Recieved Error after a Definition Update

[Aquayogi]

My laptop recently did an auto-update in which it downloaded a definition
file for Defender. The update failed to install correctly and now whenever I
try to open Defender I get the following Error: Application failed to
intialize: 0x800700c1.
This update is: Definition Update for Windows Defender KB915597 (Definition
1.23.4365.0) I tried doing a system restore, and redownloading the update,
both to no avail. Now I can't even run Defender. How can this update make my
Defender completely useless, and is there any way to fix this? I
troubleshooted with a Dell tech for 3 hours trying various things, and
nothing seemed to work. I even tried to uninstall Defender from my system
which it won't let me do. I would rather delete the useless program rather
than seeing an error message every time I log onto Windows. Please someone
help!!!

 

[Anonymous Bob]

My laptop recently did an auto-update in which it downloaded a definition
file for Defender. The update failed to install correctly and now whenever I
try to open Defender I get the following Error: Application failed to
intialize: 0x800700c1.
This update is: Definition Update for Windows Defender KB915597 (Definition
1.23.4365.0) I tried doing a system restore, and redownloading the update,
both to no avail. Now I can't even run Defender. How can this update make my
Defender completely useless, and is there any way to fix this? I
troubleshooted with a Dell tech for 3 hours trying various things, and
nothing seemed to work. I even tried to uninstall Defender from my system
which it won't let me do. I would rather delete the useless program rather
than seeing an error message every time I log onto Windows. Please someone
help!!!

Try downloading the latest definitions from the security portal:
http://www.microsoft.com/security/portal/

You'll find them one you want on the right side:
32 bit - http://go.microsoft.com/fwlink/?LinkID=85914&clcid=0x409
64 bit - http://go.microsoft.com/fwlink/?LinkID=86955&clcid=0x409

Let us know how it goes.

Bob Vanderveen

 

[Mr Cat]

Under add or remove programs for Windows Defender click "click here for
support information" and then click Repair. If you are using Vista then stop
and wait for a suggestion from Engel or Sanderson. Otherwise download this
Microsoft Utility:
http://support.microsoft.com/kb/290301
Remove Windows Defender.
Re-install Windows Defender:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

 

[Aquayogi]

I tried that as well to no effect

Try downloading the latest definitions from the security portal:
http://www.microsoft.com/security/portal/

You'll find them one you want on the right side:
32 bit - http://go.microsoft.com/fwlink/?LinkID=85914&clcid=0x409
64 bit - http://go.microsoft.com/fwlink/?LinkID=86955&clcid=0x409

Let us know how it goes.

Bob Vanderveen

 

[Aquayogi]

I am running Windows Vista Home Premium 32 bit
Intel Core 2 Duo T5250 @ 1.50 GHz
2.0 gb ram
NVIDIA GeForce 8400M GS
Creative Sound Blaster Xtreme Audio Notebook ExpressCard

 

[Aquayogi]

The Dell Tech and I tried running that utility, but it did not recognize
Defender. Defender also is not on the add/remove programs list in control
panel. We found no way of removing it from the system. We also tried
reinstalling it, but it told us since I have Vista I already have Defender.
Poor Dell guy was more frustrated than me. Please Microsoft help!!!

 

[Bill Sanderson]

I would recommend:

Go to an elevated command prompt in the folder Windows Defender is installed
in:
Start, all programs, accessories, command prompt. Right-click command
prompt, and choose "Run as Administrator" and then click continue to assent
to the elevation.

cd \program files\windows defender

(You may need to change drive letters if you have more than one, and Windows
Defender is installed on a different drive)

mpcmdrun -removedefinitions -all <enter>
mpcmdrun -signatureupdate <enter>

exit (to close the elevated command prompt window)

See whether that resolves the issue.

 

[Aquayogi]

No luck with this either.

I would recommend:

Go to an elevated command prompt in the folder Windows Defender is installed
in:
Start, all programs, accessories, command prompt. Right-click command
prompt, and choose "Run as Administrator" and then click continue to assent
to the elevation.

cd \program files\windows defender

(You may need to change drive letters if you have more than one, and Windows
Defender is installed on a different drive)

mpcmdrun -removedefinitions -all <enter>
mpcmdrun -signatureupdate <enter>

exit (to close the elevated command prompt window)

See whether that resolves the issue.

 

[Bill Sanderson]

What happened?

Can you re-try, doing only the first command--lets try blowing away the
definitions.

If you can get that to complete without an error, open Windows Defender and
verify that the definition level shows as 0.0 (I think.)

Then try updating via Windows Update.

I'm interested in whether the issue is in removing the current definitions,
or in reinstating the newest update subsequently.

I believe I have done this on Vista, but don't have a test box with Defender
and Vista on them to try it out again at the moment.

If this does not work, my approach would be to use the Windows Installer
cleanup tool to remove JUST THE DEFINITIONS. However, I dislike using this
tool, and am not at all sure what it will show on Vista. You want to be
absolutely sure you are removing just the definitions, and not Windows
Defender itself, if that shows in the tool.

 

[Aquayogi]

Doing only the first command still didn't work. I am unable to open Windows
Defender. Any time I try to open Defender I get the same error I get when
Windows logs on. I wouldn't mind completely erasing Windows Defender. It's
useless to me now, and I hate seeing error messages all the time.

 

[Bill Sanderson]

I'd strongly advise not attempting to "erase" Windows Defender in Vista--it
is a part of the OS, and not easily extricated.

Let me see if I can come up with anything else worth trying.

I'm not clear what the support situation is with Windows Defender, in Vista.
I assume that as part of the OS, it is supported by whoever your OS support
comes from--meaning an OEM for most folks. And, with many oem's Windows
support is an additional cost item.

You could view Windows Defender being out of commission as a security issue,
and see whether the good folks at 1-866-pcsafety are willing to talk to you
for free, assuming that you are in the US or Canada (elsewhere, call your
local Microsoft Support number and ask for the free help with virus or
security-related issues,)

 

[Bill Sanderson]

What do you remember trying with Dell?

System restore to a restore point before the bad download should work.

Otherwise, the options in this article are what I can think of:

http://vistasupport.mvps.org/windows_vista_repair_options.htm

but I can't see why this problem should require going to that length.

 

[Aquayogi]

We tried that too. We did DellConnect and he fiddled with stuff for like 3
hours. I remember it as you write it. The system restore didn't work.

 

[Bill Sanderson]

Is anything else failing besides Windows Defender?

Can you tell whether WindowsUpdate is working?

Are you able to install any other apps which come packaged as .MSI files?

(I tried to spot something small to try as a test but didn't come up with
any good ideas.)

 

[Aquayogi]

Nope the only program affected by this is Defender. I don't know if I
mentioned this or not, but under update history, the definition update said
"Failed." So far it's failed on 3 different definition files. Windows Update
seems to be working fine. There was only one other update I could download to
test it, Windows Live Messenger. It downloaded and ran fine. I'm not sure
what .msi files are.

 

[Bill Sanderson]

I want to retry the command line procedure. I've removed Forefront from my
machine, and started Defender, so I can capture the output from that command
to show you what should happen, and I can provide clearer directions:

Start, all programs, click on the Accessories folder, and right click on
"command prompt" and choose "Run as administrator."

Click continue,

in the command prompt window:

cd \program files\windows defender <hit enter>

mpcmdrun -removedefinitions -al <hit enter>

This is what you should see (ignore version number differences):
-----------------------
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>cd \program files\windows defender

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all

Service Version: 1.1.1600.0
Engine Version: 1.1.3007.0
AntiSpyware Base Signature Version: 1.23.3764.0
AntiSpyware Delta Signature Version: 1.23.4365.0

Starting engine and signature rollback to default...Done!

Service Version: 1.1.1600.0
Engine Version: 1.1.2908.0
AntiSpyware Base Signature Version: 1.0.0.0
AntiSpyware Delta Signature Version: 1.0.0.0

C:\Program Files\Windows Defender>
------------------------------------------------------

So--what happens in your system? Do you get that same result, with
definitions taken back to 1.0.0.0?

If you get a failure message, right click the title bar of the window,
choose edit, then select all, then edit, then copy, and copy the text back
to a message here.

If that process succeeds, please go to Windows Update and do a check for
updates.

 

[Aquayogi]

When I type in that command line, it just repeats the same directory line
over. i.e.

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all
C:\Program Files\Windows Defender>

Windows Defender still doesn't work.

I want to retry the command line procedure. I've removed Forefront from my
machine, and started Defender, so I can capture the output from that command
to show you what should happen, and I can provide clearer directions:

Start, all programs, click on the Accessories folder, and right click on
"command prompt" and choose "Run as administrator."

Click continue,

in the command prompt window:

cd \program files\windows defender <hit enter>

mpcmdrun -removedefinitions -al <hit enter>

This is what you should see (ignore version number differences):
-----------------------
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>cd \program files\windows defender

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all

Service Version: 1.1.1600.0
Engine Version: 1.1.3007.0
AntiSpyware Base Signature Version: 1.23.3764.0
AntiSpyware Delta Signature Version: 1.23.4365.0

Starting engine and signature rollback to default...Done!

Service Version: 1.1.1600.0
Engine Version: 1.1.2908.0
AntiSpyware Base Signature Version: 1.0.0.0
AntiSpyware Delta Signature Version: 1.0.0.0

C:\Program Files\Windows Defender>
------------------------------------------------------

So--what happens in your system? Do you get that same result, with
definitions taken back to 1.0.0.0?

If you get a failure message, right click the title bar of the window,
choose edit, then select all, then edit, then copy, and copy the text back
to a message here.

If that process succeeds, please go to Windows Update and do a check for
updates.

Nope the only program affected by this is Defender. I don't know if I
mentioned this or not, but under update history, the definition update
said
"Failed." So far it's failed on 3 different definition files. Windows
Update
seems to be working fine. There was only one other update I could download
to
test it, Windows Live Messenger. It downloaded and ran fine. I'm not sure
what .msi files are.

 

[Bill Sanderson]

Thanks --let me kill the service on this machine and see how it behaves.

When I type in that command line, it just repeats the same directory line
over. i.e.

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all
C:\Program Files\Windows Defender>

Windows Defender still doesn't work.

I want to retry the command line procedure. I've removed Forefront from
my
machine, and started Defender, so I can capture the output from that
command
to show you what should happen, and I can provide clearer directions:

Start, all programs, click on the Accessories folder, and right click on
"command prompt" and choose "Run as administrator."

Click continue,

in the command prompt window:

cd \program files\windows defender <hit enter>

mpcmdrun -removedefinitions -al <hit enter>

This is what you should see (ignore version number differences):
-----------------------
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>cd \program files\windows defender

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all

Service Version: 1.1.1600.0
Engine Version: 1.1.3007.0
AntiSpyware Base Signature Version: 1.23.3764.0
AntiSpyware Delta Signature Version: 1.23.4365.0

Starting engine and signature rollback to default...Done!

Service Version: 1.1.1600.0
Engine Version: 1.1.2908.0
AntiSpyware Base Signature Version: 1.0.0.0
AntiSpyware Delta Signature Version: 1.0.0.0

C:\Program Files\Windows Defender>
------------------------------------------------------

So--what happens in your system? Do you get that same result, with
definitions taken back to 1.0.0.0?

If you get a failure message, right click the title bar of the window,
choose edit, then select all, then edit, then copy, and copy the text
back
to a message here.

If that process succeeds, please go to Windows Update and do a check for
updates.

Nope the only program affected by this is Defender. I don't know if I
mentioned this or not, but under update history, the definition update
said
"Failed." So far it's failed on 3 different definition files. Windows
Update
seems to be working fine. There was only one other update I could
download
to
test it, Windows Live Messenger. It downloaded and ran fine. I'm not
sure
what .msi files are.

:

Is anything else failing besides Windows Defender?

Can you tell whether WindowsUpdate is working?

Are you able to install any other apps which come packaged as .MSI
files?

(I tried to spot something small to try as a test but didn't come up
with
any good ideas.)

We tried that too. We did DellConnect and he fiddled with stuff for
like 3
hours. I remember it as you write it. The system restore didn't
work.
:

What do you remember trying with Dell?

System restore to a restore point before the bad download should
work.

Otherwise, the options in this article are what I can think of:

http://vistasupport.mvps.org/windows_vista_repair_options.htm

but I can't see why this problem should require going to that
length.


Doing only the first command still didn't work. I am unable to
open
Windows
Defender. Any time I try to open Defender I get the same error I
get
when
Windows logs on. I wouldn't mind completely erasing Windows
Defender.
It's
useless to me now, and I hate seeing error messages all the time.

:

What happened?

Can you re-try, doing only the first command--lets try blowing
away
the
definitions.

If you can get that to complete without an error, open Windows
Defender
and
verify that the definition level shows as 0.0 (I think.)

Then try updating via Windows Update.

I'm interested in whether the issue is in removing the current
definitions,
or in reinstating the newest update subsequently.

I believe I have done this on Vista, but don't have a test box
with
Defender
and Vista on them to try it out again at the moment.

If this does not work, my approach would be to use the Windows
Installer
cleanup tool to remove JUST THE DEFINITIONS. However, I dislike
using
this
tool, and am not at all sure what it will show on Vista. You
want
to
be
absolutely sure you are removing just the definitions, and not
Windows
Defender itself, if that shows in the tool.


No luck with this either.

:

I would recommend:

Go to an elevated command prompt in the folder Windows
Defender
is
installed
in:
Start, all programs, accessories, command prompt.
Right-click
command
prompt, and choose "Run as Administrator" and then click
continue
to
assent
to the elevation.

cd \program files\windows defender

(You may need to change drive letters if you have more than
one,
and
Windows
Defender is installed on a different drive)

mpcmdrun -removedefinitions -all <enter>
mpcmdrun -signatureupdate <enter>

exit (to close the elevated command prompt window)

See whether that resolves the issue.

message
The Dell Tech and I tried running that utility, but it did
not
recognize
Defender. Defender also is not on the add/remove programs
list
in
control
panel. We found no way of removing it from the system. We
also
tried
reinstalling it, but it told us since I have Vista I
already
have
Defender.
Poor Dell guy was more frustrated than me. Please Microsoft
help!!!

:

Under add or remove programs for Windows Defender click
"click
here
for
support information" and then click Repair. If you are
using
Vista
then
stop
and wait for a suggestion from Engel or Sanderson.
Otherwise
download
this
Microsoft Utility:
http://support.microsoft.com/kb/290301
Remove Windows Defender.
Re-install Windows Defender:
http://www.microsoft.com/athome/security/spyware/software/default.mspx


:

My laptop recently did an auto-update in which it
downloaded a
definition
file for Defender. The update failed to install
correctly
and
now
whenever I
try to open Defender I get the following Error:
Application
failed
to
intialize: 0x800700c1.
This update is: Definition Update for Windows Defender
KB915597
(Definition
1.23.4365.0) I tried doing a system restore, and
redownloading
the
update,
both to no avail. Now I can't even run Defender. How can
this
update
make my
Defender completely useless, and is there any way to fix
this?
I
troubleshooted with a Dell tech for 3 hours trying
various
things,
and
nothing seemed to work. I even tried to uninstall
Defender
from
my
system
which it won't let me do. I would rather delete the
useless
program
rather
than seeing an error message every time I log onto
Windows.
Please
someone
help!!!

 

[Bill Sanderson]

OK - sorry to be so dense--what you are seeing is expected in your
situation.

The Windows Defender service is not started, which is, of course what the
error message was all about.....

So--either we need to wipe the defs without having the service running, or
figure out how to start the service.

As I recall, you said that you'd run the Windows Installer Cleanup tool, but
not found Windows Defender Definitions listed? OK - I just looked through
that list on Vista, and I don't see them either.

Can I ask for a few more bits of info:

I'd like you to try to start the Windows defender service and record what
errors arise. There are several ways to do this, lets start with the GUI,
rather than command line ways:
hit the start button.
put "services.msc" in the search bar, and hit enter. Hit continue.
(leave off the quotes)
Scroll down to Windows Defender, right click that line, and choose start.

What happens?

Then do start, and put "eventvwr.msc" in the search bar and hit enter, hit
continue.
expand the window to full screen, click on the little arrow to the left of
Windows Logs, then on System. Click on the top entry in the middle column
and see if that shows the result of your attempt to start the service. If
it does, with that line selected, click copy over on the right, and choose
copy details as text.
and then paste that back to this thread--it will resemble what you see
below, but presumably with an error condition.

There are two lines labelled computer--feel free to edit out the name of
your machine if you want--it isn't relevant to getting this fixed.

------------------
Log Name: System
Source: Service Control Manager
Date: 12/1/2007 7:28:13 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: machine
Description:
The Windows Defender service entered the stopped state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager"
Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service
Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2007-12-02T00:28:13.000Z" />
<EventRecordID>82450</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>machine</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Defender</Data>
<Data Name="param2">stopped</Data>
</EventData>
</Event>

When I type in that command line, it just repeats the same directory line
over. i.e.

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all
C:\Program Files\Windows Defender>

Windows Defender still doesn't work.

I want to retry the command line procedure. I've removed Forefront from
my
machine, and started Defender, so I can capture the output from that
command
to show you what should happen, and I can provide clearer directions:

Start, all programs, click on the Accessories folder, and right click on
"command prompt" and choose "Run as administrator."

Click continue,

in the command prompt window:

cd \program files\windows defender <hit enter>

mpcmdrun -removedefinitions -al <hit enter>

This is what you should see (ignore version number differences):
-----------------------
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>cd \program files\windows defender

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all

Service Version: 1.1.1600.0
Engine Version: 1.1.3007.0
AntiSpyware Base Signature Version: 1.23.3764.0
AntiSpyware Delta Signature Version: 1.23.4365.0

Starting engine and signature rollback to default...Done!

Service Version: 1.1.1600.0
Engine Version: 1.1.2908.0
AntiSpyware Base Signature Version: 1.0.0.0
AntiSpyware Delta Signature Version: 1.0.0.0

C:\Program Files\Windows Defender>
------------------------------------------------------

So--what happens in your system? Do you get that same result, with
definitions taken back to 1.0.0.0?

If you get a failure message, right click the title bar of the window,
choose edit, then select all, then edit, then copy, and copy the text
back
to a message here.

If that process succeeds, please go to Windows Update and do a check for
updates.

Nope the only program affected by this is Defender. I don't know if I
mentioned this or not, but under update history, the definition update
said
"Failed." So far it's failed on 3 different definition files. Windows
Update
seems to be working fine. There was only one other update I could
download
to
test it, Windows Live Messenger. It downloaded and ran fine. I'm not
sure
what .msi files are.

:

Is anything else failing besides Windows Defender?

Can you tell whether WindowsUpdate is working?

Are you able to install any other apps which come packaged as .MSI
files?

(I tried to spot something small to try as a test but didn't come up
with
any good ideas.)

We tried that too. We did DellConnect and he fiddled with stuff for
like 3
hours. I remember it as you write it. The system restore didn't
work.
:

What do you remember trying with Dell?

System restore to a restore point before the bad download should
work.

Otherwise, the options in this article are what I can think of:

http://vistasupport.mvps.org/windows_vista_repair_options.htm

but I can't see why this problem should require going to that
length.


Doing only the first command still didn't work. I am unable to
open
Windows
Defender. Any time I try to open Defender I get the same error I
get
when
Windows logs on. I wouldn't mind completely erasing Windows
Defender.
It's
useless to me now, and I hate seeing error messages all the time.

:

What happened?

Can you re-try, doing only the first command--lets try blowing
away
the
definitions.

If you can get that to complete without an error, open Windows
Defender
and
verify that the definition level shows as 0.0 (I think.)

Then try updating via Windows Update.

I'm interested in whether the issue is in removing the current
definitions,
or in reinstating the newest update subsequently.

I believe I have done this on Vista, but don't have a test box
with
Defender
and Vista on them to try it out again at the moment.

If this does not work, my approach would be to use the Windows
Installer
cleanup tool to remove JUST THE DEFINITIONS. However, I dislike
using
this
tool, and am not at all sure what it will show on Vista. You
want
to
be
absolutely sure you are removing just the definitions, and not
Windows
Defender itself, if that shows in the tool.


No luck with this either.

:

I would recommend:

Go to an elevated command prompt in the folder Windows
Defender
is
installed
in:
Start, all programs, accessories, command prompt.
Right-click
command
prompt, and choose "Run as Administrator" and then click
continue
to
assent
to the elevation.

cd \program files\windows defender

(You may need to change drive letters if you have more than
one,
and
Windows
Defender is installed on a different drive)

mpcmdrun -removedefinitions -all <enter>
mpcmdrun -signatureupdate <enter>

exit (to close the elevated command prompt window)

See whether that resolves the issue.

message
The Dell Tech and I tried running that utility, but it did
not
recognize
Defender. Defender also is not on the add/remove programs
list
in
control
panel. We found no way of removing it from the system. We
also
tried
reinstalling it, but it told us since I have Vista I
already
have
Defender.
Poor Dell guy was more frustrated than me. Please Microsoft
help!!!

:

Under add or remove programs for Windows Defender click
"click
here
for
support information" and then click Repair. If you are
using
Vista
then
stop
and wait for a suggestion from Engel or Sanderson.
Otherwise
download
this
Microsoft Utility:
http://support.microsoft.com/kb/290301
Remove Windows Defender.
Re-install Windows Defender:
http://www.microsoft.com/athome/security/spyware/software/default.mspx


:

My laptop recently did an auto-update in which it
downloaded a
definition
file for Defender. The update failed to install
correctly
and
now
whenever I
try to open Defender I get the following Error:
Application
failed
to
intialize: 0x800700c1.
This update is: Definition Update for Windows Defender
KB915597
(Definition
1.23.4365.0) I tried doing a system restore, and
redownloading
the
update,
both to no avail. Now I can't even run Defender. How can
this
update
make my
Defender completely useless, and is there any way to fix
this?
I
troubleshooted with a Dell tech for 3 hours trying
various
things,
and
nothing seemed to work. I even tried to uninstall
Defender
from
my
system
which it won't let me do. I would rather delete the
useless
program
rather
than seeing an error message every time I log onto
Windows.
Please
someone
help!!!

 

[Aquayogi]

ok, when I run Defender using services.msc I get the following error:

Services (title bar)
Windows could not start the Windows Defender service on Local Computer.
Error 0x800700c1: 0x800700c1

For the Event viewer command: (the asterix are the edit for my computer name)

Log Name: System
Source: Service Control Manager
Date: 12/1/2007 11:29:45 PM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: *******
Description:
The Windows Defender service terminated with the following error:
Windows Defender is not a valid Win32 application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager"
Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service
Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2007-12-02T05:29:45.000Z" />
<EventRecordID>14202</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>********</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Defender</Data>
<Data Name="param2">%%2147942593</Data>
</EventData>
</Event>

OK - sorry to be so dense--what you are seeing is expected in your
situation.

The Windows Defender service is not started, which is, of course what the
error message was all about.....

So--either we need to wipe the defs without having the service running, or
figure out how to start the service.

As I recall, you said that you'd run the Windows Installer Cleanup tool, but
not found Windows Defender Definitions listed? OK - I just looked through
that list on Vista, and I don't see them either.

Can I ask for a few more bits of info:

I'd like you to try to start the Windows defender service and record what
errors arise. There are several ways to do this, lets start with the GUI,
rather than command line ways:
hit the start button.
put "services.msc" in the search bar, and hit enter. Hit continue.
(leave off the quotes)
Scroll down to Windows Defender, right click that line, and choose start.

What happens?

Then do start, and put "eventvwr.msc" in the search bar and hit enter, hit
continue.
expand the window to full screen, click on the little arrow to the left of
Windows Logs, then on System. Click on the top entry in the middle column
and see if that shows the result of your attempt to start the service. If
it does, with that line selected, click copy over on the right, and choose
copy details as text.
and then paste that back to this thread--it will resemble what you see
below, but presumably with an error condition.

There are two lines labelled computer--feel free to edit out the name of
your machine if you want--it isn't relevant to getting this fixed.

------------------
Log Name: System
Source: Service Control Manager
Date: 12/1/2007 7:28:13 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: machine
Description:
The Windows Defender service entered the stopped state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager"
Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service
Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2007-12-02T00:28:13.000Z" />
<EventRecordID>82450</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>machine</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Defender</Data>
<Data Name="param2">stopped</Data>
</EventData>
</Event>

When I type in that command line, it just repeats the same directory line
over. i.e.

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all
C:\Program Files\Windows Defender>

Windows Defender still doesn't work.

I want to retry the command line procedure. I've removed Forefront from
my
machine, and started Defender, so I can capture the output from that
command
to show you what should happen, and I can provide clearer directions:

Start, all programs, click on the Accessories folder, and right click on
"command prompt" and choose "Run as administrator."

Click continue,

in the command prompt window:

cd \program files\windows defender <hit enter>

mpcmdrun -removedefinitions -al <hit enter>

This is what you should see (ignore version number differences):
-----------------------
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>cd \program files\windows defender

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all

Service Version: 1.1.1600.0
Engine Version: 1.1.3007.0
AntiSpyware Base Signature Version: 1.23.3764.0
AntiSpyware Delta Signature Version: 1.23.4365.0

Starting engine and signature rollback to default...Done!

Service Version: 1.1.1600.0
Engine Version: 1.1.2908.0
AntiSpyware Base Signature Version: 1.0.0.0
AntiSpyware Delta Signature Version: 1.0.0.0

C:\Program Files\Windows Defender>
------------------------------------------------------

So--what happens in your system? Do you get that same result, with
definitions taken back to 1.0.0.0?

If you get a failure message, right click the title bar of the window,
choose edit, then select all, then edit, then copy, and copy the text
back
to a message here.

If that process succeeds, please go to Windows Update and do a check for
updates.



Nope the only program affected by this is Defender. I don't know if I
mentioned this or not, but under update history, the definition update
said
"Failed." So far it's failed on 3 different definition files. Windows
Update
seems to be working fine. There was only one other update I could
download
to
test it, Windows Live Messenger. It downloaded and ran fine. I'm not
sure
what .msi files are.

:

Is anything else failing besides Windows Defender?

Can you tell whether WindowsUpdate is working?

Are you able to install any other apps which come packaged as .MSI
files?

(I tried to spot something small to try as a test but didn't come up
with
any good ideas.)

We tried that too. We did DellConnect and he fiddled with stuff for
like 3
hours. I remember it as you write it. The system restore didn't
work.
:

What do you remember trying with Dell?

System restore to a restore point before the bad download should
work.

Otherwise, the options in this article are what I can think of:

http://vistasupport.mvps.org/windows_vista_repair_options.htm

but I can't see why this problem should require going to that
length.


Doing only the first command still didn't work. I am unable to
open
Windows
Defender. Any time I try to open Defender I get the same error I
get
when
Windows logs on. I wouldn't mind completely erasing Windows
Defender.
It's
useless to me now, and I hate seeing error messages all the time.

:

What happened?

Can you re-try, doing only the first command--lets try blowing
away
the
definitions.

If you can get that to complete without an error, open Windows
Defender
and
verify that the definition level shows as 0.0 (I think.)

Then try updating via Windows Update.

I'm interested in whether the issue is in removing the current
definitions,
or in reinstating the newest update subsequently.

I believe I have done this on Vista, but don't have a test box
with
Defender
and Vista on them to try it out again at the moment.

If this does not work, my approach would be to use the Windows
Installer
cleanup tool to remove JUST THE DEFINITIONS. However, I dislike
using
this
tool, and am not at all sure what it will show on Vista. You
want
to
be
absolutely sure you are removing just the definitions, and not
Windows
Defender itself, if that shows in the tool.


No luck with this either.

:

I would recommend:

Go to an elevated command prompt in the folder Windows
Defender
is
installed
in:
Start, all programs, accessories, command prompt.
Right-click
command
prompt, and choose "Run as Administrator" and then click
continue
to
assent
to the elevation.

cd \program files\windows defender

(You may need to change drive letters if you have more than
one,
and
Windows
Defender is installed on a different drive)

mpcmdrun -removedefinitions -all <enter>
mpcmdrun -signatureupdate <enter>

exit (to close the elevated command prompt window)

See whether that resolves the issue.

message
The Dell Tech and I tried running that utility, but it did
not
recognize
Defender. Defender also is not on the add/remove programs
list
in
control
panel. We found no way of removing it from the system. We
also
tried
reinstalling it, but it told us since I have Vista I
already
have
Defender.
Poor Dell guy was more frustrated than me. Please Microsoft
help!!!