F
Fwall4
Hello Bill:
I have followed this thread and was wondering what would happen if one
deleted all references to WD from the Register via regedit?
Fred
--
Fwall4
I have followed this thread and was wondering what would happen if one
deleted all references to WD from the Register via regedit?
Fred
--
Fwall4
Aquayogi said:ok, when I run Defender using services.msc I get the following error:
Services (title bar)
Windows could not start the Windows Defender service on Local Computer.
Error 0x800700c1: 0x800700c1
For the Event viewer command: (the asterix are the edit for my computer name)
Log Name: System
Source: Service Control Manager
Date: 12/1/2007 11:29:45 PM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: *******
Description:
The Windows Defender service terminated with the following error:
Windows Defender is not a valid Win32 application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager"
Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service
Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2007-12-02T05:29:45.000Z" />
<EventRecordID>14202</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>********</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Defender</Data>
<Data Name="param2">%%2147942593</Data>
</EventData>
</Event>
Bill Sanderson said:OK - sorry to be so dense--what you are seeing is expected in your
situation.
The Windows Defender service is not started, which is, of course what the
error message was all about.....
So--either we need to wipe the defs without having the service running, or
figure out how to start the service.
As I recall, you said that you'd run the Windows Installer Cleanup tool, but
not found Windows Defender Definitions listed? OK - I just looked through
that list on Vista, and I don't see them either.
Can I ask for a few more bits of info:
I'd like you to try to start the Windows defender service and record what
errors arise. There are several ways to do this, lets start with the GUI,
rather than command line ways:
hit the start button.
put "services.msc" in the search bar, and hit enter. Hit continue.
(leave off the quotes)
Scroll down to Windows Defender, right click that line, and choose start.
What happens?
Then do start, and put "eventvwr.msc" in the search bar and hit enter, hit
continue.
expand the window to full screen, click on the little arrow to the left of
Windows Logs, then on System. Click on the top entry in the middle column
and see if that shows the result of your attempt to start the service. If
it does, with that line selected, click copy over on the right, and choose
copy details as text.
and then paste that back to this thread--it will resemble what you see
below, but presumably with an error condition.
There are two lines labelled computer--feel free to edit out the name of
your machine if you want--it isn't relevant to getting this fixed.
------------------
Log Name: System
Source: Service Control Manager
Date: 12/1/2007 7:28:13 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: machine
Description:
The Windows Defender service entered the stopped state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager"
Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service
Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2007-12-02T00:28:13.000Z" />
<EventRecordID>82450</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>machine</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Defender</Data>
<Data Name="param2">stopped</Data>
</EventData>
</Event>
Aquayogi said:When I type in that command line, it just repeats the same directory line
over. i.e.
C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all
C:\Program Files\Windows Defender>
Windows Defender still doesn't work.
:
I want to retry the command line procedure. I've removed Forefront from
my
machine, and started Defender, so I can capture the output from that
command
to show you what should happen, and I can provide clearer directions:
Start, all programs, click on the Accessories folder, and right click on
"command prompt" and choose "Run as administrator."
Click continue,
in the command prompt window:
cd \program files\windows defender <hit enter>
mpcmdrun -removedefinitions -al <hit enter>
This is what you should see (ignore version number differences):
-----------------------
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>cd \program files\windows defender
C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all
Service Version: 1.1.1600.0
Engine Version: 1.1.3007.0
AntiSpyware Base Signature Version: 1.23.3764.0
AntiSpyware Delta Signature Version: 1.23.4365.0
Starting engine and signature rollback to default...Done!
Service Version: 1.1.1600.0
Engine Version: 1.1.2908.0
AntiSpyware Base Signature Version: 1.0.0.0
AntiSpyware Delta Signature Version: 1.0.0.0
C:\Program Files\Windows Defender>
------------------------------------------------------
So--what happens in your system? Do you get that same result, with
definitions taken back to 1.0.0.0?
If you get a failure message, right click the title bar of the window,
choose edit, then select all, then edit, then copy, and copy the text
back
to a message here.
If that process succeeds, please go to Windows Update and do a check for
updates.
Nope the only program affected by this is Defender. I don't know if I
mentioned this or not, but under update history, the definition update
said
"Failed." So far it's failed on 3 different definition files. Windows
Update
seems to be working fine. There was only one other update I could
download
to
test it, Windows Live Messenger. It downloaded and ran fine. I'm not
sure
what .msi files are.
:
Is anything else failing besides Windows Defender?
Can you tell whether WindowsUpdate is working?
Are you able to install any other apps which come packaged as .MSI
files?
(I tried to spot something small to try as a test but didn't come up
with
any good ideas.)
We tried that too. We did DellConnect and he fiddled with stuff for
like 3
hours. I remember it as you write it. The system restore didn't
work.
:
What do you remember trying with Dell?
System restore to a restore point before the bad download should
work.
Otherwise, the options in this article are what I can think of:
http://vistasupport.mvps.org/windows_vista_repair_options.htm
but I can't see why this problem should require going to that
length.
Doing only the first command still didn't work. I am unable to
open
Windows
Defender. Any time I try to open Defender I get the same error I
get
when
Windows logs on. I wouldn't mind completely erasing Windows
Defender.
It's
useless to me now, and I hate seeing error messages all the time.
:
What happened?
Can you re-try, doing only the first command--lets try blowing
away
the
definitions.
If you can get that to complete without an error, open Windows
Defender
and
verify that the definition level shows as 0.0 (I think.)
Then try updating via Windows Update.
I'm interested in whether the issue is in removing the current
definitions,
or in reinstating the newest update subsequently.
I believe I have done this on Vista, but don't have a test box
with
Defender
and Vista on them to try it out again at the moment.
If this does not work, my approach would be to use the Windows
Installer
cleanup tool to remove JUST THE DEFINITIONS. However, I dislike
using
this
tool, and am not at all sure what it will show on Vista. You
want
to
be
absolutely sure you are removing just the definitions, and not
Windows
Defender itself, if that shows in the tool.
No luck with this either.
:
I would recommend:
Go to an elevated command prompt in the folder Windows