bluehatchef Posted December 3, 2021 ID:1491141 Share Posted December 3, 2021 Hi, I downloaded and activated Privacy 3.10.0.740 tonight but I cannot make a VPN connection to either of the Australian VPN Servers. I am getting a runtime error "MB404104 - Could not connect. Pls check your internet connection ......" . I have no doubt that my connection is active as I am browsing for potential solns, registered on the support forum, receiving emails etc. From reviewing this forum this seems to be a recurring problem in form or another. I am currently running W10 21H2 and the latest installed update is KB5007253. I keep my PC regularly updated and have several Cumulative Updates installed. By following the instructions provided in other posts, I attach the log files collected from your support tool. I look forward to your advice. Thanks mbst-grab-results.zip Link to post Share on other sites More sharing options...
Porthos Posted December 3, 2021 ID:1491201 Share Posted December 3, 2021 I will ask @AdvancedSetup to review your issue. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 3, 2021 Root Admin ID:1491231 Share Posted December 3, 2021 Hello @bluehatchef The logs show that your network connection is having issues completing a handshake with the VPN server. That is often caused by various different networking configuration issues. We'll try to address a few and see if we can get the program working for you. Please go to Control Panel, Programs, Programs and Features and uninstall the following. Bonjour You have a program that is having issues being found or working correctly you should address as well. Maybe for now uninstall it at least temporarily? Application errors: ================== Error: (12/04/2021 01:57:32 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Everything because of this error. Program: Everything File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000026E Disk type: 0 Error: (12/04/2021 01:57:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Everything.exe, version: 1.4.1.1009, time stamp: 0x609b79ff Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6 Exception code: 0xc0000006 Fault offset: 0x0000000000032c62 Faulting process id: 0x18e8 Faulting application start time: 0x01d7e7fbffea3e14 Faulting application path: D:\Tools\Programs\Everything\Everything.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 94d62660-6914-4c39-87b1-45585e93a467 Faulting package full name: Faulting package-relative application ID: Error: (12/04/2021 01:57:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Everything.exe, version: 1.4.1.1009, time stamp: 0x609b79ff Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6 Exception code: 0xc0000005 Fault offset: 0x0000000000051271 Faulting process id: 0x3d70 Faulting application start time: 0x01d7e7fc1c503018 Faulting application path: D:\Tools\Programs\Everything\Everything.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 5f2e70cf-fc58-4362-b4bd-e26402e1756e Faulting package full name: Faulting package-relative application ID: You also have a Hard Drive that is reporting an error. You need to look into that. Once the Event logs start to show a bad block it is often an indicator of a potentially failing drive. You should back up the data and then do more extensive testing. Error: (12/04/2021 01:27:15 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk4\DR4. Error: (12/03/2021 10:33:11 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk4\DR4, has a bad block. Disk 1 is also showing some type of error. Again, you should do more extensive testing on this drive too. Error: (12/04/2021 12:00:49 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Windows Defender does not like some of the programs you're running. They're not truly infections, just Possibly Unwanted Programs. Personally I find no problem with the tools from NirSoft (as long as you're the one that has installed them and know they're there). But, Windows Defender also shows signs of it failing to load or update, etc. We need to make sure that Windows Defender is fully functional as well. Windows Defender:================ Date: 2021-11-14 07:33:13 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Aicat.A!ml&threatid=2147771505&enterprise=0 Name: PWS:Win32/Aicat.A!ml Severity: Severe Category: Password Stealer Path: file:_C:\tools\NirLauncher\NirSoft\x64\passwordscan.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\ProgramData\chocolatey\choco.exe Security intelligence Version: AV: 1.353.949.0, AS: 1.353.949.0, NIS: 1.353.949.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-14 07:33:13 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/ProductKey&threatid=2147658877&enterprise=0 Name: HackTool:Win32/ProductKey Severity: High Category: Tool Path: file:_C:\tools\NirLauncher\NirSoft\x64\produkey.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\ProgramData\chocolatey\choco.exe Security intelligence Version: AV: 1.353.949.0, AS: 1.353.949.0, NIS: 1.353.949.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-14 07:33:13 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.A!rfn&threatid=2147779530&enterprise=0 Name: Trojan:Script/Phonzy.A!rfn Severity: Severe Category: Trojan Path: file:_C:\tools\NirLauncher\NirSoft\x64\passwordfox.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\ProgramData\chocolatey\choco.exe Security intelligence Version: AV: 1.353.949.0, AS: 1.353.949.0, NIS: 1.353.949.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-14 07:33:13 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Ransom:PowerShell/Roduk&threatid=2147768006&enterprise=0 Name: Ransom:PowerShell/Roduk Severity: Severe Category: Ransomware Path: file:_C:\tools\NirLauncher\NirSoft\x64\netpass.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\ProgramData\chocolatey\choco.exe Security intelligence Version: AV: 1.353.949.0, AS: 1.353.949.0, NIS: 1.353.949.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-14 07:33:13 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Passview&threatid=2147597639&enterprise=0 Name: HackTool:Win32/Passview Severity: High Category: Tool Path: file:_C:\tools\NirLauncher\NirSoft\x64\credentialsfileview.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\ProgramData\chocolatey\choco.exe Security intelligence Version: AV: 1.353.949.0, AS: 1.353.949.0, NIS: 1.353.949.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Event[0]: Date: 2021-12-01 01:12:10 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2021-11-30 20:11:53 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2021-11-05 00:13:27 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.351.1080.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18600.4 Error code: 0x80072f8f Error description: A security error occurred Date: 2021-11-05 00:13:27 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.351.1080.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18600.4 Error code: 0x80072f8f Error description: A security error occurred Date: 2021-11-05 00:13:27 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.351.1080.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18600.4 Error code: 0x80072f8f Error description: A security error occurred You're also running the Cyber Protection from Acronis HKLM-x32\...\Run: [CyberProtectHomeOfficeMonitor.exe] => C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\CyberProtectHomeOfficeMonitor.exe [6248024 2021-10-22] (Acronis International GmbH -> ) I do not know, but it may conflict with either Windows Defender or Malwarebytes. If so you'd need to setup exclusions between the programs The following program is not like by the Farbar program. Probably the most well known and respected Content blocker is uBlock Origin - We also have Malwarebytes Browser Guard. Many of these other blockers are not well respected. Did you pay for this program? Task: {8C63B1A1-7D7A-4AA8-9211-AED9DAF36491} - System32\Tasks\AdBlocker Ultimate Sync => C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateGUI.exe [14214840 2021-09-13] (AdAvoid Ltd -> AdAvoid Ltd.) <==== ATTENTION Task: {B0F1544D-A38E-4F43-ACD5-5B467E316CAA} - System32\Tasks\AdBlocker Ultimate Updater => C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateUpdater.exe [1463992 2021-09-13] (AdAvoid Ltd -> AdAvoid Ltd) <==== ATTENTION I've used this before (excellent script) but haven't needed to setup a scheduled task like this. Are you 100% certain this is legit and doing what you want? Task: {E750BC43-C3A8-4E88-B491-8829E6C6337D} - System32\Tasks\OnedriveMapper => Powershell.exe -NoProfile -ExecutionPolicy ByPass -File "C:\Windows\system32\OnedriveMapper.ps1" -asTask <==== ATTENTION Edge Notifications: Default -> hxxps://www.instagram.com Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled. https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ Turn notifications on or off - Google Chrome Web Push notifications in Firefox No programs should be running out of the Temp folder unless it is/was a one-time run. If this is an ongoing use then it should be removed from temp and provided its own folder to run from. (Nir Sofer -> NirSoft) C:\Users\Ian\AppData\Local\Temp\7zO47868AF0\WinUpdatesView.exe (Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\Ian\AppData\Local\Temp\ZoomIt64.exe Please try changing your DNS provider and restart the computer and see if that helps correct the MB Privacy issue. If not let me know and we can try a generic cleanup script. Your current DNS Servers: 192.168.99.1 Please consider changing your default DNS Server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Serverhttps://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 24, 2022 Root Admin ID:1508315 Share Posted March 24, 2022 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts