[SOLVED] Windows Defender gets various errors and won't install updates

S

sga000

Active member
Joined
Apr 3, 2015
Posts
25
Sorry, Sysnative. I posted something last night, but I didn't realize I was putting it in the "New Members" area. I'm posting the same info here, so you can just ignore that thread. I apologize!

Hello Sysnative,

I had a problem with a large update a few weeks ago on my Windows 8.1 system. I was unable to install kb3000850. Somehow I managed to get it fixed with sfc /scannow and sfcfix.exe. But it took several tries and reboots, so I'm not able to describe it very well. Anyway, now I can run Windows Updates, but Windows Defender is messed up again. The flag in the tray shows that I need to turn on virus protection, but it's on. Home screen for Defender shows connection failed, but my internet is fine. Defender won't do updates...error 80004004. And I can't turn off real-time protection in Settings....error 80080017. I have never installed any other virus protection.

I'm attaching CBS.zip for you. Thanks so much for any help!

UPDATE: Sorry, no luck attaching the file. Maybe I'll go ahead and post this and continue to try to find out how to attach. What happens is that I tell the File Upload Manager to upload the file, it spins for about 30 seconds, then just stops spinning. But it doesn't give any error, like the file is too big. So maybe I'm doing it wrong.

Another UPDATE: Here's the Dropbox link...I guess it was too big.
https://www.dropbox.com/s/86ld2xi38l6464m/CBS.zip?dl=0

Thanks for your assistance!
 
Hi sga000 - Welcome to Sysnative.

We specialize in Windows Update issues or errors caused by SFC or DISM. If you are not having errors resulting from these I would recommend that you post your inquiry to a more appropriate forum such as the Windows 8 forum. Experts there have much more knowledge than we do in these specific areas and you would be better served to start there.

Thank you.
 
I think that I am having SFC issues/errors. If you look at the cbs.zip, you'll see some errors there, very similar to what I see others describing in their files. Here's an example of one of the lines:
CSI 000008f0 [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

Before this, I was getting an error with Windows Update. But I ran sfc /scannow and sfcfix.exe, and it fixed that problem. However, the Defender problems persisted. That's when I ran sfc /scannow, captured the info for you, and posted it. So I'm hoping you can take a look at my cbs.zip. If you then still feel this isn't your category, please let me know again. Thanks.
 
Hi sga000 - Sorry for the confusion. I must have misunderstood your original post. I thought you were saying that you don't get any errors when running sfc /scannow but a closer look it doesn't appear that's what you mean. Please do the following.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
  2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  3. Save any open documents and close all open windows.
  4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  6. SFCFix will now process the script.
  7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
  8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Step#2 - Verify Corruption is fixed
1. Right-click on the Start
w8start.png
button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
 sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Please upload CBS.txt to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Items for your next post
1. SFCFix log
2. CBS log
 

Attachments

Brian, good news in one way, but not in another. This sfcfix log looks good. Here is it....

SFCFix version 2.4.3.0 by niemiro.
Start time: 2015-04-17 11:21:10.433
Microsoft Windows 8.1 Update 3 - amd64
Using .zip script file at C:\Users\sandy\Desktop\SFCFix.zip [0]


PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.17415_none_0a5dfdcc33c06e7e\MSDTC.LOG


Successfully copied file C:\Users\sandy\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.17415_none_0a5dfdcc33c06e7e\MSDTC.LOG to C:\WINDOWS\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.17415_none_0a5dfdcc33c06e7e\MSDTC.LOG.


Successfully restored ownership for C:\WINDOWS\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.17415_none_0a5dfdcc33c06e7e\MSDTC.LOG
Successfully restored permissions on C:\WINDOWS\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.3.9600.17415_none_0a5dfdcc33c06e7e\MSDTC.LOG
PowerCopy:: directive completed successfully.


Successfully processed all directives.
SFCFix version 2.4.3.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2015-04-17 11:21:10.886
Script hash: 45Ng++WKRZwfW8e86PYD7mlsHjLeh5SUKefsD8Ucxl0=
----------------------EOF-----------------------

The cbs.txt is in Dropbox. There is lots of older stuff at the beginning, but the interesting part is today (4/17) at 11:24 until 11:47. It looks good too! I don't see any errors about MSDTC.
https://www.dropbox.com/s/4povkhpsbqz188m/cbs.txt?dl=0

However, Windows Defender is still broken in the same way I described originally. I rebooted, hoping that might clear it up, but no luck. So maybe it's time for me to post in the other area of the forum?

I do appreciate your help. Can you tell me what causes the problem with the MSDTC file that your sfcfix.zip file fixed? Is it something that I myself am causing, or is it a windows bug? And if it's the latter, why doesn't Microsoft fix it? Maybe that's something you cannot answer. But I'm hoping to learn how to not have this problem again, whether it's me or Microsoft!

Thanks again.
 
So maybe it's time for me to post in the other area of the forum?
Click to expand...
Correct. We cleaned up your corruption but I didn't expect it to fix Defender.

Can you tell me what causes the problem with the MSDTC file that your sfcfix.zip file fixed? Is it something that I myself am causing, or is it a windows bug? And if it's the latter, why doesn't Microsoft fix it?
Click to expand...
Windows Bug. I'm not exactly sure why it's happening but I know the guys here at Sysnative were collecting information on this to report to Microsoft.

Good luck and if you need anything else let us know.
 
Actually let's do one more thing to be sure there is no hidden corruption.

Step#1 - DISM /RestoreHealth Scan
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Right-click on the Start
    w8start.png
    button and select Command Prompt (Admin)
  2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
    Dism /Online /Cleanup-Image /RestoreHealth
  3. When DISM finishes scanning your component store, zip up and attach your CBS log to your next post:
    C:\Windows\Logs\CBS\CBS.log
 
Brian, I think the DISM command detected no problems, and the attached log will show that, starting at about 14:09 today.

I don't see issues of this sort in the Windows 8 part of this forum, so I don't have much faith in posting there. It really seems like Windows Defender problems fall under this same area (Windows Update). Until I decide to post there, I'm reading other posts online (other sites) and seeing if I can find out any other recommendations. Thank you for your help.
 

Attachments

Yup, no errors. Are you sure you don't have any malware on your computer? If you are sure then don't worry about it. If you want to get checked to see if you do you can post in our Security forum.

If you know you are clean you may want to try installing an Antivirus like Avast and then uninstalling Avast to see if it re-enables and fixes Defender.
 
Thanks, Brian. I will try installing AVAST and uninstalling as my next attempt.

In the meantime, I realized I had never run the troubleshooting in the action center. So I went to action center, it shows 2 issues about spyware and virus protection needing to be turned on (as I originally reported, the flag in the tray has a red box with white x, and it shows those same errors). But I have never turned off any protection in Windows Defender, and it won't allow me to turn it back on due to the errors I mentioned in the first post. Then I click Troubleshooting, System and Security, Fix problems with Windows Update. It shows 2 problems and says they are fixed! However, if run the Troubleshooting again (even after reboot), it still shows the same 2 problems and that they are fixed...again. So obviously, they are not really being fixed. Windows Defender continues to get errors and won't let me update or look at History or change any Settings. It will let me scan, and the Quick Scan is successful.

I'll attach that troubleshooting info in a .pdf file, just for your information. It shows another error code 0x80070490...too bad it says that it fixes it but doesn't mean it!
 

Attachments

No luck with going to Avast and going back to a "good" Defender. Avast installed fine, the errors went away on the flag and in the action center, and I ran a quick scan with Avast. It found 3 files, but not high risk. I let it quarantine them. Then I uninstalled Avast, hoping Defender would somehow be repaired. I mean, Defender did come back and take over as the protector, but it has the same 2 errors as before.

I'm thinking that I may just try to go back to a restore point. But I don't know if that will fix the problem, and also, that won't help me know what the problem is! I'll think about posting in the other section, but I'm not thinking that will help. Again, thanks.
 
Let me take a look at your Registry and see if there is something obvious.

Step#1 - Retrieve Registry Hives


  • Please download the Freeware RegBak from here: Acelogix Software - Download products
     You will find it at the bottom of the page that the link brings you to.
  • Go ahead and install this program and accept all the defaults. After the last install screen the program should open.
  • Click the New Backup button. Accept the defaults and simply click Start.
  • When it says Finished successfully, click the Close button.
  • This will bring you back to the main screen of the program. You will see one entry in this list with the date that you did it. Right-click on this line-item and select Explore Backup...
  • This will bring you into the folder where the backup was made. You should see a Users folder and a Windows folder along with a couple other files. Double-click on the Windows folder to open it. Then open the System32 folder and then config folder. You should see around 6 files in here.
  • Right-click each file and select Send to > Compressed (zipped) folder.
  • Then please upload these files to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are Dropbox or One Drive or SendSpace and then just provide the link in your reply.
  • You can close any open windows you have as well as the RegBack program now.
 
So sorry, Brian, but I just restored a restore point from 4/14, thinking it might be good. My problems started on 4/15, I think. But now I can't even start Windows Defender! Error 80073b01. I'm running sfc /scannow and can post cbs.zip if you think we should just start over from there. I think I did get that error that day, did the sfc /scannow and sfcfix.exe (wihout any sfcfix.zip). I think that got rid of the 80073b01. Then I started having the other Defender issues, but the difference is that pnce I got rid of 80073b01, now I could at least bring Defender up. Then I would get those other errors when trying to do anything. That's what you and I have been dealing with since then.

This all started on 4/2 with a big update that gave me trouble, but I got past that. Then on 4/15, problems returned. Sorry that the history I'm giving isn't exact, but again, I'll be glad to give the cbs.zip and go from there. It's got about another 10 minutes or so to go before it finishes. Thanks!
 
Brian, I apologize for so many posts and so much confusion.

After I ran sfc /scannow, I also ran Windows Update, just to see if it would work, even though Windows Defender did not. Somehow, one of those 2 things (running sfc or Windows Update) made Windows Defender able to be executed, but it now has the 2 problems that I originally reported. So I think we're back to where we were earlier today. Well, not exactly. The cbs.zip looks different, as you will see. I'll attach it here. It shows a couple of files with some kind of hash error, but not the MSDTC file that you helped me with earlier.

I also got the files from regbak for you. You may not be interested in that until you see the cbs.zip, but I'll point to them here, just in case. Thanks again.

https://www.dropbox.com/s/f77hjxhha5rfal6/components.zip?dl=0
https://www.dropbox.com/s/br3l2iuu9c3dm5b/DEFAULT.zip?dl=0
https://www.dropbox.com/s/2416axcmps7qd0h/SAM.zip?dl=0
https://www.dropbox.com/s/6cq5df42dvqwpgj/SECURITY.zip?dl=0
https://www.dropbox.com/s/sn88pw27ud7095i/SOFTWARE.zip?dl=0
https://www.dropbox.com/s/3y9djkf9n6j8os8/SYSTEM.zip?dl=0
 

Attachments

The error in your CBS log is a common one and easily fixed. Please do the following to fix. Again I don't think it will resolve Defender but you can try. I'll review your registry hives to see if anything is out of the ordinary related to Defender.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
  2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  3. Save any open documents and close all open windows.
  4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  6. SFCFix will now process the script.
  7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
  8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Step#2 - Verify Corruption is fixed
1. Right-click on the Start
w8start.png
button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
 sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Please upload CBS.txt to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Items for your next post
1. SFCFix log
2. New CBS log
 

Attachments

Thanks, Brian. I think that sfcfix worked well. Let me know if you see anything in the registry about Defender.

SFCFix version 2.4.3.0 by niemiro.
Start time: 2015-04-18 10:08:34.361
Microsoft Windows 8.1 Update 3 - amd64
Using .zip script file at C:\Users\sandy\Desktop\SFCFix.zip [0]


PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB


Successfully copied file C:\Users\sandy\AppData\Local\niemiro\Archive\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB to C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB.


Successfully restored ownership for C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
Successfully restored permissions on C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
PowerCopy:: directive completed successfully.


Successfully processed all directives.
SFCFix version 2.4.3.0 by niemiro has completed.
Currently storing 3 datablocks.
Finish time: 2015-04-18 10:08:35.220
Script hash: HudXlLZYWqogbaPOIYEL0nP3fra/3WcOyRx8ITEsfO4=
----------------------EOF-----------------------
 

Attachments

Please try the following.

1. Download the attached file fix.zip to your desktop.
2. Right-click on the file and extract to your desktop. The resulting file is fix.reg.
3. Double-click on fix.reg to merge into your registry. Allow when prompted.
4. Assuming it says it was successful please reboot and see if Defender works.

Thanks.
 

Attachments

No luck. Did you see something wrong in the registry entries? I've run apps like ccleaner before, but not lately, and definitely not since I restored to this restore point. Should I try that or some other registry cleaner?
 
Using registry cleaners are not recommended and they usually cause more harm than good so I definitely wouldn't do that. I saw some potential missing registry entries related to Windows Defender. Please do the following so I can take a quick look.

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top