[SOLVED] Win10 - refuses to update to 22H2

Code: 
CodeIntegrity:
===============

Date: 2023-02-23 08:33:45
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\$WINDOWS.~BT\NewOS\Windows\System32\SpatialAudioLicenseSrv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Download
5e73b10539364-ESET_OnlineScanner.png
ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens select the English language and click on Get Started.
  • Accept the license agreement, and select in the "Before we start..." screen the following options:
    • No thanks, I am not interested. (if you don't want to share anonymous data with ESET.)
    • Enable feedback system (recommended).
  • Click on Continue and click on the Full Scan option.
  • Select Enable ESET to detect and quarantine potentially unwanted applications - then click Start scan. (This may take some time.)
  • When the scan is ready and if threats have been detected, select Save scan log. Save it to your desktop as Eset.txt. Click on Continue.
  • ESET Online Scanner will now ask if you'd like to turn on the Periodic Scan feature. Disable this option if you don't want to plan the periodic scan.
  • Click on Continue If you left feedback, click Submit and continue. If not, Close without feedback.
  • Attach the scan log Eset.txt to your next reply.
 
Just an update: I left the scan running throughout the workday, and it is still going. So far it says "found 6 objects" out of a half million files
 
I looked up that file that was flagged, and it seems genuine. It is apparently a true microsoft file , part of the audio system. So why is the hash missing?

Redirecting
 
Could you please post the scanlog of ESET, most likely this file is compromised.
 
ok well... i cant find any eset scan log. however, when it finished it said that there was no malware found, only 6 programs that could be undesirable. the one above was not listed.

so i went aheaad with another update test. this time its failed back with the original error.
 

Attachments

Maxstar said:
When the scan is ready and if threats have been detected, select Save scan log. Save it to your desktop as Eset.txt. Click on Continue.
Click to expand...
That's right, you have to save the scanlog when the scan is ready.


Please run the following commands in an elevated prompt and copy and paste the result.

Code: 
certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.19041.1682_none_93780fe2fb732500\rdpinit.exe SHA256
certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-l..ockhostingframework_31bf3856ad364e35_10.0.19041.1741_none_dac1c55b69e4f299\LockHostingFramework.dll SHA256
certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.2486_none_f8991fd9db71cec3\UserOOBEBroker.exe SHA256
 
thata odd, i didnt see any option to save a log.

Microsoft Windows [Version 10.0.19042.1165]
(c) Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.19041.1682_none_93780fe2fb732500\rdpinit.exe SHA256
CertUtil: -hashfile command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.

C:\WINDOWS\system32>certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-l..ockhostingframework_31bf3856ad364e35_10.0.19041.1741_none_dac1c55b69e4f299\LockHostingFramework.dll SHA256
CertUtil: -hashfile command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.

C:\WINDOWS\system32>certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.2486_none_f8991fd9db71cec3\UserOOBEBroker.exe SHA256
CertUtil: -hashfile command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.

C:\WINDOWS\system32>
 
Please do the same for the following files.

Code: 
certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\SpatialAudioLicenseSrv.exe SHA256
certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1_none_fa49c409e6a19ede\CustomShellHost.exe SHA256
 
what shpuld i do with the sfcfix attachment?

C:\WINDOWS\system32>certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\SpatialAudioLicenseSrv.exe SHA256
CertUtil: -hashfile command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.

C:\WINDOWS\system32>certutil -hashfile %systemroot%\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1_none_fa49c409e6a19ede\CustomShellHost.exe SHA256
CertUtil: -hashfile command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.

C:\WINDOWS\system32>
 
i dont know. eset said "no threats found" . just some possibly undeairable programs. it didnt say anything about removing anythinf. very odd.
 
What is the result of the following commands:
Code: 
dir /s /a %systemroot%\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655
dir /s /a %systemroot%\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1_none_fa49c409e6a19ede
 
C:\WINDOWS\system32>dir /s /a %systemroot%\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655
Volume in drive C has no label.
Volume Serial Number is C4EE-1443

Directory of C:\WINDOWS\WinSxS\Temp\InFlight\401261580c86d601a5030000942e8c65

09/08/2020 12:18 PM <DIR> amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
1 Dir(s) 380,291,260,416 bytes free

C:\WINDOWS\system32>dir /s /a %systemroot%\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1_none_fa49c409e6a19ede
Volume in drive C has no label.
Volume Serial Number is C4EE-1443

Directory of C:\WINDOWS\WinSxS\Temp\InFlight\401261580c86d601a5030000942e8c65

09/08/2020 12:18 PM <DIR> amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1_none_fa49c409e6a19ede
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
1 Dir(s) 380,291,096,576 bytes free

C:\WINDOWS\system32>
 
Let's try something else:
1. rename the folder C:\windows\system32\migration to migration.old
2. extract the attached ZIP-file and copy the migration folder (a good copy of 20H2) to C:\windows\system32
3. Then use the MediaCreationTool to try to update the system.

 

Attachments

sigh. no change.

0x8007001f - 0x2000d

the installation failed in the SAFE_OS phase with an error in the MIGRATE_DATA operation
 
i am assuming that windows does not record exactly why, when, and where it is failing?

seems difficult to diagnose!
 
Hmm, let's take a look at the latest logs, please let me know if you are able to copy those files without any changes in ownership and/or permissions.

C:\$Windows.~BT\Sources\Panther\setupact.log
C:\$Windows.~BT\Sources\Panther\setuperr.log
 
This time i was able to access the files without doing anything. up until just now, after each update attempt i had to "enable inheritance" for these to get to them.
 

Attachments

You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top