sharing service and just provide the link here.

 

[Miffed]

Here you go

Components.zip

 

[Sysnative Windows Update]

Restart Windows in Safe Mode w/networking.

Download Windows Repair (All-in-One) Portable

• Extract the tweaking.com_windows_repair_aio.zip to c:\Windows\TEMP the zip will extract to a folder called Tweaking.com - Windows Repair
• Execute the file Repair_Windows.exe from the Tweaking.com - Windows Repair folder, accept the Security warning and the EULA
• Click the button Jump To Repairs
• Click the Open Repairs button to access the following screen:
  
  
• Click the box All Repairs to uncheck all the boxes
• Check only the following boxes:
  • 16 - Repair Windows Updates
  
  
• Check the box Restart/Shutdown System When Finished > Restart System
• Click the Start Repairs button
• When the system reboots, attempt the updates again.

 

[Miffed]

Unfortunately update still failed.

Latest CBS.log

 

[Sysnative Windows Update]

Step#1 - FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please attach the log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also attach that along with the FRST.txt in your reply.

 

[Miffed]

Files attached

View attachment Addition.txt
View attachment FRST.txt

 

[Sysnative Windows Update]

There seems to be an incompatible device on the system.

Error: (01/29/2019 09:52:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MAC_MOT service failed to start due to the following error: 
This driver has been blocked from loading

Error: (01/29/2019 09:52:52 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\MAC_MOT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/29/2019 09:52:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MAC_IBM service failed to start due to the following error: 
This driver has been blocked from loading

 

[Miffed]

I am not sure what those are, they look to have been around for a very long time. Should I remove those services?

 

[Miffed]

I have figured out what those relate to, they are some driver for a debugging suite that got installed when the suite was installed. They have been on the system for over 6 years and existed long before the update issues started. They can be removed, but it would be a manual removal from the registry, the installer for that program is ancient and wouldn't remove them.

 

[Sysnative Windows Update]

Okay, would you be up for upgrading the system to Windows 10?

 

[Miffed]

Okay, would you be up for upgrading the system to Windows 10?

Unfortunately for this system that is not an option. Some of the work we do requires Windows 7 as that is the latest version of Windows that our client's tools are qualified against. That may be an option at some point in the future, but not at this time.