MSUpdates duplicating system32 DLLs. Also MS updates can't update (ROOT) certificate list, so I can't run files downloaded from Microsoft website.

Can't run dowloaded files(msi or exe) from Microsoft. Error is Certificate signature invalid (doesn't match MS). Also can't validate signatures/certificates on downloaded files from Adobe, Java, etc. I noticed that several MS Updates (completed successfully) had issues updating the certificates (error found in KB-update-log shown below).

OS is WinXP Home SP3 with latest MS security&OS updates, Java 6 update37(jre), IE8 (8.0.0.6001.18702).

There are a few other symptoms/issues noted:

1. Also found is that MS Updates are creating multiple OS-related files (e.g. ialmdd.dll, ialmdd(2).dll, ialmdd(3).dll or hkcmd(2).exe, hkcmd(3).exe, and many others). Here's an entry from the App Event log for HHCTRL.dll on boot only (there are six Error Events as well as 6 files as described above).

The description for Event ID ( 1904 ) in Source ( HHCTRL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: about:blank, http://go.microsoft.com/fwlink?LinkID=45840.

If I'm not mistaken this is a catalogue error? and means they're not properly registered? When I go to the above-referenced link (45840), it's redirected to a KB896358 which describes a windows security update that subsequently had multiple problems that were fixed by later revision updates and doesn't seem to be related.

2. Another error on boot is the Application Manager Service in system Events shows

The Application Management service terminated with the following error: The specified module could not be found. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Note that both event errors occur on a clean boot (Msconfig with nothing loaded/ran except service running) as well.

3. Tried updating JRE (Java), but no luck. Error is

Syntax error in manifest or policy file "C:\Documents and Settings\no_name\My Documents\downloads\IEAddons\jre-7u9-windows-i586.exe" on line 8. The file runs fine on other PCs.

4) On one of the downloads I attempted, MS required to validate Genuine Windows (had years ago, but this PC hadn't been used for a couple of years). Tried downloading the latest Windows Genuine validation tool and tried running the ActiveX version directly off MS site, however Windows says the the signature doesn't match a valid certificate. Have the old version Windows Genuine validation installed, but when I run it, error is:

- - - - - - - - - - - - -

Application popup: GenuineCheck.exe - Entry Point Not Found : The procedure entry point GetComputoUninitialize could not be located in the dynamic link library KERNEL32.dll.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

5) Several of the KB logs show an error that the ROOT certificates could not be updated, however each update ended as successful.

6)

Ran Windows File Protection Scan SFC -results fine

Here's what has been validate thus far:

1) Returned to MS Update site, but no updates found

2) No malware, no virus, etc (Validated by Symantec Norton and MBAM and manually verified/checked user(s) path directories.

3) Nothing showing up with HJT (hijackthis) either.

There are no other apparent negative symptoms except IE 8 having issues viewing all sites properly, which I'll post in a different thread once this certificate issue is resolved. I've search MS site(s) trying to find a MS file specific to root certificates to download and run, but can't (not sure I'll be able to run it if the signature doesn't match lol).

 

I'm thinking about writing a script to delete all the 'duplicate' OS files leaving the latest revision and reregistering all of them...Thoughts?  I'd unistall some updates to try and force a cumulative update with BITS, but I'm not sure that will work without some type of cleanup tool. Searched for a cleanup tool, but only found one for Windows 7/8.

 

I'd appreciate any ideas to help resolve these issues.

|

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Strongly suggest that you first test the installed memory to ensure that these bizarre issues are not memory-related - Memtest86 Free Download Page
Complete instructions for it's use can be found be clicking on the Click Here link on the above web page.

If these bizarre issues are not being caused by faulty memory then the most likely culprits are the installed Symantec product or malware.
Symantec Enterprise antivirus software that is "given" to Home Users by "someone" are NOT intended for Home use and Home editions of ANY Norton product are known to cause Operating System issues with all versions of Windows.

Although you state that "Symantec Norton" and MBAM did not detect any malware, unless you boot the system with a Rescue CD and do a scan with the Hard Drive inactive, one can never be completely assured that malware has not compromised the installed security software and/or Windows itself.

Two of these Rescue CDs are Kaspersky Rescue Disk 10 and Bitdefender Rescue CD


MowGreen

*-343 FDNY -*
Never Forgotten

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

[Who let you in here? <VBEG> Merry Chrismukkahwanzaa, BroMow!]
--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Please answer each of the following [admittedly tedious] diagnostic questions in a correspondingly-numbered list in your very next reply, preferably without quoting my post:

 

1. What is the full name of your installed anti-virus application or security suite and when (approx. date) does your current subscription expire?  What anti-spyware applications (other than Defender) are installed?  What third-party firewall (if any)?

 

2. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?

 

3. Did a Norton free-trial or a McAfee free-trial [PICK ONE] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

 

4. Open Add/Remove Programs & make sure the Show Updates box at the top is checked (and leave it checked); then select the Name option in the Sort by box on the right. Now scroll down & tell me if ALL of the following updates are listed?

 

    (a) KB2761465 [or KB2744842], KB2753842, KB2779030, KB2758857 & KB2770660;

    (b) KB2727528; KB2661254, KB2749655 & KB2724197;

    (c) KB2705219, KB2712808 & KB2731847;

    (d) KB2698365, KB2691442, KB2655992 & KB2719985;

    (e) KB2393802 and especially Update for Windows XP (KB971029).

 

Most will be displayed as Security Update for Windows XP followed by the KB number in parentheses.

 

If IE8 is installed, one (1) will be displayed as Security Update for Windows Internet Explorer 8 followed by the KB number in parentheses.

 

5. Is Firefox, Chrome or any other alternate browser installed?

 

6a. Is Java Version 7 Update 10 (or higher) installed? TEST HERE USING INTERNET EXPLORER (ONLY!) => http://java.com/en/download/installed.jsp

 

6b. Is Adobe Flash Player v11.5.502.135 (or higher) installed? TEST HERE USING INTERNET EXPLORER (ONLY!) => http://www.adobe.com/software/flash/about/

 

7. Are you in the habit of using "Registry cleaners" (e.g., Registry Mechanic; RegCure; RegClean Pro; Advanced SystemCare; Registry Booster; McAfee QuickClean; AVG PC TuneUp; Norton Registry Cleaner; PCTools Optimiser; SpeedUpMyPC; PC Doctor; TuneUp Utilities; WinMaximizer; WinSweeper; Comodo System Cleaner; Advanced System Optimizer; CCleaner Registry Cleaner)?

 

8. Have you ever had occasion to do a Repair Install or a clean install of WinXP for any reason?

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Memory tested fine. I did a full scan offline before posting and all my software is purchased by me. I don't bootleg software because it would be like stealing from my fellow coders. lol

 

What's odd about this issue is that the MS Update passes succesfully, yet in the kb log it shows that it couldn't update the ROOT certificates (all other parts of the update did work, so perhaps MS doesn't consider that an issue...but in this case it is.  I probably should move this post to the group that deals with security..?  Would that area be most knowledgeable on ROOT certificates and how Windows stores them so that I can update them?

 

Also the duplicate files are very strange. Haven't seen it since Windows for Workgroups 3.1.1 lol

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Please answer each of the following [admittedly tedious] diagnostic questions in a correspondingly-numbered list in your very next reply, preferably without quoting my post:

 

1. What is the full name of your installed anti-virus application or security suite and when (approx. date) does your current subscription expire?  What anti-spyware applications (other than Defender) are installed?  What third-party firewall (if any)?

 

2. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?

 

3. Did a Norton free-trial or a McAfee free-trial [PICK ONE] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

 

4. Open Add/Remove Programs & make sure the Show Updates box at the top is checked (and leave it checked); then select the Name option in the Sort by box on the right. Now scroll down & tell me if ALL of the following updates are listed?

 

    (a) KB2761465 [or KB2744842], KB2753842, KB2779030, KB2758857 & KB2770660;

    (b) KB2727528; KB2661254, KB2749655 & KB2724197;

    (c) KB2705219, KB2712808 & KB2731847;

    (d) KB2698365, KB2691442, KB2655992 & KB2719985;

    (e) KB2393802 and especially Update for Windows XP (KB971029).

 

Most will be displayed as Security Update for Windows XP followed by the KB number in parentheses.

 

If IE8 is installed, one (1) will be displayed as Security Update for Windows Internet Explorer 8 followed by the KB number in parentheses.

 

5. Is Firefox, Chrome or any other alternate browser installed?

 

6a. Is Java Version 7 Update 10 (or higher) installed? TEST HERE USING INTERNET EXPLORER (ONLY!) => http://java.com/en/download/installed.jsp

 

6b. Is Adobe Flash Player v11.5.502.135 (or higher) installed? TEST HERE USING INTERNET EXPLORER (ONLY!) => http://www.adobe.com/software/flash/about/

 

7. Are you in the habit of using "Registry cleaners" (e.g., Registry Mechanic; RegCure; RegClean Pro; Advanced SystemCare; Registry Booster; McAfee QuickClean; AVG PC TuneUp; Norton Registry Cleaner; PCTools Optimiser; SpeedUpMyPC; PC Doctor; TuneUp Utilities; WinMaximizer; WinSweeper; Comodo System Cleaner; Advanced System Optimizer; CCleaner Registry Cleaner)?

 

8. Have you ever had occasion to do a Repair Install or a clean install of WinXP for any reason?

Hi thanks for your response.

Answers to your questions: No to all your questions, except

 

1. NIS up-to-date ~8 months left on subscription. No malware or spyware applications, because I scan mine offline with up-to-date tools. No 3rd party firewalls.

 

-AND-

 

4. Yes all the MS Updates in your list (and more) are installed, EXCEPT for two which are known Microsoft issues as identified below:

.      (I recommend you remove these below from your list until Microsoft announces a fix)

 

EXCEPT: KB2758857 because there is a known problem with it corrupting Money Manager and many other financial applications. Microsoft is working on a fix for KB2758857.

http://answers.microsoft.com/thread/507a81f6-7467-4113-b59f-25c979fd6e98/

 

EXCEPT: KB2753842 because there are serious problems (affecting MSOffice, CorelDraw, etc, etc) issues with this security update

 

"We are aware of issues related to OpenType Font (OTF) rendering in applications such as PowerPoint on affected versions of Windows that occur after this security update is applied. We are currently investigating these issues and will take appropriate action to address the known issues. "

Per http://support.microsoft.com/kb/2753842


Any idea on how to manually force a certificate list update. There must be a file to install. Should I move the question to another forum? If so, which forum would you suggest? Thanks for any ideas on to get this fixed.

 

Last resort, I'll revert back to the OEM load (ouch that's such a pain lol)

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

[Who let you in here? <VBEG> Merry Chrismukkahwanzaa, BroMow!]

Why, Sergio Romo let me in,  that's who !
And, a Happy Holidaze to you too, BroBear.




MowGreen

*-343 FDNY -*
Never Forgotten

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Memory tested fine. I did a full scan offline before posting and all my software is purchased by me. I don't bootleg software because it would be like stealing from my fellow coders. lol

 

What's odd about this issue is that the MS Update passes succesfully, yet in the kb log it shows that it couldn't update the ROOT certificates (all other parts of the update did work, so perhaps MS doesn't consider that an issue...but in this case it is.  I probably should move this post to the group that deals with security..?  Would that area be most knowledgeable on ROOT certificates and how Windows stores them so that I can update them?

 

Also the duplicate files are very strange. Haven't seen it since Windows for Workgroups 3.1.1 lol


The duplicate files is what led me to believe that there was a memory-related issue, Camille_H.
Here's what I found for your question about XP and stored certificates  -
Windows XP Certificate Stores

I'll leave you in the hands of my colleague,PABear for now. Too many geeks spoil the code. <w>
Good luck and a Happy Holidaze to ya !

MowGreen

*-343 FDNY -*
Never Forgotten

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

1a. When (approx. date) did you purchase the computer?

 

1b. Was it a brand-new computer or a used computer when you bought it?

 

2a. How long has NIS been installed?

 

2b. Is NIS v20.x currently installed or...?

 

3. What anti-virus application or security suite was installed before you first installed NIS and was your subscription still current?

 

4. Neither a Norton free-trial nor a McAfee free-trial came preinstalled on the computer when you bought it, is that correct?

 

5. Is KB2507618 listed in Add/Remove Programs?

 

6a. Were KB2758857 and/or KB2753842 ever installed?

 

6b. Did you hide KB2758857 and/or KB2753842 before they were installed? ...after they were installed?

 

6c. Did you know that KB2753842 was rereleased on 20 December 2012? [1]

 

7. What, if any, Java version is installed?

 

8. What Flash Player version is installed?

 

=============================================================
[1] See the revised Known Issues section of http://support.microsoft.com/kb/2753842

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

1a. When (approx. date) did you purchase the computer? 

>9/2005

 

1b. Was it a brand-new computer or a used computer when you bought it?

>Brand new. Ordered from Dell - OEM XP-Home Edition (ugh, but it's what it came with lol)

 

2a. How long has NIS been installed?

>Since 3/2008

 

2b. Is NIS v20.x currently installed or...? 

> 15.5.0.32 .

 

3. What anti-virus application or security suite was installed before you first installed NIS and was your subscription still current? 

> There was McAffee, but never used it. Didn't have a subscription...just the program was installed and never activated.

Recently, tried downloading McAffee ESD Uninstaller (MCPR.exe) to uninstall it just in case it's somehow interfering with the December's MSUS or BITS, but with the current issue of not being able to use the ROOT Certs, XP won't let me run it. It won't let me run anything that it can't verify the signature against, so until I get that fixed I'm out of luck.

Installed Norton AV (not NIS) initally when I received the PC in 2005. 

 

4. Neither a Norton free-trial nor a McAfee free-trial came preinstalled on the computer when you bought it, is that correct?

>Only McAfee, but didn't ever use it.

 

5. Is KB2507618 listed in Add/Remove Programs?

> Yes

 

6a. Were KB2758857 and/or KB2753842 ever installed?

> Yes then I removed them via the Add/Remove Programs. Later I added KB1753842-v2 when MS release a fix.

 

6b. Did you hide KB2758857 and/or KB2753842 before they were installed? ...after they were installed?

No they updated via the auto-MSUS/BITS and that's when I had alot of problems. lol

 

6c. Did you know that KB2753842 was rereleased on 20 December 2012? [1]

>Yes, I added v2 when MS fixed the problems with the first release.

 

7. What, if any, Java version is installed?

>Java 6 SDK and for the browser  jre1.6.0.37.6

 

8. What Flash Player version is installed?

>None. Had completely uninstalled it to update to the latest when this (signature/cert) issue was discovered.

 

=============================================================
[1] See the revised Known Issues section of http://support.microsoft.com/kb/2753842

Hi PA Bear. Sorry it took me a while to get back. Answers are within your reply. Since my last post,

A) I installed Chrome to see if I could get the signature/cert to function, but no luck...same as IE8 on the download (looks fine until I run it).

B) Re-applied (forced it by removing and returing to MSUpdate stie-custom) Dec2012 CTL. Now I can validate an ActiveX from MS, but still no luck on a dowload/run file. :P

3) Removed three so far of the IE8 updates to see if any of these are interfering with signature/certs and wanted to know...

If I remove IE8 then reinstall it, would I need to reapply WinXP SP3?

  Regards, Camile

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

1a. 9/2005

1b. Brand new. Ordered from Dell - OEM XP-Home Edition (ugh, but it's what it came with lol)

2a. Since 3/2008

2b. [NIS version] 15.5.0.32

3. Installed Norton AV (not NIS) initally when I received the PC in 2005.

4. Only McAfee, but didn't ever use [activate] it...Recently, tried downloading [McAfee Consumer Products Removal Tool]...just in case it's somehow interfering with the December's MSUS or BITS, but with the current issue of not being able to use the ROOT Certs, XP won't let me run it. It won't let me run anything that it can't verify the signature against, so until I get that fixed I'm out of luck.

5. Yes

6a. Yes then I removed [KB2758857 and/or KB2753842] via the Add/Remove Programs. Later I added KB1753842-v2 when MS release a fix.

6b. No they updated via the [Automatic Updates] and that's when I had alot of problems. lol

6c. Yes, I added v2 when MS fixed the problems with the first release.

7. [Java Version 6 Update 37]

8. None. Had completely uninstalled it to update to the latest when this (signature/cert) issue was discovered.


Hi PA Bear. Sorry it took me a while to get back. Answers are within your reply. Since my last post:

A) I installed Chrome to see if I could get the signature/cert to function, but no luck...same as IE8 on the download (looks fine until I run it).


B) Re-applied (forced it by removing and returing to MSUpdate [site -Custom scan] Dec2012 CTL. Now I can validate an ActiveX from MS, but still no luck on a [download]/run file. :P


C) Removed three so far of the IE8 updates to see if any of these are interfering with signature/certs and wanted to know...

If I remove IE8 then reinstall it, would I need to reapply WinXP SP3?


[Please don't even attempt to quote or even copy/paste my posts in your replies, Camile. THX]

 

PART ONE: DISCUSSION

 

As you may know by now, Norton and McAfee applications are notorious for not uninstalling or upgrading "cleanly." The accumulated Norton "leftovers" as well as the McAfee free-trialware "leftovers" are the most-likely troublemakers here.

 

Ideally, you would have (a) uninstalled the preinstalled McAfee application AND THEN (b) downloaded/ran the McAfee Consumer Products Removal Tool & rebooted (c) BEFORE you installed Norton AntiVirus (NAV) and before you installed any Windows Updates (including SP3, IE7 and/or IE8).

 

Ideally, you would have (a) uninstalled NAV and then (b) downloaded/run the Norton Removal Tool & rebooted (c) before you installed NIS.

 

Assuming you originally installed NIS version 13.x or possibly 14.x, ideally you would have uninstalled the older version, run the removal tool again and then done a clean install of NIS version 15.x.

 

I don't know if NIS v15.x (AKA NIS 2008) is still supported but I would have expected Norton to have offered a free upgrade to NIS v19.x or v20.x by now - at least if all were well with your computer.

 

I do not think that uninstalling the three (3) IE8 updates (i.e., KB2761465, KB2744842 & KB2722913, I assume) was a very wise move! In fact, I don't think IE8 (or SP3) has anything to do with your problem.

 

TIP => Don't even think of doing a Repair Install of WinXP at this point!

 

TIP => Extended Support for Java Version 6 will end in February 2013. Once you've gotten your problems resolved and assuming you need any Java version installed, get Java Version 7 Update 10 (or higher installed) & then remove/uninstall any/all older versions (e.g., v1.6.0_37; v1.5.0_17; v1.4.2_1; etc.).

 

PART TWO: SO WHAT CAN YOU DO NOW?

 

OPTION A: Residents of North America (US & CA), the UK (and perhaps other regions now) may obtain Microsoft-sponsored Premium (i.e., paid) Support via the Answer Desk => http://answerdesk.microsoftstore.com [1]

 

OPTION B (Recommended): There's a very good chance that NIS is not installed or working properly so there's a very distinct possibility that you're seeing the effects of an ongoing "hijackware" infection!  See...

 

   • Cleaning a Compromised System
      http://technet.microsoft.com/en-us/library/cc700813.aspx

 

Follow the instructions in this post of mine in another forum (to-the-letter & in order! - courtesy of Google Cache) to return your computer to a secure & functional state: http://webcache.googleusercontent.com/search?q=cache:y2UykCWCAD0J:aumha.net/viewtopic.php%3Ff%3D62%26t%3D44636+&cd=4&hl=en&ct=clnk&gl=us [2]

 

If you need additional assistance with the clean install, you can begin your own, new thread in this forum & ask for guidance: http://answers.microsoft.com/en-us/windows/forum/windows_xp-system

 

If these procedures are outside of your technical "comfort zone" - and there is no shame in admitting this isn't your cup of tea - take the computer to a local, reputable and independent (i.e., not a "BigBoxStore" or the Geek Squad!) computer repair shop & let them do the work.

 

Note: The computer should NOT be connected to the internet or any local networks (i.e., other computers) in its current state. All of your personal data (e.g., online banking & credit-card passwords) should be considered at-risk, if not already compromised. [3]

 

Wish I'd had better news for you. Stay tuned to this station as my good buddy "BroMow" may have some thoughts for you, too.  Good luck!

 

I have nothing further to contribute to this discussion so I'm no longer monitoring your thread. Over & out...

 

=================================================
[1] $99.00 USD for "up to 2 hours" of remote support, paid up-front & no guarantees whatsoever!

 

[2] The forum where I posted the original several years ago "crashed" for the second time (in the past month) last week.<grrr>

 

[3] Keep this in mind if you decide to purchase a new Win7 (or, God forbid, Win8) computer instead!

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated May 28, 2021 Views 387 Applies to: