Jump to content

MWB Privacy causing crash of Win10 Network settings


Recommended Posts

Over the last year or so I've constantly been experiencing issues where 'something' would cause an issue which would result in a complete crash of anything related to windows 10 network settings, everything else, pc functionality-wise was unaffected. Only network settings related items where unusable. 

Being in the IT industry myself I sought to personally troubleshoot this issue and did neigh everything, sfc scan, dsm restore health, resetting network settings, refreshing dns settings, resetting tc/ip settings, uninstall/reinstalling drivers, uninstall/reinstalling adapters, you name it. All this was based off the presumption it was a problem revolving around DNS name resolution and an resulting crash of my network adapters. 

Recently the thought occurred to me to test not using the MWB Privacy VPN. And after not using the vpn for almost 2 weeks, it worked. My network not only didn't randomly abruptly loose all connection, but I likewise didn't experience any network settings or adapter crashes. 

Then yesterday/today I tried using it again, and as expected within a few hours everything network settings related crashed. This correlation leads me to conclude that the issue lies solely on MWB Privacy VPN. 

Now i could just not use the VPN, but I'm paying for it and used to like it. so I'd rather not stop using it. So here I am hoping to find the cause and the accompanying solution.

To aid in this i zipped 4 folders and will include them here after. 
1 folder during the network settings crash yesterday,  
1 folder after the network settings crash yesterday,
1 folder during the network settings crash Today, 
1 folder after the network settings crash yesterday, 

These include the MWB support tools log gather, and the FRST.tx & Additions.txt for each.

Biggest NOTE, I CANNOT purposefully replicate this issue on command, however it almost certainly happens within 1 day of pc use while on the VPN. I know how much of a pain this can be as to test if a solution works we have to wait and see. i apologize for that in advance.

1316734500_7-25-2022Duringinternetloss.zip

Link to post
Share on other sites

6 minutes ago, NJeffcoat said:

Also with all due respect if I hear "just do a full pc reset" I will reach through this monitor and punch you, that is a lazy and half-assed answer.

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thanks

Link to post
Share on other sites

1 minute ago, Porthos said:

Please do the following so that we may take a closer look at your installation for troubleshooting: .....

That log file exists in each of the 4 zipped folders, each folder denotes different log gathers. 
1 yesterday during issue, then one after a restart
and another 1 today during issue observance, followed by another after a restart.

Link to post
Share on other sites

11 minutes ago, NJeffcoat said:

That log file exists in each of the 4 zipped folders, each folder denotes different log gathers. 

Thanks for the added info. I did not look in the zips as the names were not what I was expecting. Some one will dig thru the info soon.

Link to post
Share on other sites

  • Root Admin

Please consider uninstalling the following programs.

  • CCleaner (computer experts no longer recommend this program)
  • Java 8 Update 331 (64-bit)
  • Java 8 Update 331
  • Java(TM) SE Development Kit 18.0.1 (64-bit)

 

If you really need Java, please uninstall all old versions and keep Java up to date at all times.

Java Development Kit 18 Release Notes: JDK 18.0.2
https://www.oracle.com/java/technologies/javase/18u-relnotes.html

64-bit Java for Windows, Version 8 Update 341 (filesize: 83.46 MB)
Release date: July 19, 2022
https://www.java.com/en/download/

 

 

Your REDRAGON Gaming Mouse appears to have had some kind of issue and was faulting. It looks like it may have stopped though as that entry was from about a week ago.

Error: (07/19/2022 11:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RDCfg.exe, version: 0.0.0.0, time stamp: 0x60d4a1a4
Faulting module name: ntdll.dll, version: 10.0.19041.1741, time stamp: 0x221456c9
Exception code: 0xc000041d
Fault offset: 0x00044073
Faulting process id: 0x7d4
Faulting application start time: 0x01d89bb580a84447
Faulting application path: C:\Program Files (x86)\REDRAGON Gaming Mouse\RDCfg.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 31101159-8c88-4358-8e65-2ca63ea61946
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2022 11:37:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RDCfg.exe, version: 0.0.0.0, time stamp: 0x60d4a1a4
Faulting module name: ntdll.dll, version: 10.0.19041.1741, time stamp: 0x221456c9
Exception code: 0xc0000005
Fault offset: 0x00044073
Faulting process id: 0x7d4
Faulting application start time: 0x01d89bb580a84447
Faulting application path: C:\Program Files (x86)\REDRAGON Gaming Mouse\RDCfg.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5452165f-27a8-4df4-8a07-dcc79ba50eeb
Faulting package full name:
Faulting package-relative application ID:

 

I'm not seeing an actual Fault from the VPN network stack or any Malwarebytes programs. There is no C:\Windows\MEMORY.DMP  file which is typically created for a BSOD (Blue Screen of Death)

In fact, no Event Log entries are showing anything that might even get you to believe there is a networking issue.

What I'd like to do to start off is do a general cleanup of your computer. Then we'll move on to a couple more ideas.

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

 

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first before running scans. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download any software if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Please be patient and stick with me until this process has been completed. We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

PLEASE RUN THE FOLLOWING FIX BELOW. Once the fix has been completed, please attach the FIXLOG.TXT file for review.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Once the above fix has been completed, please get me the following logs. @NJeffcoat

 

STEP 1

Please download HWiNFO the Professional System Information and Diagnostics program.
HWiNFO Portable for Windows

Unzip the program to its own folder such as: C:\HWiNFO
Go to the new folder and locate the file C:\HWiNFO\HWiNFO64.exe and double-click to run it.
Click the RUN button.
Ignore the update, click close.
Click on Save Report and choose HTML and click Next, then Finish
By default, it will create a new report named COMPUTER.HTM in the same folder as the program. C:\HWiNFO
Please zip that file and attach it to your next reply

 

STEP 2

Run the Farbar program with admin rights again and click on the Scan button. Get the new following logs

FRST.txt
Addition.txt

 

STEP 3

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here:   https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
  • Save Autoruns.zip to your computer. Then locate it and extract it to a new folder where you can find and run it.
  • Once it starts you may not be able to easily stop the scan but you can try to press the Escape key on your keyboard.
  • Once scanning is stopped, click on the Options menu at the top of the program and select Scan Options... 
  • Then place a checkmark on the following items Verify Code Signatures, Check VirusTotal.com, and Submit Unknown Images
  • Then click the Rescan button. Agree to the VirusTotal EULA
  • NOTE: The VirusTotal column needs to complete in all categories. The program may say its complete, but it is not if the VT entries have not been completed in all columns. Just give it more time to complete.
  • Once the new scan has been completed, please click on the File button at the top of the program and select Save, or use the Save icon, and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file (it will typically be the name of your computer) on your desktop or where you save it, and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder (your computer name.zip) you just created to your next reply.

 

 

image.png

 

 

STEP 4 

Click on  START - RUN and type in SIGVERIF and click OK
 
This is a Microsoft File Signature Verification program that will check the status of some files for us.

image.png

  • Click on the  START button and let it run. 
  • It will pop up a box when it's done to show the status, you can close that box.
  • Close the  File Signature Verification application.
  • On Windows 7 / 10 find and attach the file C:\Users\Public\Documents\SIGVERIF.TXT to your next reply.
  • DO NOT post the log directly into your reply, attach the file, please.
 
 
 
LOGS to attach when done.
 
  • FIXLOG.TXT
  • FIRST.TXT
  • ADDITION.TXT
  • HWINFO_LOG
  • AUTORUNS_LOG
  • SIGVERIF.TXT
 
 
Thank you
 
 
 

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites


Uninstalled:

  • CCleaner
  • Java 8 Update 331 (64-bit)
  • Java 8 Update 331
  • Java(TM) SE Development Kit 18.0.1 (64-bit)

Installed

  • 64-bit Java for Windows, Version 8 Update 341 (I need this)


I'm not sure what the issues with REDRAGON Gaming Mouse were. I never noticed.
Disabled smartscreen and turned off antivirus then ran FRST64 with the provided fixlist.txt.  See attached for FixLog
Ran HWiNFO64, see attached for report.
Ran Autorun.exe, see attached for report.
Ran SIGVERIF, see attached for report.

I apologize for the late response, i work a 12 hour graveyard shift so i don't wake up until after 4pm each day.

Fixlog.txt FRST.txt Addition.txt DESKTOP-NATE-HWiNFO64.zip DESKTOP-NATE-autorun.zip SIGVERIF.TXT

Link to post
Share on other sites

  • Root Admin

No worries, most of us have busy lives. Thank you for the logs. @NJeffcoat

I see that your BIOS is a bit old, but ASRock seems to make it difficult to update. I believe this is your motherboard link (do not take my word for it, double-check and verify)

https://www.asrock.com/mb/AMD/Fatal1ty X370 Professional Gaming/index.asp#BIOS

Notice the newer BIOS says that you should NOT update to the newer version if you're running a Summit Ridge CPU

image.png

The Hardware Info Report says that you are running the Summit Ridge CPU - I'd double-check with ASRock Support or do more investigating before attempting a BIOS Update.

Normally BIOS updates work pretty well these days but would hate to see you brick the motherboard from a bad update.

 

image.png

 

Notice here that you did not leave AutoRuns running long enough to complete the Virus Total scans and submissions. All items should have an entry.

 

image.png

 

You appear to have an HP Update program from 2013 that loads every time the computer starts. I seriously doubt you're getting any updates from HP on anything from 2013.

I'd suggest removing that from running.

image.png

 

Please temporarily exit out of Malwarebytes by right-clicking over the Malwarebytes tray icon and Quit.

Then run the following,

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

 

 

When that has been completed, let's go ahead and do a CLEAN REMOVAL and reinstall of Malwarebytes.

 

Can you please do the following?

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click the CLEAN button and follow the onscreen instructions to reinstall Malwarebytes and Privacy
  • NOTE: Please have patience as it can take a while to remove and reinstall. The computer will restart to complete

After the restart please do the following

  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

 

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

Getting late for me. I'm heading out, but will check back on you tomorrow.

I'm hoping that once you update your other programs and do the reinstall of Malwarebytes and Privacy that it will correct the issues you've been having.

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

I'm warry of updating the bios. i never had to do it to a system that needed to retain programs and settings, ie i've only ever don reimages. and to my knowledge 5.3 is the only update i could move up to as i believe this is running 5.1
hp update removed.
here's the security check log

i'm rerunning auto run before doing the clean install and log gather from the support tool. so far i've let autorun run for 3 hours and it's still not populated virus total on all entries. i'll let it run overnight.

SecurityCheck log.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.