[cherinacherine]

wFarbar Service Scanner Version: 04-11-2012
Ran by Gwei (administrator) on 04-11-2012 at 12:10:37
Running from "C:\Users\Gwei\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2008-01-20 21:48] - [2008-01-20 21:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-10-31 01:24] - [2009-08-14 13:05] - 1418840 ____A (Microsoft Corporation) 3BCD46BE9988B09D3510A0EF54F0D65B

C:\Windows\System32\dnsrslvr.dll
[2008-01-20 21:48] - [2008-01-20 21:48] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-10-02 21:23] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[Advertisements]

OK as I suspected windows is not writing the registry entry correctly

Go Start > Run
Type in Regedit and press OK
Navigate to the following key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windefend
Select sub key Parameters
Right click Service.dll select modify
In the box that opens remove the (x86) part only
You should be left with %ProgramFiles%\Windows Defender\mpsvc.dll
Click OK
Close out of regedit and then try windefender

[Essexboy]

OK as I suspected windows is not writing the registry entry correctly

Go Start > Run
Type in Regedit and press OK
Navigate to the following key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windefend
Select sub key Parameters
Right click Service.dll select modify
In the box that opens remove the (x86) part only
You should be left with %ProgramFiles%\Windows Defender\mpsvc.dll
Click OK
Close out of regedit and then try windefender

[cherinacherine]

There are two different control sets, ControlSet001 and ControlSet002, which one should I use?

[Essexboy]

Current control set please



[attachment=61348:Capture.JPG]

[cherinacherine]

Hi, sorry! I misread that part!

I did exactly what you said, but I'm still getting an error message.

[Essexboy]

could you run FSS again please

[cherinacherine]

Farbar Service Scanner Version: 04-11-2012
Ran by Gwei (administrator) on 04-11-2012 at 17:26:25
Running from "C:\Users\Gwei\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2008-01-20 21:48] - [2008-01-20 21:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-10-31 01:24] - [2009-08-14 13:05] - 1418840 ____A (Microsoft Corporation) 3BCD46BE9988B09D3510A0EF54F0D65B

C:\Windows\System32\dnsrslvr.dll
[2008-01-20 21:48] - [2008-01-20 21:48] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-10-02 21:23] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[Essexboy]

OK lets try windows repair.. When you try to start defender what error do you get ?

Download Windows Repair (all in one) from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished

[cherinacherine]

Sorry, probably a really obvious and silly question. I clicked the start button on the repairs tab, and it a pop up asked if I wanted to create a back up or restore point before I started. Yes or No?

[Essexboy]

Yes create a restore point

[cherinacherine]

How long do you think Window Repair will run before it's finished? It's been running for 4 hours now, and it's still on repair jobs 1/19. Is that normal?

[Essexboy]

First it will run SFC to scan your system files, then it proceeds to the various tasks

If it is stuck on the first one then stop the programme and re-run it (no need to do the restore or SFC)

[cherinacherine]

I'm not sure if it's still running SFC or not....this is what it looks like:

[Essexboy]

Stop it and re-run, deselect the first element .. Registry permissions and try again please

[cherinacherine]

YAY It worked! I did what you said, and after the restart, Windows Defender loaded!