Jump to content

Recommended Posts

Hi

updated MBP this morning, since when I get error code MB404104 if I invoke it. Have rebooted, updated MBAV and removed and reinstalled MBP. Still not working. Unable to complete system restore as "a file is locked" even with AV switched off.

I've run MB Check and the results are attached.
 

Suggestions welcome.

 

Thanks

 

Andy

mb-check-results.zip

Link to post
Share on other sites

6 hours ago, AJLSpex said:

I've run MB Check and the results are attached.
 

Please run the correct support tool.

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thanks

Link to post
Share on other sites

  • Root Admin

Hello @AJLSpex

Please do a Clean Removal but for now, DO NOT reinstall Malwarebytes or Privacy. We need to do some cleanup work. The system is having issues locating the tunnels that support the VPN service.

 

 

 

Can you please do the following?

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click the CLEAN button and DO NOT reinstall Malwarebytes
  • NOTE: Please have patience as it can take a while to remove and restart the computer to complete the removal.

After the restart please do the following

  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

  • Root Admin

You are using a customized Windows hosts file. Please make sure there are no entries for any of our systems.

C:\WINDOWS\system32\drivers\etc\hosts

You ran a Restore operation. Why was that run?

23-11-2021 09:06:56 Restore Operation

 

Please create a new System Restore Point. Then open Device Manager and find and remove all of the following (there are several or more)

Name: Wintun Userspace Tunnel

 

Why do you have Services set to run from a Temp folder location? That is not normal or a best practice

S3 GENERICDRV; \??\C:\Users\andyl\AppData\Local\Temp\Rar$EXa16400.10877\AfuWin64\amigendrv64.sys [X] <==== ATTENTION
S3 UCOREW64; \??\C:\Users\andyl\AppData\Local\Temp\Rar$EXa17188.25800\AFU_Core8\afuwin\32\UCOREW64.SYS [X] <==== ATTENTION

 

Please run the following from an elevated admin command prompt

SFC /SCANNOW

Let me know what it says

Then run the following for me

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

 

Thanks @AJLSpex

 

Link to post
Share on other sites

The customized Windows hosts file has not been changed.

C:\WINDOWS\system32\drivers\etc\hosts

You ran a Restore operation. Why was that run?

23-11-2021 09:06:56 Restore Operation

I was trying to revert to yesterdays config. The restore failed with "locked file" error.

Please create a new System Restore Point. Then open Device Manager and find and remove all of the following (there are several or more)

Name: Wintun Userspace Tunnel

Done

Why do you have Services set to run from a Temp folder location? That is not normal or a best practice
Nothing has changed since yesterday when MBP ran ok.
 

SFC output is attached. (OneDrive is disabled)

 

Known problem on this system is that the mail profiles is hinky. It has been for months and MBP shouldn't be affected.

FSS Output is attached.

 

CBS.log FSS.txt

Link to post
Share on other sites

  • Root Admin
51 minutes ago, AJLSpex said:

Why do you have Services set to run from a Temp folder location? That is not normal or a best practice

Nothing has changed since yesterday when MBP ran ok.
 

 

That is not the point. I'm trying to help you correct issues as well as protect your computer. It is a terrible practice only done by malware to run a service out of a temporary folder. I cannot stress how terrible an idea is to run that and it should be rmoved. It has nothing to do with Malwarebytes or Privacy VPN, it's just a terrible idea and practice.

No, we don't need to use an older version at this point. We need to continue cleaning your computer.

 

The CBS log is 27K lines of code. Please just tell we what the command line said.

 

Link to post
Share on other sites

SFC/Scannow output to CMD:

C:\WINDOWS\system32>sfc/scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

Link to post
Share on other sites

  • Root Admin

Please run the following from an elevated admin command prompt.

DISM.exe /Online /Cleanup-image /Restorehealth

After that completes then run the SFC command again.

SFC /SCANNOW 

Hopefully this time it should be able to repair the damage.

Let me review your new logs

Thanks @AJLSpex

 

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the C:\Users\andyl\Downloads\  folder.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run C:\Users\andyl\Downloads\FRSTEnglish.exe and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Once that's done please go ahead and reinstall Malwarebytes


MB4 Offline Installer
https://downloads.malwarebytes.com/file/mb4_offline

 

I'm heading off to bed but will check back on you in the morning

Cheers

 

 

Link to post
Share on other sites

8 hours ago, AdvancedSetup said:

Please run the following from an elevated admin command prompt.

DISM.exe /Online /Cleanup-image /Restorehealth

After that completes then run the SFC command again.

SFC /SCANNOW 

Hopefully this time it should be able to repair the damage.

Let me review your new logs

Thanks @AJLSpex

 

C:\WINDOWS\system32>DISM.exe /Online /Cleanup-image /Restorehealth

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19043.1348

[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.
 

C:\WINDOWS\system32>SFC /SCANNOW

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

 

 

CBS.log

Link to post
Share on other sites

In my early-morning eagerness, I did try re-installing Privacy. It seemingly installed ok, but no Wintun devices were created (I looked in device manager) and when I tried to run it, it failed with the same message as before.

 

I've since removed Privacy again. I'm going out now. You may hear some screaming from the direction of Wales. Just ignore me. :-)

Link to post
Share on other sites

In an eventful morning, in my absence, Windows updated itself to

Edition    Windows 10 Pro
Version    21H2
Installed on    ‎03/‎09/‎2020
OS build    19044.1348
Experience    Windows Feature Experience Pack 120.2212.3920.0

Ho hum.

So, tried reinstalling MBP. Again.

Failed to run, with the usual error code.

BUT...

Just on the off-chance, I tried using the WInTun Tunnel Driver instead of MBtun.

IT WORKS!

In previous usage, MBP created a whole load of extra virtual adapters, seemingly one per VPN Server. That didn't happen with this installation. All that was added this time was a WireGuard Tunnel shown in Device Manager.

In Network Connections I now see just the one mbvpn tunnel showing whichever server I'm connected to.

Changed functionality? Perhaps.

Anyhow, it works, I'm happy (although I'd like to know what went wrong at some point).

 

Please close the ticket and, thanks for all your help.

 

 

 

Link to post
Share on other sites

  • Root Admin

Thank you for all the updates.  Unfortunately I think you ran into an issue with Privacy as the service was having an unexpected outage that has since been corrected.

Glad that all is working well for you again. Before we finish up since we've done clean up let's go ahead and check for other possible updates.

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.