# Windows Defender not updating through Windows Updates



## Cookiegal (Aug 27, 2003)

I have my Windows Updates set to notify me and then I check them and install them daily so they aren't downloded automatically. Since October 11th Windows Defender hasn't been appearing in Windows Updates. I've tried some troubleshooting so I'll give some history and explain what I've done so far without success.

October 11, 2021 was the last update of definitions I got through Windows Updates properly.

I didn't receive any on the 12th but it happens at times that there are none for a day so didn't think anything of it.

The next updates (not for Windows Defender) that did come through were:

October 13 - October 2021 Security and Quality Rollup for .Net Framework KB006763
October 13 - Windows Malicious Software Removal Tool x 64 (KB890830 as always)
October 13 - October 2021 Security Monthly Quality Rollup for Windows 8.1 x64 (KB5006714)

Still nothing for Windows Defender. I began to wonder why and was going to look into it but hadn't yet and then I got a pop up message saying my WD was out of date on the 18th. So I updated it manually from the user interface and thought that might trigger it to start working again and it seems it did because I received updates the proper way on :

October 19 - Windows Defender update came through updates as usual
October 20 - Again the update came through as usual

So I thought it was fixed but on the 21st I didn't get any again. I checked online to see what the latest version was and it was later than what I had so it had stopped working again.

At this point I ran the Windows Update troubleshooter. It said it fixed few things in the configuration so I thought that would take care of it but it did not.

So I started looking at other things to try. I went to the Microsoft download site and downloaded the definitions update file for the 64-bit version of Windows 8.1 and I thought it wouldn't work because it didn't seem to do anything when I clicked on it as I only had the circle for a couple of seconds but it turns out it did because WD was updated to the latest version after doing that. I thought that might fix the problem but it didn't either.

So I decided to check the Event Viewer for errors and there was one for Windows Updates which seems to indicate a problem with the Windows Update Agent. The Event ID: 25 error says "Windows Update failed to check for updates with error 0x8024000E". I checked to make sure I had the proper version of the Windows Update Agent (KB2919355) installed by verifying the version of the wuadeng.dll file and it was version 7.9.9600.19915 that was last updated on December 14, 2020 which seems to be the correct one.

I checked for updates manually from the Control Panel and then I got the following Information events in the Event Viewer for Windows Updates:

Event ID: 26 "Windows Update successfully found 0 updates
Event ID: 26 "Windows Update successfully found 7 updates
Event ID: 40 "An update was detected" (7 entries so I assume one for each of the 7 found updates).

The above all occur every time I run Windows Updates manually.

So that's where I'm at now. I know there are other measures to be done like stopping services and whatnot but thought I'd ask for some direction on the next steps to try. For sure malware is not an issue. I ran MalwareBytes and also used FRST to make sure there was nothing suspicious.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 8.1 Pro, 64 bit, Build 9600, Installed 20140310170059.000000-240
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 4600, 1024 MB
Hard Drives: C: 917 GB (795 GB Free);
Motherboard: LENOVO SHARKBAY, ver 0B98401 PRO
System: LENOVO, ver LENOVO - 1480, s/n MJ00CJ6B
Antivirus: Windows Defender, Enabled and Updated


----------



## Cookiegal (Aug 27, 2003)

I ran the troubleshooter again and the same message was found:

windows update components must be repaired

One or more Windows Updates components are configured incorrectly.

It says it repaired them but never seems to. I'll see if anything comes through tomorrow.


----------



## Gr3iz (Mar 9, 2009)

Shot in the dark -- Try running *sfc /scannow*.


----------



## Cookiegal (Aug 27, 2003)

That was going to be my next step if I didn't get any responses on things to try first. I've actually never run it on this PC so it might be a good time to do that.


----------



## Cookiegal (Aug 27, 2003)

However, I'm reading that it's best to run DISM.exe /Online /Cleanup-image /Restorehealth before sfc /scannow.


----------



## Gr3iz (Mar 9, 2009)

OK. I've been busy on and off throughout the day and meant to suggest it earlier, then forgot. I do that from time to time ... ;-)

<fingers crossed>


----------



## Cookiegal (Aug 27, 2003)

Those things take so long to run I may just try a system restore back to October 11th. 

I'm waiting for an Eset online scan to finish. I thought I'd do that as a last measure to check for malware. So far it's been running for quite a while and it hasn't found anything. I don't expect it to but thought it can't hurt.


----------



## Gr3iz (Mar 9, 2009)

Have you considered finally ditching Win8? ;-)


----------



## Cookiegal (Aug 27, 2003)

Gr3iz said:


> Have you considered finally ditching Win8?


Nope. Not until support ends unless I have no choice for some reason.


----------



## Cookiegal (Aug 27, 2003)

So I found this fix to run the following commands and tried it this morning:

net stop cryptsvc
net stop bits
net stop wuauserv
ren %systemroot%\softwaredistribution softwaredistribution.bak
ren %systemroot%\system32\catroot2 catroot2.bak
net start cryptsvc
net start bits
net start wuauserv

When I rebooted the computer as instructed after doing the above it took a long time to start back up with stuff running constantly. I couldn't access the Task Manager to see what was going on or even open the Control Panel for a good ten minutes until everything finally settled down (when I finally was able to open the Task Manager the disk was still showing at 100%). Then I got alerts Windows Defender was off! Finally got that sorted. Then I opened the Control Panel and searched for updates and got an error 8024A000. But I tried again a bit later and it searched for quite a while and this time is found updates so it may have worked. they are still downloading. It wiped out my update history though but I guess that's a small price to pay. I'll have to see now if updates start to be detected automatically again tomorrow.


----------



## Gr3iz (Mar 9, 2009)

<fingers crossed>

I think it took longer to reboot because it was recreating those folders you renamed. If you look now, you'll see that those folders that you renamed exist again, but the files within have been refreshed with backups that had been kept elsewhere.


----------



## Cookiegal (Aug 27, 2003)

I'm sure you're right about that Mark and it should start up fine the next time. 

That's got to be the most important part of the fix because I've run fixes that stop and start all of those services before and that didn't work. Like you said, fingers crossed. We'll know tomorrow morning.


----------



## managed (May 24, 2003)

I think Mark is correct about the folders and files being recreated and to do that it has to rebuild all the update information. I did similar steps a while back and it did take longer to restart.

Anyhow good luck for tomorrow Karen.


----------



## Cookiegal (Aug 27, 2003)

Thanks Allan.


----------



## Cookiegal (Aug 27, 2003)

So when I booted up this morning it took a while but it's because I hadn't rebooted after installing the updates that were detected. There were only two, one for Windows Defender and one for Edge. Funny thing, I tried to install Edge for Windows 8.1 last year but it failed because my PC froze during the installation so I had to abort it. Since I allowed the update, this morning Edge installed and I had to go through the set up steps for it. That's OK because I had wanted to have another browser just in case that was more reliable that Internet Explorer.

So far this morning it hasn't checked automatically for updates but I'm wondering if it's because I manually checked last evening and it's probably set to check every 24 hours or something like that. I checked on the Microsoft website for updates to Windows Defender and it showed a new one today for today at 7:24 a.m. and now it shows yet another for 9:24 a.m. The times are always ahead of when I check. I know there's a time difference but they are three hours behind me so when I checked at 6:59 a.m. it would have only been 3:59 a.m. there. So I don't understand the time thing.

I think I'll wait another 24 hours and not do any manual checking or updating of Windows Defender to see if it detects them tomorrow morning. It won't hurt to not have the latest definitions for a short period of time.


----------



## DR.M (Sep 4, 2019)

I just saw this.

I hope your issue got resolved, Karen, otherwise, there are some other things to try.


----------



## Cookiegal (Aug 27, 2003)

Thanks. I thought you were avoiding me.  Yeah, it's ironic but I may have to take a trip to you know where. 😉

I used FSS and I've downloaded SFCFix but haven't run it yet. I'm waiting to see what happens tomorrow.


----------



## DR.M (Sep 4, 2019)

> Thanks. I thought you were avoiding me.


Not my style at all! 

You can use FSS now again, now you think the problem is solved, to confirm there is nothing wrong with the related services. Copy/paste it for me to check.


----------



## Cookiegal (Aug 27, 2003)

So it didn't work. 

Farbar Service Scanner Version: 23-12-2020
Ran by Cookie (administrator) on 27-10-2021 at 09:34:17
Running from "C:\Users\Cookie\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


----------



## DR.M (Sep 4, 2019)

Karen, there are some weird things in the log.

Boot in* Safe mode*, and then please do the following:

*1. Restore services*

Download windows_update.reg and save it to your *Desktop.*
*Double-click* on the file, allow the information to be merged (Yes) and *restart *the computer.
*Repeat* the same two steps above for Windows_Security_Service.reg and web_proxy_auto-discovery_service.reg

*2. Run FSS again*

Restart in *normal mode.*
Right click on the tool icon and *run it as administrator, *as you did before.
Make sure *all the options* are checked.
Click on the *Scan *button.
It will create a log (*FSS.txt*) on your Desktop.
*Copy and paste* the log's content to your next reply.


----------



## Cookiegal (Aug 27, 2003)

I'm pretty sure there are things in the first regfix that are specific to Windows 10 and I'm running Windows 8.1.

Can you tell me what in the FSS log you find to be weird please?


----------



## DR.M (Sep 4, 2019)

Karen,

Thanks for that. I missed it.

I edited the post above, taking the links for the Windows 8.1.

These are weird:

The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".

[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

The dll for the wuauserv is not correct and the other two seem as they lost their digital signature.


----------



## Cookiegal (Aug 27, 2003)

Thanks. I'm actually not feeling very well so I may not get to this right away.


----------



## 2twenty2 (Jul 17, 2003)

Cookiegal said:


> Thanks. I'm actually not feeling very well so I may not get to this right away.


💐 hope you get better


----------



## Cookiegal (Aug 27, 2003)

Thanks Knuck.


----------



## Cookiegal (Aug 27, 2003)

So I decided to give it a go. I only did the first regfix because the other two and mine were already identical. There was a discrepancy in the first fix regarding "The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll" and that's been fixed now. But the other two issues remain. I don't know what the deal is with those.

New FSS log:

Farbar Service Scanner Version: 23-12-2020
Ran by Cookie (administrator) on 27-10-2021 at 18:02:06
Running from "C:\Users\Cookie\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


----------



## Cookiegal (Aug 27, 2003)

These two are not signed but the numbers shown are the MD5s:

[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) *501D5EFAB9711039479AE48401386D2B*

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) *80644B29E2B93A2967E72A3E0E948EA3*


----------



## DR.M (Sep 4, 2019)

Hi, Karen. I hope you are feeling better today.

The issue with Windows Update Service is fixed, but the service is not running. Go to Services, find Windows Update Service, double click and choose Start to start it.



> I only did the first regfix because the other two and mine were already identical. I don't know what the deal is with those.


The other two reg files I asked you to run are supposed to fix these issues, restoring the related services.


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> but the service is not running. Go to Services, find Windows Update Service, double click and choose Start to start it.


That is only because I don't have it set to install updates automatically but rather to downloand them and then let me decide to install them. If I change that setting to update automatically the service starts and this is what the FSS scan log looks like:

Farbar Service Scanner Version: 23-12-2020
Ran by Cookie (administrator) on 28-10-2021 at 09:12:42
Running from "C:\Users\Cookie\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

So the issue is still those two files and I haven't been able to figure that out yet. I won't do anything without suggesting it to you here first but I am researching to see if I can find the reason for the discrepancy on those two files.


----------



## Cookiegal (Aug 27, 2003)

I forgot to add that Windows update detected an update for Windows Defender automatically this morning like it should so hopefully that's been fixed. However, that happened before for a couple of days and then it stopped again so I'll post back if that occurs again.

But I'd still like help with those two files. BTW, I uploaded them both to Virus Total and they were clean.


----------



## DR.M (Sep 4, 2019)

It was expected to be clean. It happens sometimes some items to lose their digital signature. Resetting them (or replacing them) fixes the issue. Running the reg files, I believe will fix them.


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> It was expected to be clean.


Yes, I expected it too but thought it can't hurt to check just in case.

I've run the other two and there's no change.

Farbar Service Scanner Version: 23-12-2020
Ran by Cookie (administrator) on 28-10-2021 at 10:02:22
Running from "C:\Users\Cookie\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Policy: 
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


----------



## DR.M (Sep 4, 2019)

Karen,

Let's see what the Tweaking.com can do for that. I use to leave it at the end and most of the times it does the job regarding this kind of problems.

*Tweaking.com - Windows Repair Free Portable*

Download *Tweaking.com - Windows Repair Free Portable *from here: Tweaking.com - Windows Repair Free/Pro
Save the zip file on your Desktop.
Extract the content of the file on the Desktop.
Open the extracted folder, find Repair_Windows.exe and double click to run the program.
Accept the terms of use.
Jump to Repairs.
Open Repairs.
Make sure to put a tick next to these repairs: 1, 3, 5, 25
Start Repairs.
The computer may need to restart. If not, restart it.
After that, let's see another FSS log.


----------



## Cookiegal (Aug 27, 2003)

I'm not crazy about using that program to be honest. I would prefer fixes from within Windows or using commands to replace those files if possible although I'm not sure I have any viable copies of them. I was thinking of running DISM but I've never done that before.


----------



## DR.M (Sep 4, 2019)

Tweaking.com is a powerful tool we use, and as I said many times it effectively solves many related problems.

Not sure if DISM/SFC can solve the issue here, but you can try.

*Run Deployment Image Servicing and Management (DISM)*

Click on the *Start *button and in the search box, type *Command Prompt*
When you see Command Prompt on the list, right-click on it and select *Run as administrator*
Enter the command below and press on *Enter*;


```
DISM /Online /Cleanup-Image /RestoreHealth
```

Let the scan run until the end (100%). Depending on your system, it can take some time.
What is the result you got? 

*When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:*

Click on the *Start* button and in the search box, type *Command Prompt*
When you see Command Prompt on the list, right-click on it and select *Run as administrator*
Enter the command below and press on *Enter*


```
sfc /scannow
```

Let the scan finish.
You will normally get one of the following results:

```
Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation
```

What is the result you got?


----------



## Cookiegal (Aug 27, 2003)

Thanks. I'll get to it as soon as I can.


----------



## Cookiegal (Aug 27, 2003)

I'm going to wait another day or two before doing anything else. Windows Updates worked this morning and I had left the setting on install automatically so that's what happened. I will change it back to notify me and see if that still works.

As for the two unsigned files, it seems to be normal as not all MS files are signed. It could be specific to the OS and/or the date of installation. I had a Moderator check on his Windows 8.1 Pro and both of those files are unsigned as well.

Thanks for your help with this Panos.


----------



## DR.M (Sep 4, 2019)

> Windows Updates worked this morning and I had left the setting on install automatically so that's what happened. I will change it back to notify me and see if that still works.


It will work. 

As for the two files, I'll search about them a bit more.



> Thanks for your help with this Panos.


You helped too.


----------



## Cookiegal (Aug 27, 2003)

There are still some odd things in the Event Viewer regarding Windows Updates but they are just Information events. First after booting up Windows Updates says it's found 16 updates, then there are 16 events that say an update was detected. Then later when I checked for updates it found 5 update followed by 5 events saying an update was detected. But I seem to have all the required updates as Windows 8.1 is only getting the Security and Quality rollups and Windows Definitions now. I'm not too concerned about this but it does seem a bit strange.


----------



## DR.M (Sep 4, 2019)

Karen,

Regarding the two files, I asked a colleague, and it seems that the two files are indeed problematic. Not original Microsoft files.

You have to run DISM/SFC if you haven't already done that.


----------



## Cookiegal (Aug 27, 2003)

I've checked with a Moderator and a Trusted Advisor both running Windows 8.1 Pro and the same two files are not signed on their machines either. I know some are and some aren't and don't the reason why but everything is working now as it should and I know it's not malware-related so I'm going to hold off for the time being running SFC and DISM mainly because it's annoying to have to wait so long for them to complete and having to run SFC multiple times. I will be getting a new computer in a year anyway.

Thanks again Panos for your help with this matter.


----------



## DR.M (Sep 4, 2019)

Glad everything is working now. 

As for those files, I don't know what is happening (that's something we are searching about it), but in any case they have to be digitally signed. 

DISM/SFC don't take so much. Not more than an hour, both of them. And absolutely there is no need to run SFC multiple times.


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> that's something we are searching about it


Do you have someone looking into it further for me? If so thanks for that.

I've been told it's sometimes necessary to run SFC more than once as it may not be able to fix everything in the first run. But I'm not there yet anyway, we'll see if it finds anything first.


----------



## DR.M (Sep 4, 2019)

> Do you have someone looking into it further for me? If so thanks for that.


Yes, and it's something I would like to know the cause. 

SFC will not fix more things when is executed several times in a row. In the case the result is "Windows Resource Protection found corrupt files and successfully repaired them", you may want to check if a second run would result to this: "Windows resource protection did not find any integrity violations".


----------



## Cookiegal (Aug 27, 2003)

Thanks again.


----------



## Cookiegal (Aug 27, 2003)

BTW, if it might help finding the cause I will tell you the only discrepancies between the registry fixes and my own registry entries. I am quite familiar with the registry and have helped many people with registry fixes during my malware removal days so I used a hex editor to compare them. Only the Windows_Update one had two discrepancies.

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
Mine:
"RequiredPrivileges"=SeAuditPrivilege SeCreateGlobalPrivilege SeCreatePageFilePrivilege SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege SeIncreaseQuotaPrivilege 
instead of:
"RequiredPrivileges"=SeAuditPrivilege SeCreateGlobalPrivilege SeCreatePageFilePrivilege SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege SeIncreaseQuotaPrivilege *SeShutdownPrivilege*

Mine was missing the last one that I have bolded above.

and Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters
Mine:
My "ServiceDll"=C:\WINDOWS\system32\wuaueng.dll
instead of:
My "ServiceDll"=%systemroot%\system32\wuaueng.dll

Those are the only two differences in all of the three registry fixes. I ran them all even though the last two were identical to mine.


----------



## DR.M (Sep 4, 2019)

Thanks, Karen.

As I understand is that the possible problem has to do with the specific files and not necessarily with the related services. I will keep you informed.


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> As I understand is that the possible problem has to do with the specific files and not necessarily with the related services. I will keep you informed.


Thanks. It didn't detect the Window Defender Update this morning.  I had it set to download but let me choose whether to install them.


----------



## Cookiegal (Aug 27, 2003)

So I bit the bullet and ran SFC and it found problems. This was the report:

Microsoft Windows [Version 6.3.9600]

(c) 2013 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

I looked at the CBS log and didn't see any reference to corrupt files in the report.

So I ran DISM and it fixed something:

Microsoft Windows [Version 6.3.9600]

(c) 2013 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>DISM /Online /Cleanup-Image /RestoreHealth
Deployment Image Servicing and Management tool
Version: 6.3.9600.19408
Image Version: 6.3.9600.19397

[==========================100.0%==========================]

The restore operation completed successfully. The component store corruption was repaired.

The operation completed successfully.

I then ran SFC again and it no longer found any issues. However, those two file remain unsigned.


----------



## DR.M (Sep 4, 2019)

Microsoft updated the instructions for SFC to include the recommendation to run DISM first. From Use the System File Checker tool to repair missing or corrupted system files:



> If you are running Windows 10, Windows 8.1 or Windows 8, first run the inbox Deployment Image Servicing and Management (DISM) tool prior to running the System File Checker.


Actually, DISM will restore the image of the operating system, through which the SFC command will run to recover the corrupted files.

It's good that the corruptions are fixed.


----------



## Cookiegal (Aug 27, 2003)

Thanks Panos. it seems it's not working again. I see an error in the Event Viewer that the WU service is stopping.

Log Name: System
Source: Service Control Manager
Date: 2021-11-02 6:51:09 AM
Event ID: 7034
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Cookie-PC
Description:
The System Update service terminated unexpectedly. It has done this 1 time(s).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7034</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-11-02T10:51:09.959725900Z" />
<EventRecordID>256535</EventRecordID>
<Correlation />
<Execution ProcessID="616" ThreadID="3028" />
<Channel>System</Channel>
<Computer>Cookie-PC</Computer>
<Security />
</System>
<EventData>
System Update
1
<Binary>5300550053006500720076006900630065000000</Binary>
</EventData>
</Event>


----------



## Macboatmaster (Jan 15, 2010)

Hope you do not mind me posting on this thread
I am puzzled you say


Cookiegal said:


> I checked to make sure I had the proper version of the Windows Update Agent (KB2919355) installed by verifying the version of the wuadeng.dll file and it was version 7.9.9600.19915 that was last updated on December 14, 2020 which seems to be the correct one.


The latest version of the Windows Update Agent for Windows 8.1 is 7.9.9600.16422. as of September this year
Update Windows Update Agent to latest version - Windows Client | Microsoft Docs

albeit the version shown can be confusing as different versions are listed on different aspects of the update components in windows.

I would however recommend if you have NOT done so that you check you have the latest version by either configuring automatic updates which will check itself and install the latest version

To download the Windows Update Agent automatically, follow these steps:


Turn on automatic updating. Follow these steps, for the version of Windows that you are running.
Windows 8.1 or Windows 8
Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving up the mouse pointer), tapping or clicking *Settings*, tapping or clicking *Control Panel*, and then tapping or clicking *Windows Update*.
Tap or click *Change settings*.
Under *Important updates*, choose *Install updates automatically*.
Under *Recommended updates*, select the *Give me recommended updates the same way I receive important updates* check box, and then select *OK*.



OR installing it manually from the link


----------



## DR.M (Sep 4, 2019)

Hi, Karen.

It seems that those two files in the FSS log were shown as un-signed due to a FSS bug. According to Farbar this has been fixed.

You can run the FSS now and post here the new log.

In addition, I recommend you to run the Windows Update Troubleshooter.

Read the first part of this article to see how to run the Troubleshooter, if you didn't already run it.  
How to Fix Windows Update When It Gets Stuck or Frozen (howtogeek.com)


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Hope you do not mind me posting on this thread


Of course not. 

Here's a screenshot of it:










I already changed Windows Updates to update autmatically several times during my troubleshooting and it didn't change the version of the file.


----------



## Macboatmaster (Jan 15, 2010)

Look please at the link in post 52
where you will see this


> The latest version of the Windows Update Agent for Windows 8.1 is 7.9.9600.16422.


as of September this year.
If the link details are correct then how you get that listing on your screenshot for yours is a puzzle to me at this time.
If the Mod has 8.1 running and can check his it would save me having to swap drives again
The 8.1 drive is not even in the tower as is triple boot with 11, 10 and Linux.

and leaving the other drive in makes the boot procedure too complicated to configure, as the 8.1 also has Linux


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Look please at the link in post 52


Yes I did look at it. Thank you.

I'm asking the Moderator and will report back what their version is.


