John A

Happened again with www.reuters.com using Firefox, also occurred when I tried it in IE. Decided to do another Wireshark run. Ran Wireshark during which I did the following: - attempted to open www.reuters.com - failed - - Exited MBAM - Closed Firefox - opened Firefox and successfully connected to www.reuters.com I then restarted MBAM and had no problems with the above web site Wireshark file attached Reuters.zip

And it just happened again, this time with www.tomtom.com IE & Firefox Other web sites work fine Exit MBAM and restart IE - connects fine

And once again this time trying to access https://forums.malwarebytes.org/ All other web sites load no problems Exited MBAM, restarted IE and https://forums.malwarebytes.org/ worked. I won't run Wireshark again until the last log posted is looked at.

Happened again with www.malwarebytes.org Ran Wireshark during which I did the following: - opened another web site successfully - refresh attempts on www.malwarebytes.org - all failed - Exited MBAM - Closed IE - opened IE and successfully connected to www.malwarebytes.org Image of initial failure attached Wireshark file attached MBAM.zip

Shall do

I have already provided Tracert/Ping evidence which shows www.google.com failing, exited MBAM, www.google.com works https://forums.malwarebytes.org/index.php?showtopic=147634&hl= Here is the screenshot again showing at which point I exited MBAM

I doubt that was the cause because the symptom and fix were the same I had experienced before with google.com and some other web sites. I will report any further instances of this problem.

Well it just happened again. This time with www.malwarebytes.org I was looking at a malwarebytes forum using IE I clicked on the link to www.malwarebytres.org - IE could not connect. Typed in the address into the address bar - IE could not connect Tried many other websites - no problems - all loaded fine Restarted IE - same problem Exited Malwarebytes Pro 2.0.2.1010 www.malwarebytres.org connected OK! Restarted Malwarebytes Pro Restarted IE www.malwarebytres.org still connected OK Very strange

Microsoft Windows [Version 6.1.7601] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>sfc /scannow Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection did not find any integrity violations. C:\Windows\system32>

MiniTB log attached, FSS log below Farbar Service Scanner Version: 25-02-2014 Ran by John Marg (administrator) on 01-05-2014 at 09:59:51 Running from "C:\Users\John Marg\Desktop\Temp" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys [2013-10-09 05:32] - [2013-09-14 10:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913 C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-10-09 05:32] - [2013-09-08 12:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2013-08-14 06:09] - [2013-07-09 14:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9 C:\Program Files\Windows Defender\MpSvc.dll [2013-07-10 07:13] - [2013-05-27 14:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47 C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Result.txt

vssadmin command reports that all writers are operating without errors. Microsoft Windows [Version 6.1.7601] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>vssadmin list writers vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool © Copyright 2001-2005 Microsoft Corp. Writer name: 'Task Scheduler Writer' Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124} Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b} State: [1] Stable Last error: No error Writer name: 'VSS Metadata Store Writer' Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06} Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93} State: [1] Stable Last error: No error Writer name: 'Performance Counters Writer' Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2} Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381} State: [1] Stable Last error: No error Writer name: 'System Writer' Writer Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Instance Id: {ac5386a3-c6d7-4d47-9e43-e8ae81c19d20} State: [1] Stable Last error: No error Writer name: 'ASR Writer' Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Instance Id: {3cdb6842-148b-44e1-b129-b320a49e66e4} State: [1] Stable Last error: No error Writer name: 'Registry Writer' Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Instance Id: {becc43ca-608b-47e2-b8a8-a204df2c049f} State: [1] Stable Last error: No error Writer name: 'WMI Writer' Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Instance Id: {bf3d5e4a-3bff-4477-87e4-bc8b3f7b25ca} State: [1] Stable Last error: No error Writer name: 'Shadow Copy Optimization Writer' Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Instance Id: {280b4b6d-7f27-4ec4-a16a-ee42ae190e8e} State: [1] Stable Last error: No error Writer name: 'MSSearch Service Writer' Writer Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Instance Id: {51d4cdbb-843f-492b-8d12-6f6d831dda21} State: [1] Stable Last error: No error Writer name: 'COM+ REGDB Writer' Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Instance Id: {916913fb-f57a-47b3-b902-72744bc15c1a} State: [1] Stable Last error: No error Writer name: 'BITS Writer' Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0} Writer Instance Id: {f19dd5f5-10bc-4b04-b16c-95db19c7980a} State: [1] Stable Last error: No error C:\Windows\system32>

The first one reset Windows search Second one prevented remote registry access FRST scans files attached Addition.txt FRST.txt

I should add that when this failure occurs, it is limited to one or two domains, other web sites continue to load with no issues.

.. and it also just happened again on my Windows 8 computer after using IE no problems for a while, attempted to connect to my bank login page - "Page could not be displayed". Exited MBAM and refreshed page - all OK.

It happened again with MBAE removed, so MBAE is not in the mix. Firefox: https://sites.google.com/ Fails to display IE: https://sites.google.com Fails to display Exit MBAM and the above sites immediately display correctly on refresh - no need to reload browsers. Restart MBAM and the above sites continue to display correctly Very weird

Downloaded and ran it. It says "This update is not applicable to your computer".

Thanks Here is the link to the new topic https://forums.malwarebytes.org/index.php?showtopic=147867

Unusual events in the Event Log Computer behaves normally and Malwarebytes scan reports no issues. MiniToolbox report attached Result.txt

VEW file was empty Note that this issue has also occurred on my Win 8 laptop as well as this win 7 desktop

See PM

I will cease using MBAE for a while and see if this MBAM issue still occurs.

Definitely a big problem with MBAM here! It happened again with www.google.com Attached Ping shots shows Ping & Tracert failures Exited MBAM did not even restart IE, www.google.com then worked and Ping OK

Shall do!

Since using MBAM 2, occasionally I will start my browser, go to a commonly used website, and it will not load. Refreshing the site or reloading the browser doesn't help. If I exit MBAM, restart the browser, the problem goes away. Restarting MBAM again does not cause the problem to return for some time. The latest site that caused this problem is http://www.windowsphone.com/, but it has happened on http://www.google.com, and other sites. I am also using MBAE. I am now fairly confident that either it is an issue with MBAM 2, or that MBAE is causing MBAM to play up. I tried a MBAM clean then fresh install and that hasn't fixed the issue. The issue occurs about once every two days. How do I track this one down?

Do you still need me to run the clean process and post logs etc as requested?