Jump to content

Throughly diagnose Malwarebytes Support tool issues


Recommended Posts

  • Root Admin

Hello @pal1000

The MBST tool will fail to grab and run sometime due to Windows Defender or SmartScreen - when it's properly downloaded it does run a new scan and creates new logs.

The provided logs look to be edited. Did you manually edit these files?

You're also running a hack to try and prevent Microsoft Telemetry it looks like but I don't see the many other hacks users typically do when they're concerned about that.

 

 

You have multiple devices disabled - are these disabled on purpose as the code indicates? Why so?

 


==================== Faulty Device Manager Devices ============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek USB 2.0 Card Reader
Description: Realtek USB 2.0 Card Reader
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Realtek Semiconductor Corp.
Service: RTSUER
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

You appear to have normal services disabled as well

System errors:
=============
Error: (07/30/2020 04:02:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/30/2020 02:19:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (07/30/2020 11:13:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/30/2020 10:49:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/30/2020 10:23:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/30/2020 10:11:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/29/2020 04:22:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/28/2020 09:51:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

 

Can you please explain why you're running the computer in what appears to be a very restricted or misconfigured manner

Thanks

 

 

 

 

Link to post
Share on other sites

4 hours ago, AdvancedSetup said:

Hello @pal1000

The MBST tool will fail to grab and run sometime due to Windows Defender or SmartScreen - when it's properly downloaded it does run a new scan and creates new logs.

I tried putting FRST in same folder as MBST download folder, admin user download folder and temporary folder where MBST is unpacked. and no dice. Maybe it's supposed to be on admin user desktop. That I haven't tried.

4 hours ago, AdvancedSetup said:

The provided logs look to be edited. Did you manually edit these files?

No, but I exported last Malwarebytes scan log as text and picked its filename to match scan end date and time in UTC.

4 hours ago, AdvancedSetup said:

You're also running a hack to try and prevent Microsoft Telemetry it looks like but I don't see the many other hacks users typically do when they're concerned about that.

I am not that much worried about telemetry data being collected but rather the resource hog. Microsoft Compatibility telemetry starts running after roughly a week since a fresh Windows install, and then almost on every boot and on every software install and uninstall. On a computer with HDD it runs for 5-10 mins every time and uses the CPU and storage almost to the max.

I disabled it with this. Simply disabling its scheduled task won't last long as Windows Updates reset it.

5 hours ago, AdvancedSetup said:

You have multiple devices disabled - are these disabled on purpose as the code indicates? Why so?

All on purpose. None of them are actually defective or unstable. Most of them pose privacy or security risk if running all the time:

5 hours ago, AdvancedSetup said:

==================== Faulty Device Manager Devices ============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

I almost never use wired network connection. If I have to I can re-enable.

5 hours ago, AdvancedSetup said:

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

I never used the integrated webcam. Too much privacy violation for my taste.

5 hours ago, AdvancedSetup said:

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

This is actually Intel Display Audio but display isn't connected via HDMI or DisplayPort, so no audio goes through iGPU. In my current setup this device won't do anything. If I ever connect an external monitor, then I may have to enable it.

5 hours ago, AdvancedSetup said:

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

The controversial Intel ME. With my IT security knowledge I see it susceptible to 2 theoretical classes of attacks:

- attack from host OS through driver;

- network attack against remote management.

The latter only affects Intel VPro CPUs as far as I know. The former I mitigated by disabling this driver. I won't deny that this may have side effects. I heard that from ME10 or ME11 chipset powered multimedia hardware acceleration requires ME driver to be active.

6 hours ago, AdvancedSetup said:

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Bluetooth is a security nightmare. I prefer to prevent it from running as I am not using this kind of connection.

6 hours ago, AdvancedSetup said:

Name: Realtek USB 2.0 Card Reader
Description: Realtek USB 2.0 Card Reader
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Realtek Semiconductor Corp.
Service: RTSUER
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Never attached a SD card to my PC, until then this stays disabled.

Microphone also stays disabled most of the time. I disabled it in a way that makes it vanish from Device Manager.

6 hours ago, AdvancedSetup said:

You appear to have normal services disabled as well

System errors:
=============
Error: (07/30/2020 04:02:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

All the tweaks I applied are scripted here [1][2]. I haven't applied [3] as these are probably properly tied to maintenance now. They don't seam to run independently in Windows 10 Version 2004 anymore. If you think any of these are responsible please let me know.

6 hours ago, AdvancedSetup said:

Error: (07/30/2020 02:19:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

There are some glitches with various Malwarebytes components mainly causing slow resolving host issue which is very common for Malwarebytes 4.x and it's triggered under very precise circumstances:

https://forums.malwarebytes.com/topic/262181-p2p-application-brings-back-slow-resolving-host-issue/

https://forums.malwarebytes.com/topic/262267-2-more-scenarios-that-can-lead-to-slow-resolving-host-and-potential-freezes/

https://forums.malwarebytes.com/topic/261935-pendingfilerenameoperationsnetwork-connections-slow-establishing-possible/

The last was fixed with component 1.0.990. Every time it happens it throws this in event log because Malwarebytes service gets stuck stopping.

Link to post
Share on other sites

  • Root Admin

It's all good how you setup or run your computer is your choice. I don't have proof or evidence that any of your choices do or do not cause an issue with the program.

We do know that previous builds certainly did have a well known issue with Windows 10 build 2004 for many users, but we also know that the recent update to the program to deal with it has fixed it for the vast majority of users. We've had a huge reduction in tickets on the helpdesk that also shows the fix worked.

If doing a Clean Removal and reinstall is not  correcting the issue for you then it's probably best that you open a support ticket with our Helpdesk so that someone from our QA team can also get involved and try to track down the issue.

Please try the following if you've not done it within the past week.

Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool

If that does not correct the issue then please go ahead and open a support ticket and let them know you're having an issue and you can link  your forum posts too so they're aware.

https://support.malwarebytes.com/hc/en-us/requests/new

Thank you

 

Link to post
Share on other sites

I'll wait for next Malwarebytes stable component update before clean installing as I did it recently and it doesn't seam to change anything. I'll create a support ticket after that as well. There is no rash as none of these issues are exactly blocker bugs. They all can be worked around one way or another.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.