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> You can run the FSS now and post here the new log.


Thanks, yes it's been fixed now.


DR.M said:


> Read the first part of this article to see how to run the Troubleshooter, if you didn't already run it.


Yes, I already ran it. Thanks.


----------



## Cookiegal (Aug 27, 2003)

FSS and FRST both show those files are signed but PowerShell within Windows says they are not signed.


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> If the Mod has 8.1 running and can check his it would save me having to swap drives again


The Moderator checked and his is the same version as mine.


----------



## Cookiegal (Aug 27, 2003)

Just so you all know, I'll be away from my computer for an hour or so. I appreciate all of the help on this.


----------



## Macboatmaster (Jan 15, 2010)

I have lost the detail now in my memeory of exactly when you did and when you did not have defender definition updates delivered from automatic windows updates.
I know I could read through the thread again , but to save me doing that, I am am sure you will know.

Does this cover the circumstances please
==================================
*With Windows 8.1, the Defender automatic update with this operating system only occurs once every 24 hours*, so if you're performing a manual update before 24 hours has elapsed you might believe that the automatic update isn't working.

The reason this isn't a problem with any Microsoft installed security app like Defender is that there is also a built-in dynamic signature service designed to automatically perform individual signature updates if an unknown potentially malicious item is detected by behavioral or other activity monitoring. In such a case, the MAPS setting in Defender determines whether Defender can auto-upload the necessary information to Microsoft's servers to determine whether the detected activity might be malicious, potentially allowing the MAPS servers to provide a new set of definitions specifically designed to deal with that item if it's deemed malicious.

With Windows Defender, since the dynamic and automatic nature of both the MAPS system and extensive real-time monitoring that was added in Windows 8 made repetitive update and scan methods unnecessary.

MAPS
Manage Privacy: Windows Defender and Resulting Internet Communication | Microsoft Docs


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> I have lost the detail now in my memeory of exactly when you did and when you did not have defender definition updates delivered from automatic windows updates.


I don't remember either because I've changed it so many times. My setting of choice was always to Download Updates but let me choose whether to install them. Then every morning like clockwork when I checked Windows Update it would say one important update for Windows Defender and I would tell it to install it. It's worked that way for years until it suddenly stopped on October 12th. In troubleshooting I changed it to automatically install them and also the other option of just checking for updates and letting me decide whether to download and install them.

All I can tell you is that when I switch to automatic at least once it worked and WD was updated automatically but it didn't work every day.

I did assume Windows Updates runs only once every 24 hours and that if I run it myself in between that may extend the period but I've waiting more than a day at times and it still didn't work. We'll see if it works tomorrow.

I'm still getting that event ID 7034 error saying that the System Update service terminated unexpectedly. And I have researched it but still can't seem to find a solution for it. I've been getting that error since June 2nd but the updates issue only started on October 12th.


----------



## Macboatmaster (Jan 15, 2010)

Try this

*2. Remove installed Virus Definitions*

Start Command Prompt as Administrator -

cd %ProgramFiles%

cd "Windows Defender"

mpcmdrun.exe -removedefinitions -all

exit

++++++++++++++++++
Then try check for updates - ON windows updates - not on Defender


----------



## Cookiegal (Aug 27, 2003)

Thanks. I'll try that tomorrow. I want to wait and see if it works properly tomorrow morning.


----------



## DR.M (Sep 4, 2019)

Karen,

It seems that there is nothing wrong with those files. According to our colleague, maybe something specific about catalogs of the files or their indirect signatures makes some tools do not get them right. It also seems that also VirusTotal can't detect their signatures unlike for other files.

I would not worry about those.


----------



## Cookiegal (Aug 27, 2003)

Thanks Panos.

Windows Update is still not detecting Windows Defender updates but I guess I'll just have to live with that and update it manually. I can't find any rhyme or reason to it.


----------



## DR.M (Sep 4, 2019)

Karen,

What is the status of the Windows Defender Service (WinDefend) in Services?


----------



## DR.M (Sep 4, 2019)

Also, did you try Mcboatmaster suggestion above?


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> What is the status of the Windows Defender Service (WinDefend) in Services?


It's running and set to automatic start.


DR.M said:


> Also, did you try Mcboatmaster suggestion above?


Not yet. I will try it later today.

To elaborate, Windows Update runs when I first boot up and it find 5 updates that I've hidden (this doesn't show on the Windows Update page in the Control Panel but I can see it in the Event Viewer) but it doesn't find the WD definitions update.


----------



## Macboatmaster (Jan 15, 2010)

Sometimes a previous definition update MAY stop on occasions windows updates offering further definition updates that is the reason I suggested deleting the definitions and then running an update check on windows
It requires a restart after the cmds before checking

What are the hidden updates as it MAY be one of those - that is the problem - unlikely but it has been known before


----------



## DR.M (Sep 4, 2019)

If the above suggestion fails, these are my two suggestions:

*1. Reset Windows Components*
(You already did that, I have something different in the script and used FRST for that)

Please do the following to run a FRST fix.

*NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*

Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.


```
Start::
CreateRestorePoint:
CloseProcesses:
Startbatch:
net stop wuauserv
net stop bits
rename c:\windows\SoftwareDistribution SoftwareDistribution.bak
Pushd C:\Windows\System32
FOR /R %i IN (*.dll ) DO  regsvr32.exe /s %i
popd
net start wuauserv
net start bits
Endbatch:
EmptyTemp:
End::
```

*Please right-click on FRST64 on your Desktop,* to run it as administrator. When the tool opens, click *"yes"* to the disclaimer.
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* on your Desktop.
*Please post the log in your next reply.*

*2. Run Tweaking.com*

I gave instructions here: 
https://forums.techguy.org/threads/...-through-windows-updates.1269412/post-9850139

The Repairs to choose: 1, 3, 5, 25, 16, 26, 28


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> What are the hidden updates as it MAY be one of those - that is the problem - unlikely but it has been known before


They were all shown as optional before I restored them and after I restored them one was marked important.

Important 
Western Digital (WDC_SAM) November 30, 2017 (this appeared after I connected my new WD external drive and I didn't install it.

Optional
KB3102429 - something to do with foreign languages that I didn't need
Mar. 21/17 - Intel net Driver update
Aug. 21/17 - Intel Graphics Adapter update
Oct. 3/17 - Intel System driver update


----------



## Macboatmaster (Jan 15, 2010)

Cannot see it being any of those


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Cannot see it being any of those


I didn't think so either.

I'm going to remove the definitions but I won't run the FRST fix yet as I don't want to do two things at a time. I'll wait to see if the first things fixed the problem or not.

I think I can just run the command with the full path rather than changing directories all the time, right? So it would just be:

C:\%ProgramFiles%\Windows Defender\mpcmdrun.exe -removedefinitions -all


----------



## Macboatmaster (Jan 15, 2010)

I presume so


----------



## Cookiegal (Aug 27, 2003)

It didn't recognize "Program Files" which I used instead of %ProgramFiles% so I just went ahead and changed the directories and ran the command successfully. I got alerts that WD wasn't up to date.

I rebooted.

Windows Defender must have automatically updated itself because there were no alerts plus when I opened WD it showed it was updated yesterday. So then I ran Windows Update and it did find a new one for WD so I installed it.

What I find odd is the version of the update I installed is 1.353.495 which is newer than the one showing on the Microsoft WD Update page which is 1.353.487 but I guess they just haven't updated the page yet to reflect this latest one.

So now I'm not sure when Windows Update will check again, whether it will be at boot tomorrow morning or only in 24 hours. If it doesn't tomorrow morning I will not run Windows Updates manually but will wait one more day to see if it starts working properly.


