Cronos42 Posted August 20, 2023 ID:1583946 Share Posted August 20, 2023 Malwarebytes Privacy cannot connect to any server (I tried a varied bunch). This has happened a few times in the past months, and I have also regularly posted about it here. I got the suggestion to download a tool and then also re-install MWB Privacy. That's OK if it happens a few times, but it's happening too often, to be frank. This is the 3rd or 4th time it's happened to me. Every time I need to re-configure MWBP too. Including the excluded apps and the like. I would like one of the two following things to happen.... 1) A version of MWBP that is always able to connect or 2) A step-by-step guide to reinstalling MWBP without losing any settings I'd prefer 1). Link to post Share on other sites More sharing options...
Porthos Posted August 20, 2023 ID:1583950 Share Posted August 20, 2023 @Cronos42 I looked back at your log from your last topic and noticed some system errors that could be causing issues with your system. System errors: ============= Error: (06/11/2023 10:00:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Mozilla Maintenance Service service terminated with the following error: Incorrect function. Error: (06/10/2023 02:28:40 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk4\DR4. Error: (06/10/2023 02:28:40 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (06/10/2023 10:16:30 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk4\DR4. Error: (06/10/2023 10:07:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/10/2023 10:07:37 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 09:09:20 on 10-6-2023 was unexpected. Error: (06/10/2023 10:07:28 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 3221225684Er is een onherstelbare fout opgetreden tijdens het verwerken van de herstelgegevens. Error: (06/09/2023 02:28:41 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Please get a set of new logs please. Please restart the computer and do the following. WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
Cronos42 Posted August 20, 2023 Author ID:1583957 Share Posted August 20, 2023 Here it is. Thanks for your patience and willingness to help! mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 20, 2023 Root Admin ID:1583992 Share Posted August 20, 2023 Hello @Cronos42 My screen name is AdvancedSetup and I will assist you with your system issues. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow all steps in the provided order and post back all requested logs Please attach all log files to your post, unless otherwise requested Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours. If your system is running Discord, please be sure to Exit it while this case is ongoing. To begin, please do the following steps [ 1 ] Please create a NEW System Restore Point before we continue How to Turn On or Off System Protection for Drives in Windows 10https://www.tenforums.com/tutorials/4533-turn-off-system-protection-drives-windows-10-a.html How to Create a System Restore Point in Windows 10https://www.tenforums.com/tutorials/4571-create-system-restore-point-windows-10-a.html [ 2 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following Adobe Flash Player 32 PPAPI Bonjour You can see here from just one of the Event log entries that Bonjour is causing network issues. mDNSResponder.exe is Bonjour Error: (08/20/2023 03:06:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6 Faulting module name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6 Exception code: 0xc0000409 Fault offset: 0x00000000000437c3 Faulting process ID: 0x15a8 Faulting application start time: 0x01d9d3672b9345bd Faulting application path: C:\Program Files\Bonjour\mDNSResponder.exe Faulting module path: C:\Program Files\Bonjour\mDNSResponder.exe Report ID: 5a7c0b17-b033-427d-9f32-b54fcb21fadd Faulting package full name: Faulting package-relative application ID: Firefox Developer Edition 80.0 (please note that Firefox Developer Edition is now up to version 118. If you're no longer doing development work you should consider either uninstalling or updating to the latest version for security reasons) [ 3 ] The system is running P2P - qBittorrent software. Please note the following for reference. Please temporarily DISABLE qBittorrent from running while we're working on the system. The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is illegal, and there is always a chance of prosecution if caught by the authorities. Torrenting non-copyrighted material is perfectly fine and is allowed. However, be aware that we have seen increased malware bundled with software downloads over P2P. Recent Ransomware infections have been seen to encrypt user data so that no one can decrypt the data without the private key. When sharing files, please keep in mind that you're increasing your system's attack surface area, which can increase the risk of infection. Scan