[SOLVED] Windows Defender gets various errors and won't install updates

I'm looking over your logs and will be back shortly. One thing I noticed is that I would remove the program called SystemContinue from Add/Remove programs.
 
I have gotten rid of SystemContinue and Red Adblocker since you saw those entries in my files. I don't even know how I got those programs, but they are no longer in my installed programs. There may be some "remnants" showing in the registry, but there definitely are no such programs any more. Thanks.

I'm wondering if that error about Defender and Silverlight is interesting to you?
 
I'm wondering if that error about Defender and Silverlight is interesting to you?
Click to expand...
It is, because I haven't seen it before but I see other people that have had the issue too. Still researching...
 
If you've already done what I'm recommending just let me know. Thanks. Please do the following.

Verify WMI
1. Right-click on the Start
w8start.png
button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
winmgmt /verifyrepository
3. Let me know if it says "WMI repository is consistent" or if it says something else.
 
Since Windows Defender won't update on its own I'd also like you to download the definition updates manually from here and try to install. Let me know if the install succeeds.
 
Please also do the following.

Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.
 
Brian, sorry but I didn't see your messages until a few minutes ago. I never got any email notifications....maybe because I left this browser window open.

1. I uninstalled Silverlight, but that did not fix the problem. I believe I only needed if for Amazon streaming and haven't used that lately, so I may not reinstall.
2. The winmgmt command did say consistent.
3. Not sure about this one. As I said in my first post, I can bring up Microsoft Update, and I can install updates. I've been doing that each day since this problem started. If you really want me to run the mpam-fe.exe, I can try again. But when I clicked it, it never seems to start...no prompts or displays. Yet I did see some small internet activity, maybe unrelated. I'm unable to see it in Task Manager, but maybe it will show as some other name.
4. Here's the FSS log. Looks good.

Farbar Service Scanner Version: 17-01-2015
Ran by sandy (administrator) on 19-04-2015 at 11:15:40
Running from "C:\Users\sandy\Desktop"
Microsoft Windows 8.1 Pro with Media Center (X64)
Boot Mode: Normal
****************************************************************


Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.




Windows Firewall:
=============


Firewall Disabled Policy:
==================




System Restore:
============


System Restore Policy:
========================




Action Center:
============




Windows Update:
============


Windows Autoupdate Disabled Policy:
============================




Windows Defender:
==============


Other Services:
==============




File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed




**** End of log ****
 
I rebooted and tried double-clicking on mpam-fe.exe again. Same thing...hourglass shows for 10-15 seconds, as if it's "trying", but then the hourglass goes away, and I get no prompts or information. Task Manager shows very minor disk or cpu activity. Since I seem to be unable to run this, maybe it tells you something more about my problem. I definitely can bring up Windows Update and install updates that way...but not this mpam-fe way.
 
I tried running mpam-fe as admin, and at least it does ask for permission now. But still nothing displays.
 
What you are seeing (hourglass for 10-15 seconds) is all that was supposed to happen. So you are fine. I wanted to make sure that Window Defender definitions were up-to-date. You still are getting the same two issues correct?
 
Well, there is a minor difference, and I don't know when it changed. I still have the action center reporting the same two issues. But if I click on either of those errors (after clicking on the flag in the tray), they each just display a little clock on them. Maybe that means that mpam-fe is running? I do see Antimalware Service Executable running in Task Manager, but with very little cpu and disk action. Similar for Microsoft Malware Protect Co..., Microsoft Network Realtime Protection. I'm sure I rebooted, both those must be persisting. I wonder if I should end those tasks. I'd really rather not have them running since they don't appear to be doing anything!

EDIT: Sorry, the little clock just means that I already had Windows Defender open. Once I closed it, the little clocks don't occur.
 
OK, please try the following.

Windows Repairs
1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair that you can open as well.
6. Open Repair_Windows.exe.
7. When the program opens, click the Repairs tab and click the Open Repairs button.
8. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
9. Please click the Unselect All button and then click to enable only the following ones:
----05 - Repair WMI
----06 - Repair Windows Firewall
----10 - Remove Policies Set by Infections
----15 - Repair Proxy Settings
----30 - Restore Windows 8 COM+ Unmarshalers

10. Click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient (should be less than 10 minutes however).
11. Once the fixes are complete you may be prompted to restart your machine. Answer Yes.

Let me know in your next post if this worked.
 
No luck. I had high hopes for this one...during the first repair (WMI), a notification showed on the tray saying that protection needed to be turned on. I didn't do anything, but I did notice it and hoped it meant it might work after reboot. But no!
 
Unfortunately we've ended up exactly where I've ended up before during some malware removal cases. It's an extremely hard one to fix...especially remotely. I think at this point you have the following options.
1. Do a Refresh in Windows 8.1 which should restore defender to working condition. Unfortunately all of your programs that you installed (i.e. 7zip, Adobe Reader, Dragon Naturally Speaking) would have to be reinstalled. Your documents however would remain untouched.

2. Install a different AV like Avast and just use that instead of Defender.
3. Post the issue in the other forum to see if they have any other ideas.
4. You could also try running the Repair_Windows.exe and checking ALL the options and letting it run to see if it fixes the issue. This would be your choice though.

I'm really sorry I couldn't help you further but we were able to repair the corruption.
 
It's up to you but if you would like I have one last idea. If so please do the following. Of course I thought about it right after I posted the previous response.

1. Right-click your start button and choose Command Prompt (Admin)
2. Type the following commands (or copy/paste) hitting enter after each.
cd C:\Program Files\Windows Defender
MpCmdRun -getfiles
3. Zip and attach C:\ProgramData\Microsoft\Windows Defender\Support\MPSupportFiles.cab
 
Brian, I really appreciate your help...I know you tried everything! I'll think about what I want to do next. I know Windows 10 is coming. So I might just use Avast, as you suggested, until then, and then I would think the upgrade to Windows 10 would fix the problem, while keeping all programs/data intact, right? I'm just a curious cat though, so it really bothers me to not know what caused this. That bothers me more than the actual problem!

I'd like to refresh, as you suggested, and I don't mind some programs being deleted since I don't have much data associated. But it would be hard to recover lots of the other stuff, so I guess I won't try that option.

I'll probably try all options of the repair, and I'll let you know if there's any change.

If I go back to some restore point that happens to work, would you be interested in seeing any registry files (maybe with regbak that you referred me to?)? I'm sure it would not be easy to scan and see the differences, but I thought I'd ask.

I don't think I'll post on the other area of the forum right now.

Again, thank you very much for your time and hard work.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top