----------



## Macboatmaster (Jan 15, 2010)

Not according to my check


Version: 1.353.495.0
Engine Version: 1.1.18700.4
Platform Version: 4.18.2110.6
Released:* 11/5/2021 9:17:16 PM*
Documentation: Release notes
but of course perhaps on your earlier check it did not show.
Also I am sure you will agree and perhsps I am stating the obvious, but perhaps, there may not just be another update tomoorow morning, so I would just wait to see if you get the latest shown on the site where you checked 
Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence

at the next period of 24 hrs


----------



## Cookiegal (Aug 27, 2003)

So they must have updated that page shortly afterwards. I always check that link to see if there are updates.

They always shows updates issued with times that are in the future which is weird. I know another user has questioned this. For instance, right now they show:

Version: 1.353.528.0
Engine Version: 1.1.18700.4
Platform Version: 4.18.2110.6
Released: 11/6/2021 9:45:30 AM
But it's only 8:30 a.m. here. Seattle is three hours behind us so if it's 9:45 a.m. there it should be 12:45 p.m. here. Go figure.  But for sure there would have been other updates issued in between.

Anyway, Windows Update did not run this morning to check for updates. I suspected it wouldn't since I ran it yesterday around supper time. So I will wait until tomorrow to see if it runs after I boot in the morning as it should.


----------



## Macboatmaster (Jan 15, 2010)

Will wait to hear from you


Cookiegal said:


> So they must have updated that page shortly afterwards. I always check that link to see if there are updates.


Indeed that was what I thought



Macboatmaster said:


> but of course perhaps on your earlier check it did not show.


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Will wait to hear from you


I will certainly report back. Thanks.


----------



## Cookiegal (Aug 27, 2003)

So whenI logged on this morning Windows Update didn't run but it said it had run yesterday at 2:31 p.m. but I did not manualy run Windows Updates at all yesterday.

Then it finally did run on its own this morning at 7:27 a.m. and said there were no updates available. Windows Defender hasn't been updated since November 5th. 

I wonder if it would be worth trying to do a system restore to October 10th or 11th, the last time it was running correctly. I know it's a bit far back to go though.

But I'll try DR.M's fix using FRST first.


----------



## Cookiegal (Aug 27, 2003)

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-11-2021
Ran by Cookie (07-11-2021 12:47:23) Run:5
Running from C:\Users\Cookie\Desktop
Loaded Profiles: Cookie
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Startbatch:
net stop wuauserv
net stop bits
rename c:\windows\SoftwareDistribution SoftwareDistribution.bak
Pushd C:\Windows\System32
FOR /R %i IN (*.dll ) DO regsvr32.exe /s %i
popd
net start wuauserv
net start bits
Endbatch:
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.

========= Batch: =========

========= End of Batch: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64337419 B
Java, Flash, Steam htmlcache => 1510 B
Windows/system/drivers => 7580173830 B
Edge => 0 B
Firefox => 1107363732 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 43554 B
systemprofile32 => 43682 B
LocalService => 431982 B
NetworkService => 2870790 B
Cookie => 188592135 B

RecycleBin => 1768701207 B
EmptyTemp: => 10 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:50:18 ====


----------



## Macboatmaster (Jan 15, 2010)

IF it does not work - the FRST I suggest you run this log collector, send me a copy and DR.M and no doubt you will wish to examine it yourself and see what we can find
I would not think a system restore is a good measure
If it were me - I would go - IF we reach that stage for a windows repair install which keeps everything, but reinstalls windows

If you like the idea here is the log collector
run it as shown and attach zip to reply


Save log collector *.zip* to where (downloads for example) you want.
Right click on log collector in the Downloads folder and select Extract all - to desktop for instance
right click - run as admin and as shown on the cmd window press any key to start
after the cmd window/ powershell window indicates completion it will tell you a zip file is on the desktop
press any key to close cmd window
and attach zip to post please


----------



## Macboatmaster (Jan 15, 2010)

Cookiegal said:


> 10 GB temporary data Removed.


that seems an unusally large temp data to have on your system


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> that seems an unusally large temp data to have on your system


I empty the Temp folder and clear browser caches regularly.

I looked at System Restore and it's not an option anyway. There are only two restore points, one from today and one from October 31st which was after the problem began. It was set to only 1% max so I increased that to 5% because I'd like it to save a few more restore points. I have plenty of unused space on my hard drive.

Thanks for the tip about the Log Collector. I will probably run it and see what it shows.


----------



## DR.M (Sep 4, 2019)

Before reset/repair >>> Tweaking.com.


----------



## DR.M (Sep 4, 2019)

> If it were me - I would go - IF we reach that stage for a windows repair install which keeps everything, but reinstalls windows


Not sure if this will work on Windows 8.1. What do you think, Macboatmaster?


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> Before reset/repair >>> Tweaking.com.


I will wait now and see if the FRST fix did the trick or not. Thanks.


----------



## Macboatmaster (Jan 15, 2010)

DR.M said:


> If it were me - I would go - IF we reach that stage for a windows repair install which keeps everything, but reinstalls windows
> Not sure if this will work on Windows 8.1. What do you think, Macboatmaster?


do you mean my suggested repair install from within windows as you would on 10
by clicking setup on the mounted iso
or indeed on the usb
BUT from within windows

If so, yes I do think it will work, otherwise I would not have suggested it
That said, I would certainly not try it without a full Macrium free - system image on an external drive
but then
that is just me, as I would not try Windows repair all in one without the same - a full image

Neither of them - all but very seldom goes wrong, but then if they do go wrong good style - a RP is not a lot of use, if it cannot be accessed
Even via settings and recovery it still rleies on the C drive being accessible and readable, whereas of course, as you know, the system image does not as it can be restored via the Macrium recovery USB etc.


----------



## Cookiegal (Aug 27, 2003)

Here's my Log Collector zipped file. Thanks for offering to look at it.


----------



## Macboatmaster (Jan 15, 2010)

I will have to examine the logs further but I cannot believe this is correct
MpKsl3e164fd MpKsl3e164fd9 MpKsl3e164fd9 Kernel Manual Running OK TRUE FALSE 16,384 12,288 0 *1977-06-10* 10:25:47 AM \??\C:\ProgramData\Microsoft\Windows Defender\De 4,096 
see your log - drivers - just double click to open it


----------



## Cookiegal (Aug 27, 2003)

I did see that in the logs. The entry is actually incomplete because the name of the folder is supposed to be Definition Updates. I don't know why it says 1977 or why there are question marks at the beginning of the path either and I don't see anything with a size of 4,096 in any of the sub-folders.


----------



## Macboatmaster (Jan 15, 2010)

I have had a quick look at the logs and apart from what i mentioned above and reported failures of updates there is nothing that jumps out at me
I have not examined the dump files as they are - as you know from 2014/15 so will be meaningless
April, June and July 2014
December 2015

I will post back when I have examined them more carefully


----------



## Cookiegal (Aug 27, 2003)

Thanks. I will be out for an hour or so as well.


----------



## Macboatmaster (Jan 15, 2010)

This is a little of a shot in the dark - so to speak
You have
Classic Start Menu "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun

It is just possible that the Classic start menu is the cause of the problem.
The fact it was in use when updates were working, does NOT IMHO mean that it is not now the cause of the problem.

The possible situation is too complicated for me to really understand it or ineed to explain it in detail

Certain processes are allowed only when some aspects of the system controlled by - system access controlled lists are met

It MAYBE that a windows security update ( not a udate for defender) has caused the problem to raise its head with the use of the classic start menu

I suggest it is easier to uninstall classic start menu to test my possible theory.

===============================
The ?? as far as I can ascertain is because the main Defender files are in Programs, as against in program data
I did not know before but that is the best information I can find


----------



## Cookiegal (Aug 27, 2003)

Thanks for reviewing all of that information and letting me know your thoughts. But I can't do without Classic Shell. I hate the tiles in Windows 8.1. If I uninstall it I may not be able to install it again as I understand it's no longer supported. I'd rather manually update WD every day if necessary. I switched my Windows Updates to Automatic just to see if the updates get installed tomorrow morning. I had tried that before but I've run some fixes suggested here since so you never know. 

But what do you make of the 1977 in the log regarding Windows Defender in the Definitions Updates folder? Do you think that is caused by Classic Shell? But the Log collector didn't see to complete that entry which is also strange like it couldn't read it or something.


----------



## Macboatmaster (Jan 15, 2010)

Cookiegal said:


> But what do you make of the 1977 in the log regarding Windows Defender in the Definitions Updates folder? Do you think that is caused by Classic Shell? But the Log collector didn't see to complete that entry which is also strange like it couldn't read it or something.


I have no idea

IMHO


Cookiegal said:


> install it again as I understand it's no longer supported


that alone is even more reason to uninstall it.

I do appreciate where you stand on this, but IMHO it is time to bite the bullet
there is history of classic start menu - causing really serious problems on 10
I believe that is due to various windows processes not finding files or perhaps a better word is aspects of files where it expects to fnd them.
I know of course you are not on 10 - yet.
I mention it only in case you had not realised that there is IMHO no way you can use classic start on 10 or 11 and expect troublefree operations.

Good luck with it

I wish to stress that I am not leaving the thread due to your unwillingness to uninstall classic start menu, but becuase I have no other ideas to offer

Take care. Best wishes


----------



## Cookiegal (Aug 27, 2003)

Thanks, I appreciate everything you've done. I think I'm going to just have to leave it the way it is and update manually. I only have one year to go before I will be buying a new computer so it's not a huge deal, as long as nothing else breaks in the meantime.


----------



## Macboatmaster (Jan 15, 2010)

Good luck as I said.
Sorry I could not solve it for you
*Has DR.M not offered any opinion on the logs.*
I was surprised to see the number of entries for the
Process C:\Program Files (x86)\Lenovo\*PowerMgr\PWMDBEXE.exe (process ID:4488) reset policy scheme* from {3AE2AF9E-4C02-482B-BC2A-0C2C4E754BD7} to {3AE2AF9E-4C02-482B-BC2A-0C2C4E754BD7}

but I do not know what it means.
The DM log collector does not register the application event viewer logs
It may be worthwhile checking those..

Goodnight.


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Has DR.M not offered any opinion on the logs.


No he hasn't but it's a lot of information to go through and while I appreciate that you did that no one is obligated to go to that extent. 

I don't know what to make of that PowerMgr entry. What section was that under?

Yesterday I had changed the settings for Windows Updates to Automatic and this morning Windows Defender updated itself at 7:02 a.m.. Windows Update ran before that at 6:54 a.m. and eight minutes seems like too long a time to believe that Windows Update found it plus the Event Viewer only shows it finding the 5 hidden ones. I guess WD updates itself.

I just don't like leaving it on automatic but I guess it doesn't really matter now since Windows 8.1 is only receiving Security and Quality Rollups. We don't even get previews any more and those are the things I didn't want to download because they sometimes caused issues so I would wait for the actual rollup.


----------



## Macboatmaster (Jan 15, 2010)

Well presumably you are using the Lenovo power scheme
which of course you could verify in control panel power options 
The entry came from the event logs 
just click edit and find and then enter 
Lenovo
as search term 

I am sure you have seen that the most recent entries are at the end of the log
the last one is here
Log Name: System
Source: Microsoft-Windows-UserModePowerService
Date: 2021-11-08T10:28:14.363
Event ID: 12
Task: N/A
Level: Information
Opcode: Info
Keyword: N/A
User: S-1-5-18
User Name: NT AUTHORITY\SYSTEM
Computer: Cookie-PC
Description: 
Process C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBEXE.exe (process ID:4024) reset policy scheme from {3AE2AF9E-4C02-482B-BC2A-0C2C4E754BD7} to {3AE2AF9E-4C02-482B-BC2A-0C2C4E754BD7}

I AM NOT suggesting, as I said that this is a problem, or that it relates to the update problem, but I cannot undertand why it keeps recording a reset


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Well presumably you are using the Lenovo power scheme


I guess so because it says I'm using the Lenovo ThinkCentre Default.

But I think you're onto something.

Remember I mentioned the event log error I get every day no. 7034 saying the Windows Udate Service has terminated unexpectedly and I've been getting since June 2nd? That coincides with the day I installed my new APC Back up battery.

I just now opened the PowerChute software and tried to check for updates and it says it couldn't update and to check my Internet connection, so something may not be hooked up correctly.

Also, every day I get PowerEvent handled successfully by the service (id no. 0) for APC Data Service right after I boot up. Any thoughts?


----------



## Cookiegal (Aug 27, 2003)

Apparently the error from the PowerChute software is normal when it's up to date and there are no updates available:

https://www.se.com/au/en/faqs/FA404515/

But the fact remains the problem with Windows Update terminating start on the same day I connect the APC even though I didn't start having problems with Windows Defender until october 12th.


----------



## Macboatmaster (Jan 15, 2010)

I saw that entry regarding the power event in the logs


Cookiegal said:


> Also, every day I get PowerEvent handled successfully by the service (id no. 0) for APC Data Service right after I boot up.


I honestly do not remember this


Cookiegal said:


> Remember I mentioned the event log error I get every day no. 7034 saying the Windows Udate Service has terminated unexpectedly and I've been getting since June 2nd? That coincides with the day I installed my new APC Back up battery.


Perhaps I missed it with using the other thread and then posting on this thread later.

I am sorry but I do not have any clues to offer on the connection or setup of the APC

I will be extremely pleased for you if I have found something that solves it when you get that connection and setup sorted 
It will be nothing more really than as I mentioned in post 99


> I was surprised to see the large number of entries for the apparent rest of the power policy scheme


----------



## DR.M (Sep 4, 2019)

I can't say much or connect the logs' results with the issue.

Actually, there were some issues regarding the computer:

1. The wrong path for the Windows Update Service
2. The corrupted files which the SFC fixed
3. The choice for not automatic updates > for me it's important for the Defender and its updating

Since the 3 above are now fixed/changed, and since Karen said that today everything was fine, I believe that currently the problem is resolved. However, if the problem appears again, I would follow again the same checks/fixes regarding the above.


----------



## Cookiegal (Aug 27, 2003)

Panos, I agree with 1 and 2 but 3 was never an issue until October 12th. 

I always had them set to download but ask me whether or not to install and it's been that way for years.

I appreciate eveything you've done as well for me very much.

So now, I guess I should start a new thread about the APC error issue since it's a different matter. But I think it may resolve the other problem at the same time.


----------



## DR.M (Sep 4, 2019)

> Panos, I agree with 1 and 2 but 3 was never an issue until October 12th.


I have no idea if the combination of the 3 matters.



> I appreciate eveything you've done as well for me very much.


You are very welcome. I wish I could help more effectively.


----------



## Cookiegal (Aug 27, 2003)

I just wanted to add that I found out what this error belongs to (not the cause though). It's not Windows Update it's the Lenovo System Update Service.

Log Name: System
Source: Service Control Manager
Date: 2021-11-08 6:48:41 AM
Event ID: 7034
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Cookie-PC
Description:
The System Update service terminated unexpectedly. It has done this 1 time(s).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7034</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-11-08T11:48:41.158766800Z" />
<EventRecordID>257190</EventRecordID>
<Correlation />
<Execution ProcessID="648" ThreadID="1984" />
<Channel>System</Channel>
<Computer>Cookie-PC</Computer>
<Security />
</System>
<EventData>
System Update
1
<Binary>5300550053006500720076006900630065000000</Binary>
</EventData>
</Event>


----------



## Cookiegal (Aug 27, 2003)

Interesting. This morning even though I have Windows Updates now set to download and install automatically, when I visited Windows Update through the Control Panel there were four waiting to be installed and Windows Defender was one of them. I told it to install them, rebooted and they installed. Strange but true.


----------



## Macboatmaster (Jan 15, 2010)

I know this sounds a rather silly question, but how long had the computer been ON and online before you checked

If they had been downloaded and were only waiting to be installed then that is standard procedure, as if you were using the computer - windows will not generally install the updates until the system is idling and on 8.1 during the maintenance window

If you look underneath the small pane for install updates automatically
or of course underneath that when you click the drop down arrow, I think you will see
*updates will be automatically installed during the maintenance window*

then of course you need to set maintenance at a time to suit you
You can customize the time that downloaded updates are installed. In Windows 8, this is behind the *Updates will be automatically installed during the maintenance window* link


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> I know this sounds a rather silly question, but how long had the computer been ON and online before you checked


Probably about 20 minutes.

Maintenance is schedule to run at 3:00 a.m. Obviously it can't because the computer is shut down every night.

I guess that explains some information events in the Event Viewer saying that some maintenance things are behind schedule.

There were also errors saying Windows Defender has encountered an error trying to update signatures but they did eventually get updated.


----------



## Macboatmaster (Jan 15, 2010)

Cheers
Sorry to labour the point but if I am correct and you have the mentioned entry


Macboatmaster said:


> updates will be automatically installed during the maintenance window


then if you set maintenance for - say one hour before you normally wish to use the computer and then turn it on at that time
OR indeed a one hour slot to suit you - I think you will find that all goes well

Personally I disabled maintenance on my 8.1 and I just maintained it myself
It was I think, a never liked feature of 8.1


----------



## Cookiegal (Aug 27, 2003)

Yes, it says they will be installed during maintenance.

Note that I don't usually have it set that way, I've always had it set to downloand them but let me decide whether or not to install them. What's strange is that's how it worked this morning. I'm leaving it this way for now and will see what happens over the coming days.


----------



## Macboatmaster (Jan 15, 2010)

I apologise if necessary for labouring the point


Cookiegal said:


> I told it to install them, rebooted and they installed. Strange but true.


It is not IMHO strange


Cookiegal said:


> What's strange is that's how it worked this morning.


You had set it automatic
Automatic on 8.1 means they will be downloaded and the installed on automatic maintenance period
However because you then checked and told it to install them it did so.

Had you not have checked it would have installed them on the next occasion automaic maintenance run.

It is as I said no use you leaving auto maiontenance to run at a time for you when the computer is OFF
as if you do so, it will simply run the next time it has opportunity to do so.

You need to either set auto maintenacne for a period as I suggested
*It is recommended to leave Automatic Maintenance enabled to let it run automatically at a time you set when the PC is running and you're not using it.*

or do as I did and disable it.


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Had you not have checked it would have installed them on the next occasion automaic maintenance run.


OK but since it's set to run maintenance at 3:00 a.m. wouldn't it do so right after a boot in the morning?


Macboatmaster said:


> It is recommended to leave Automatic Maintenance enabled to let it run automatically at a time you set when the PC is running and you're not using it.


There is no specific time during the day that I'm not on the computer. I'm on it most of the day. I guess the exception could be supper time.

This is all new to me since I prefer to have them wait for me to telll them to download but that's not working any more.


----------



## Macboatmaster (Jan 15, 2010)

All you need to do is to set the maintenance as below


Macboatmaster said:


> then if you set maintenance for - *say one hour before you normally wish to use the computer and then turn it on at that time*
> OR indeed a one hour slot to suit you - I think you will find that all goes well


and turn it on for that one hour before you would normally use it


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> and turn it on for that one hour before you would normally use it


OK, thanks.


----------



## Macboatmaster (Jan 15, 2010)

How did it go - with maintenance turned on for the hour you chose


----------



## Cookiegal (Aug 27, 2003)

I haven't done that because I've never changed it and didn't have a problem before. I see some errors in the eventlog.txt that seem to be relevant that I want to research but haven't had time to yet. Besides, I'm no longer set to install updates automaticall, I put it back to my preference to install but let me choose. Every morning I update WD manually.


----------



## Cookiegal (Aug 27, 2003)

Sorry I meant the updatelog.txt file.


----------



## Macboatmaster (Jan 15, 2010)

Cheers
I will leave you with it
If it works for you updating it as you wish thenperhapos that is the easiest


----------



## Cookiegal (Aug 27, 2003)

I just thought I'd post an update here. I did change the time for the maintenance to 7:00 a.m. I get up around 6:45 a.m. and always start the computer and then it sits for an hour and a half while I program my PVR for the day and watch my morning news show while having breakfast. 

Nothing changed for about two weeks and I had to update WD manually every day. Then all of a sudden about five days ago WD updated automatically three days in a row. One of those times it came through Windows Update but the other two times WD updated itself after Windows Update had run and not detected any updates. Then the fourth day I had to update it manually again, then today WD updated itself but not through Windows Updates. So there's no rhyme or reason or consistency to it. I suspect something that starts up perhaps at different times each day is interfering and have tried to figure out what by comparing the Log Collector Event Viewer update but can't find the culprit. It's not a big enough problem to spend a lot more time trying to figure out. So I just check every day to be sure WD is up to date and if not do it manually.


----------



## Macboatmaster (Jan 15, 2010)

I do not think anything is wrong, as I mentioned earlier in the thread
Windows update will only offer a Defender update every so often, when an update of particular note is issued
whereas Defender update will always update if there is one available
I should add that Defender will also update -before a scheduled scan - which may well account for 


Cookiegal said:


> . One of those times it came through Windows Update but the other two times WD updated itself after Windows Update had run and not detected any updates.


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Defender update will always update if there is one available


But it doesn't always and I have to update it manually.


----------



## Macboatmaster (Jan 15, 2010)

I meant
Defender on a manual check for updates.
I have added to my previous post


----------



## Cookiegal (Aug 27, 2003)

OK I understand but that's not always happening either. MS updates Windows Defender several times a day so there are always updates available in the morning when I first log on. According to the event logs, WD always does its scan without fault but only once in a while it does show that WD was updated before the scan started but not every time. It's just not typical behaviour like it was before. I never had more than one day go by without an update for WD and they always came through Windows Updates every morning. I would go to the Control Panel, see the update there and click to install it (it was always already downloaded and waiting because that's the option I had chosen).


----------



## Macboatmaster (Jan 15, 2010)

Well 
I do not really know what to suggest other than the obvious - as you say


Cookiegal said:


> So I just check every day to be sure WD is up to date and if not do it manually


The reason I say - I do not really know is because, you are not keen on a repair install of W indows, neither are you keen on trying without classic shell - (in case as you say it will not then reinstall - but of course it is no longer supported and has been replaced with Open Shell)

The only trial option that comes to mind is a test clean boot and see if then updates - just in case you are correct on the 


Cookiegal said:


> I suspect something that starts up perhaps at different times each day is interfering and have tried to figure out what by comparing the Log Collector Event Viewer update but can't find the culprit.


presuming that it is not another Microsoft process.
Have you had a look at autoruns
to see if you can find anything


----------



## DR.M (Sep 4, 2019)

Karen, how do you update the WD manually? What exactly you are doing?


----------



## Macboatmaster (Jan 15, 2010)

DR.M said:


> Karen, how do you update the WD manually? What exactly you are doing?


I would bet it is - 
updates
on the GUI


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> Have you had a look at autoruns
> to see if you can find anything


No but I might give that a try. I know MS Edge updates itself every day and I'm wondering if that's the problem because I haven't had it installed that long although it was months before this issue arose.


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> Karen, how do you update the WD manually? What exactly you are doing?


Yes Malcolm's right from within the WD Interface mainly because I'm already there checking to see if it's up to date.. However, I have on at least two occasions downloaded from the MS site in the hopes that might fix the issue but it didn't.


----------



## Macboatmaster (Jan 15, 2010)

autoruns
Autoruns for Windows - Windows Sysinternals | Microsoft Docs


----------



## DR.M (Sep 4, 2019)

Karen,

I don't think that something at start-up interferes with WD. Since there are times it gets automatically its updates, it does its job. I would say, just leave it alone, at least for a while, and check. What happens if you don't update it manually?

However, take a look at this article. Perhaps it has something useful for you to try: How to change the Windows Defender update frequency (winaero.com)


----------



## Cookiegal (Aug 27, 2003)

Thanks Malcolm.


----------



## Cookiegal (Aug 27, 2003)

DR.M said:


> What happens if you don't update it manually?


After four or five days I get a message from the Security Center saying WD is not up to date and I need to take some action.


----------



## Cookiegal (Aug 27, 2003)

@Macboatmaster,

There are six executables in the Autoruns Folder after extracting. Which one do I use to start the program?

autoruns.exe
autoruns64.exe
Autoruns64a.exe
autorunsc.exe
autorunsc64.exe
autorunsc64a.exe

Since my machine is 64-bit I assume it's one of the 64 ones but I don't know the different between the three options to run.


----------



## DR.M (Sep 4, 2019)

Its the 2nd one above in your list above.


----------



## Cookiegal (Aug 27, 2003)

Thanks. Do you know what the other ones are for?


----------



## DR.M (Sep 4, 2019)

They have to do with the processor. a is for ARM. I don’t know about sc. For a 64 bit (Intel processor), it’s the Autoruns64.exe one.


----------



## Cookiegal (Aug 27, 2003)

No a clue what to do with all of that information. 

But it does say there's a file not found for Windows Defender MSASCuil.exe.


----------



## Cookiegal (Aug 27, 2003)

There's also a bunch of missing "files not found" in the Syswow64 folder.


----------



## Macboatmaster (Jan 15, 2010)

Without booting back into 8.1 on my other computer which as you know from ourpervious does not even have that drive installed I cannot check mine but this MAY answer
Missing Startup Software Solved - Windows 10 Forums (tenforums.com)
why that file is missing

in that it has been replaced by
"C:\Program Files\Windows Defender\MpCmdRun.exe"

post 2 refers.

On the autoruns window click the everything tab
Wait for the window to indicate READY as against scanning = bottom left
then click Options tab
on menu bar
then click
hide microsoft entries

What are missing OR is there too many to list
DO NOT delete the missing entries

However if you uncheck it
Disabling and Deleting Entries *Disabling and Deleting Entries*

If you don't want an entry to activate the next time you boot or login you can either disable or delete it. To disable an entry uncheck it. Autoruns will store the startup information in a backup location so that it can reactivate the entry when you recheck it. For items stored in startup folders Autoruns creates a subfolder named Autorunsdisabled. Check a disabled item to re-enable it.


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> why that file is missing


Thanks for that.


Macboatmaster said:


> What are missing OR is there too many to list
> DO NOT delete the missing entries


I'll do this tomorrow. I'm about to have dinner and I know it's late for you. I'll have more time tomorrow as we're going to be snowed in.


----------



## Macboatmaster (Jan 15, 2010)

I may well have the time as you are snowed in and I am to be rained in
We do not get snow here as I have mentioned before
Enjoy your dinner


----------



## Cookiegal (Aug 27, 2003)

Thanks.


----------



## DR.M (Sep 4, 2019)

If you want us to take a look:

Right click on *autoruns64.exe* (not autorunsc64.exe) and select *Run as administrator.*
Wait until the lower left hand corner of the window shows *Ready.*
Hit the *Ctrl + S key *at the same time.
*Save* the file to your Desktop using the *default File name.*
Please *zip** and attach* the file here.


----------



## Cookiegal (Aug 27, 2003)

Thanks Panos. I'm attaching the zipped file.


----------



## DR.M (Sep 4, 2019)

I tried to compare your outcome with mine.

The difference regarding Defender is in Scheduled Tasks part. Yours are set to periodic scan, probably set manually, and mine to automatic (not a periodic scan set).

So maybe if you delete the "trigger" for your "schedule" and just let the "trigger" stay blank perhaps Windows will just go about doing its business automatically and not bother you with warnings. You should go to the Task Scheduler for that (Microsoft > Windows > Windows Defender). 

Just a thought, after comparing our Autoruns outcome.


----------



## Cookiegal (Aug 27, 2003)

Thanks for looking. When I look in the Tast Scheduler the Trigger page is blank. It could be different if you're running Windows 10. It does scan every day.


----------



## DR.M (Sep 4, 2019)

> It could be different if you're running Windows 10.


I don't think this would be different, but I'll take a look about it tomorrow.


----------



## Cookiegal (Aug 27, 2003)

I deleted a couple of tasks that were related to the Eset Online Scanner. I downloaded and ran that when this problem first started to see if any malware was found. Even though it's an on-demand scanner it created two tasks and they didn't delete when I removed the program.


----------



## Cookiegal (Aug 27, 2003)

@Macboatmaster,

Here's a screenshot of the missing dll files from Autoruns.


----------



## Macboatmaster (Jan 15, 2010)

The answer is 
1. I cannot really compare as I still do not have my 8.1 running on my other computer and it is not a two minute job, as I have to disconnect my 11 drive and connect the 8.1 drive

2. I do NOT know for certain but I do NOT think they should be missing - they are NOT missing on mine, although I do not have all of the ones you have listed 
I have the first 3 you have listed as missing and if I right click on the entry and click - go to entry it is there in reg editor
Of course that I do realise does not help you.

3. The added problem is that I would not know exactly what that Dynamic link library file being missing actually means or indeed what IF ANY realtionship to your problem it has - I cannot see it being the direct cuase as if so - HOW did it update sometimes on windows update

4. I am sorry I cannot be of more postive help.


----------



## Cookiegal (Aug 27, 2003)

I don't think there's any relation between those missing dlls and the problem either. Thanks though.


----------



## Cookiegal (Aug 27, 2003)

Apparently it's normal for Autoruns to show that and they aren't an issue.

https://appuals.com/what-is-wow64-dll-file-and-should-it-be-deleted/


----------



## Macboatmaster (Jan 15, 2010)

Good find by you.
For the time being I give up.
Only because I do not have a further* new* suggestion to make

The exisiting ones are 
as Dr M - schedule it
as me and I know you are not going to do it - uninstall classic shell (I still suspect that)
as me - repair install of 8.1 but I agree you have to ask if it is worthwhile

I cannot remember now if I have asked before - when you were on download and I will choose when to install - rather than AUTOMATIC download and install (as we know that Defender is not updated via windows updates on 8.1 unless it is set automatic) did you install the update regarding the SHA2 code signing


----------



## Cookiegal (Aug 27, 2003)

Macboatmaster said:


> did you install the update regarding the SHA2 code signing


It was already installed.

I'm giving up too. It's just weird that it's so sporadic.

Thanks for all the help with this.


----------



## Macboatmaster (Jan 15, 2010)

Cookiegal said:


> Thanks for all the help with this


You are welcome, just sorry I could not solve it for you


----------



## Cookiegal (Aug 27, 2003)

Just another update and I'm not posting this asking for more help as I know we've exhausted everything. It's just weird.

As previously reported some days WD updates itself but not through Windows Updates while other days Windows Updates shows it.

So on December 9th WD was updated through Windows updates properly.

This morning, Windows Update says it installed definitions 1.355.38.0 today at 7:05 a.m.
But Windows Defender says it hasn't been updated since yesterday and is still on definitions 1.353.2306.0.

Go figure.


----------

