enigmanate Posted July 3 ID:1575610 Share Posted July 3 Every browser I have used and I keep getting compromised website notification. I have used chrome, firefox, vivaldi and it keeps happening. And its on websites I visit often like google.com and ebay.com and poshmark.com and random ones too. Anyone have an idea as to why? I submitted a trouble ticket yesterday with malwarebytes but have heard nothing. Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted July 3 Staff ID:1575611 Share Posted July 3 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes for Windows Help forum. If you are having technical issues with our Windows product, please do the following: Malwarebytes Support Tool - Advanced Options This feature is designed for the following reasons: For use when you are on the forums and need to provide logs for assistance For use when you don't need or want to create a ticket with Malwarebytes For use when you want to perform local troubleshooting on your own How to use the Advanced Options: Spoiler Download Malwarebytes Support Tool Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Navigate to the Advanced tab The Advanced menu page contains four categories: Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand. Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot. Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent. Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program. To provide logs for review click the Gather Logs button Upon completion, click OK A file named mbst-grab-results.zip will be saved to your Desktop Please attach the file in your next reply. To uninstall all Malwarebytes Products, click the Clean button. Click the Yes button to proceed. Save all your work and click OK when you are ready to reboot. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows. Select Yes to install Malwarebytes. Malwarebytes for Windows will open once the installation completes successfully. Screenshots: Spoiler Spoiler If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help If you need help looking up your license details, please head here: Find my premium license key Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 3 Root Admin ID:1575617 Share Posted July 3 Hello @enigmanate Are these INBOUND or OUTBOUND blocks? Link to post Share on other sites More sharing options...
enigmanate Posted July 3 Author ID:1575624 Share Posted July 3 1 hour ago, AdvancedSetup said: Hello @enigmanate Are these INBOUND or OUTBOUND blocks? It does both incoming and outgoing. Link to post Share on other sites More sharing options...
Porthos Posted July 3 ID:1575625 Share Posted July 3 2 minutes ago, enigmanate said: It does both incoming and outgoing. Please do the following so that we may take a closer look at your system for any possible infections. WARNING: Do Not click the Repair System under Advanced unless requested by a Malwarebytes support agent or authorized helper NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 4 Root Admin ID:1575632 Share Posted July 4 Please get us the requested logs then @enigmanate Thanks Link to post Share on other sites More sharing options...
enigmanate Posted July 4 Author ID:1575651 Share Posted July 4 2 hours ago, AdvancedSetup said: Please get us the requested logs then @enigmanate Thanks I uploaded logs yesterday as I said in my post. The support ticket number is 4300303 Link to post Share on other sites More sharing options...
enigmanate Posted July 4 Author ID:1575652 Share Posted July 4 4 hours ago, Porthos said: Please do the following so that we may take a closer look at your system for any possible infections. WARNING: Do Not click the Repair System under Advanced unless requested by a Malwarebytes support agent or authorized helper NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you I did this yesterday. Still waiting on a reply. Link to post Share on other sites More sharing options...
Porthos Posted July 4 ID:1575653 Share Posted July 4 1 minute ago, enigmanate said: I uploaded logs yesterday as I said in my post. The support ticket number is 4300303 Please upload them here if you would like assistance. We do not have access to your support ticket on the forums. Link to post Share on other sites More sharing options...
enigmanate Posted July 4 Author ID:1575654 Share Posted July 4 1 minute ago, Porthos said: Please upload them here if you would like assistance. We do not have access to your support ticket on the forums. mbst-grab-results.zip Link to post Share on other sites More sharing options...
enigmanate Posted July 4 Author ID:1575656 Share Posted July 4 Just now, enigmanate said: mbst-grab-results.zip 8.32 MB · 0 downloads Thank you Link to post Share on other sites More sharing options...
Porthos Posted July 4 ID:1575658 Share Posted July 4 While you wait for @AdvancedSetup I want to inform you the following, Please refer to this support article which lists several known applications which conflict with the Web Protection in Malwarebytes currently, which includes Ad Guard. Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted July 4 Root Admin Solution ID:1575662 Share Posted July 4 The computer has several errors. We'll run some clean up scripts and see if that helps to correct your system issues. @enigmanate Application errors: ================== Error: (07/02/2023 04:24:32 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: ANONYMOUS) Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126). Error: (06/30/2023 09:54:34 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x0x1014 Faulting application start time: 0x0x1d9ab5c4f79564a Faulting application path: bad_module_info Faulting module path: unknown Report Id: 66858f85-ed9e-454c-8e15-c8e792f1960f Faulting package full name: Faulting package-relative application ID: Error: (06/29/2023 09:33:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 09:33:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 07:07:13 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (06/29/2023 07:07:13 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (06/29/2023 07:06:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 07:06:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. System errors: ============= Error: (07/02/2023 10:25:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.391.3338.0). Error: (07/02/2023 09:17:50 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:02:30 PM on ‎7/‎1/‎2023 was unexpected. Error: (07/01/2023 10:11:03 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on D: cannot be read. Error: (06/30/2023 09:53:41 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control. Error: (06/30/2023 09:53:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (06/30/2023 09:53:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (06/30/2023 05:01:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (06/30/2023 05:01:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\jovan\AppData\Local\Temp\ehdrv.sys Please run the following steps [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following CCleaner (computer experts no longer recommend this program) [ 2 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\jovan\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks 1 Link to post Share on other sites More sharing options...
enigmanate Posted July 4 Author ID:1575785 Share Posted July 4 12 hours ago, AdvancedSetup said: The computer has several errors. We'll run some clean up scripts and see if that helps to correct your system issues. @enigmanate Application errors: ================== Error: (07/02/2023 04:24:32 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: ANONYMOUS) Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126). Error: (06/30/2023 09:54:34 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x0x1014 Faulting application start time: 0x0x1d9ab5c4f79564a Faulting application path: bad_module_info Faulting module path: unknown Report Id: 66858f85-ed9e-454c-8e15-c8e792f1960f Faulting package full name: Faulting package-relative application ID: Error: (06/29/2023 09:33:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 09:33:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 07:07:13 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (06/29/2023 07:07:13 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (06/29/2023 07:06:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 07:06:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. System errors: ============= Error: (07/02/2023 10:25:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.391.3338.0). Error: (07/02/2023 09:17:50 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:02:30 PM on ‎7/‎1/‎2023 was unexpected. Error: (07/01/2023 10:11:03 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on D: cannot be read. Error: (06/30/2023 09:53:41 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control. Error: (06/30/2023 09:53:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (06/30/2023 09:53:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (06/30/2023 05:01:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (06/30/2023 05:01:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\jovan\AppData\Local\Temp\ehdrv.sys Please run the following steps [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following CCleaner (computer experts no longer recommend this program) [ 2 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\jovan\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt 39 kB · 0 downloads Thanks thank you so much. I am going to do these things now. Link to post Share on other sites More sharing options...
enigmanate Posted July 4 Author ID:1575789 Share Posted July 4 13 hours ago, AdvancedSetup said: The computer has several errors. We'll run some clean up scripts and see if that helps to correct your system issues. @enigmanate Application errors: ================== Error: (07/02/2023 04:24:32 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: ANONYMOUS) Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126). Error: (06/30/2023 09:54:34 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x0x1014 Faulting application start time: 0x0x1d9ab5c4f79564a Faulting application path: bad_module_info Faulting module path: unknown Report Id: 66858f85-ed9e-454c-8e15-c8e792f1960f Faulting package full name: Faulting package-relative application ID: Error: (06/29/2023 09:33:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 09:33:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 07:07:13 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (06/29/2023 07:07:13 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (06/29/2023 07:06:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (06/29/2023 07:06:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. System errors: ============= Error: (07/02/2023 10:25:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.391.3338.0). Error: (07/02/2023 09:17:50 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:02:30 PM on ‎7/‎1/‎2023 was unexpected. Error: (07/01/2023 10:11:03 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on D: cannot be read. Error: (06/30/2023 09:53:41 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control. Error: (06/30/2023 09:53:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (06/30/2023 09:53:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (06/30/2023 05:01:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (06/30/2023 05:01:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\jovan\AppData\Local\Temp\ehdrv.sys Please run the following steps [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following CCleaner (computer experts no longer recommend this program) [ 2 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\jovan\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt 39 kB · 0 downloads Thanks I have to admit that I am not sure how to start this process. Is there anyway you could take control of my system and do it from there? Or is that not an option? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16 Root Admin ID:1577872 Share Posted July 16 The issue looks to be mainly hardware related at this point. The customer will look at possibly replacing the mechanical 5,400 RPM drive for an SSD drive and reinstall Windows. I'll go ahead and close the topic now. 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16 Root Admin ID:1577873 Share Posted July 16 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts