Windows Update trying to install Defender updates despite using MSE

Page 1 of 2 12 LastLast

  1. Posts : 82
    Windows 7 Ultimate 64-bit
       #1

    Windows Update trying to install Defender updates despite using MSE


    Each day I got two definition updates. One for Windows Defender and the other one for Microsoft Security Essentials.

    The one for Security Essentials installs without any problems, the one for Defender fails with error 8007007E.
      My Computer


  2. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #2

    It sounds as if Defender isn't properly switched off.

    Please download the Farbar Service Scanner from

    http://www.bleepingcomputer.com/download/farbar-service-scanner/

    Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.

      My Computer


  3. Posts : 82
    Windows 7 Ultimate 64-bit
    Thread Starter
       #3

    Here you are:

    Farbar Service Scanner Version: 21-07-2014
    Ran by Marek (administrator) on 22-08-2014 at 15:02:21
    Running from "C:\Users\Marek\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
      My Computer


  4. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #4

    Interesting - there are a couple of odd settings:
    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
    ....
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".
    The first may be because of a third-party firewall, or may be because of malware, or a HOSTS file setting.

    The Defender status is definitely wrong...
    The service should be set to manual - and the servicedll should be reset to its proper location.
    I suspect that there are other errors also present in the relevant registry Key.

    Please open an Elevated Command Prompt, and run the following command

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\WinDefend /S

    post the results.

    Please also confirm that this is the system in your 'My System Specs' area, so I get the right values!


    Here are some instructions to make life easier :)
    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
      My Computer


  5. Posts : 82
    Windows 7 Ultimate 64-bit
    Thread Starter
       #5

    Yes this is my system. I do not use any other firewall despite Windows firewall.

    /etc/hosts shows just:

    127.0.0.1 localhost

    Here you go:

    C:\Users\Marek>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\WinDefend /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
    DisplayName REG_SZ Windows Defender
    ErrorControl REG_DWORD 0x1
    ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k secsvcs
    Start REG_DWORD 0x3
    Type REG_DWORD 0x20
    Description REG_SZ @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
    DependOnService REG_MULTI_SZ RpcSs
    ObjectName REG_SZ LocalSystem
    ServiceSidType REG_DWORD 0x1
    RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeBackupPrivil
    ege\0SeRestorePrivilege\0SeDebugPrivilege\0SeChangeNotifyPrivilege\0SeSecurityPr
    ivilege\0SeShutdownPrivilege\0SeIncreaseQuotaPrivilege\0SeAssignPrimaryTokenPriv
    ilege
    DelayedAutoStart REG_DWORD 0x0
    FailureActions REG_NONE 8051010000000000000000000300000014000000010000
    0060EA00000100000060EA00000000000000000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Parameters
    ServiceDllUnloadOnStop REG_DWORD 0x1
    ServiceDll REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Defender\mpsvc.dl
    l

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security
    Security REG_BINARY 01001480DC000000E8000000140000003000000002001C0001
    00000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F0001
    0600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B28000000001001
    0600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001
    010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D
    010200010100000000000504000000000014009D0102000101000000000005060000000101000000
    00000512000000010100000000000512000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\TriggerInfo

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\TriggerInfo\0
    Type REG_DWORD 0x5
    Action REG_DWORD 0x1
    GUID REG_BINARY E6CA9F65DB5BA94DB1FFCA2A178D46E0
      My Computer


  6. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #6

    There are some very strange entries there.
    I think it would be best to delete the entire entry and rebuild it.

    Please open an Elevated Command Prompt, and run the following command

    REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend /f

    Note any error message - post back with details if you get one.


    Close the window.



    I've uploaded a file - windefendx64.zip - to my OneDrive at Noel's OneDrive
    Please download and save it to your desktop.
    Right-click on the saved file and select Extract all...
    Save it to the default location
    This should create a file windefenx64.reg

    right-click on the file, and select Merge
    Accept the warnings, - you should then get a 'Success' message.
    Close all windows, and reboot.

    Then run FarBar again, and post the new log.
      My Computer


  7. Posts : 82
    Windows 7 Ultimate 64-bit
    Thread Starter
       #7

    C:\Users\Marek>REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W
    inDefend /f
    Operacja ukończona pomyślnie.
    Added registry keys. Here's new log:

    Farbar Service Scanner Version: 21-07-2014
    Ran by Marek (administrator) on 23-08-2014 at 13:29:03
    Running from "C:\Users\Marek\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\windows\system32\wuaueng.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
    Last edited by Spacedust; 23 Aug 2014 at 06:49.
      My Computer


  8. Posts : 82
    Windows 7 Ultimate 64-bit
    Thread Starter
       #8

    I've removed MSE because I wasn't able to upgrade version 4.4 to 4.5 and now installation fails with error 0x80070643
      My Computer


  9. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #9

    I think you have malware - or perhaps a problem with RAM!
    services which reported OK the first time are now showing problems.
    The 643 error isn't a good one - and is often associated with registry problems.

    Please test your RAM following this tutorial, and we'll see if the RAM is OK - if it is, then we'll check again for malware.
      My Computer


  10. Posts : 82
    Windows 7 Ultimate 64-bit
    Thread Starter
       #10

    My RAM is ok, I've tested it a few times with memtest. I use only top class ECC memory and never had any bluescreens.

    I was trying to do a repair install but it doesn't work too: Windows 7 Ulimate 64-bit repair install freezing on "Starting Windows"
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:19.
Find Us