all files before running them. https://www.virustotal.com If you don't need or use the P2P software, you should uninstall it. P2P File-Sharing: Know the Risks https://www.bankinfosecurity.com/p2p-file-sharing-know-risks-a-737 Hidden risks in pirated software https://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/ Why You Shouldn't Use Pirated Software (But Why People Still Do) https://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software [ 4 ] You are using a MASSIVE DNS hosts file on the system which I'm sure you're aware of. With over 33K entries one simply cannot easily keep up to date and managed. Nothing wrong with using the custom hosts file, just know that it can possibly have entries in it that are good sites and could potentially cause at least some minor network issues. I don't believe this to be your current issue, but be aware is all. [ 5 ] System errors: ============= Error: (08/20/2023 03:22:22 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk4\DR4. We need to verify which of your hard drives is Disk 4 to determine if it may in fact be causing issues for any Windows operations. Error: (08/20/2023 03:06:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). This is in STEP 2 above for uninstall [ 6 ] Windows Defender is also having some type of network access issues preventing it from updating. This could be Bonjour other other issues. We don't know for sure at this time. Date: 2023-08-18 20:14:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version. Security intelligence Attempted: Current Error Code: 0x80501102 Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. Security intelligence Version: 1.393.2020.0;1.393.2020.0 Engine Version: 1.1.23060.1005 [ 7 ] Is this a Business, Work computer? I notice it has a 172.20.10.1 DHCP server it's getting an IP address from which is okay but not normal for a home computer to have that address range setup on their router at home. [ 8 ] You have the Farbar program located in your Temp folder here: C:\Users\hyves\AppData\Local\Temp\mwb12BF.tmp\FRSTEnglish.exe Please copy that file to your Desktop aka C:\Users\hyves\Desktop Then proceed to run the following by starting your computer into Safe Mode Start in Safe mode: Press the Windows icon on the keyboard together with the letter I, to get into the Settings. Choose Update and Security. From the menu at the left, choose Recovery. Under the title Advanced startup at the right, choose Restart now. From the window that will appear choose Troubleshoot and then Advanced options. Choose Startup Settings and then Restart. Press number 5, for choosing Safe mode with networking. You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen. After that: Please do the following to run a Farbar FRST fix.NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction Policies: C:\ProgramData\NTUSER.pol: Restriction HKU\S-1-5-21-4164424780-3146812533-59759488-1002\SOFTWARE\Policies\Google: Restriction C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy End:: Right-click on FRSTEnglish.exe on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the fixlog.txt log in your next reply. Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 28, 2023 Root Admin ID:1585307 Share Posted August 28, 2023 Are you still with us @Cronos42 Please post an update Link to post Share on other sites More sharing options...
Cronos42 Posted August 28, 2023 Author ID:1585423 Share Posted August 28, 2023 Well...I read your msg and I thought "geez that's a lot to do". I planned to do it somewhere in the weekend but then the connection became available of its own accord. So, although the problem technically wasn't solved, I didn't do anything else. Next time I am unable to connect for a longer time I will use your solution. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 28, 2023 Root Admin ID:1585452 Share Posted August 28, 2023 That is certainly your choice but these are all simple steps laid out one-by-one in order to be easy to accomplish. The computer has multiple issues. If you choose not to fix your computer with offered free support you can but I would recommend you reconsider. Cheers Link to post Share on other sites More sharing options...
Cronos42 Posted September 4, 2023 Author ID:1587003 Share Posted September 4, 2023 I have in the mean time had some time to follow most of the above steps. Apologies if I came across ungrateful for these helpful suggestions. I think I am OK for now! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 4, 2023 Root Admin ID:1587036 Share Posted September 4, 2023 Good day @Cronos42 No worries. Please run the Fabar scanner again with Admin rights and click on the SCAN button. Then attach both new logs FRST.TXT ADDITION.TXT Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 21, 2023 Root Admin ID:1590353 Share Posted September 21, 2023 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts