Jump to content

No Pop-ups for Ip blocking


Recommended Posts

OK, just to make sure no traces are left, if you haven't already, please run the Norton Removal tool by following the steps laid out here (it's a wizard that will guide you through the process, and then will provide you with a download link for the tool).

Once that is complete, please provide me with a fresh DDS log:

Create a DDS Log:

  • Download DDS from one of the following locations and save it to your desktop:

    [*]Double-click on the copy of DDS you downloaded to run it and it will scan your system, please be patient.

    [*]Once it completes it will open 2 logs, DDS.txt and Attach.txt

    [*]For each, click on File and click Save As... and save them to your desktop.

    [*]Right-click on Attach.txt and hover your mouse over Send To and select Compressed (zipped) Folder.

    [*]Copy and paste the entire contents of DDS.txt into your next reply and attach the Attach.zip file you just created to your post.

Thanks :)

Link to post
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Thank you.

The only trace I see remaining is a local data folder, which shouldn't affect anything.

I'm still concerned over the access denied message you got when trying to execute that command however, as that may be a sign of the problem as well. I tried that command on my own 7 x64 SP1 system and it functioned fine, as did one of my co-workers on his 7 x64 system and it worked for him as well.

I'm beginning to think that either something is broken with WFP (Windows Filtering Platform), which is what is used by Malwarebytes for website blocking, or there is a permissions problem with it, keeping it from receiving data from WFP when IP blocks occur, which would explain the lack of log entries and notifications as well as the access denied error.

For now, please try this again. I modified the steps slightly, and hopefully it will work properly this time:

Step 1:

  • Click on START and type cmd
  • Once cmd appears in the top of the list under Programs, right-click on it and choose Run as administrator
  • At the command prompt, type the following command and press Enter
    tasklist /svc>"%userprofile%\desktop\Tasks.txt"
  • Once complete, you'll find a file called Tasks.txt on your desktop, please attach it to your next reply.
  • Make certain that you do not reboot your system before completing Step 2 below.

Step 2:

  1. In the command prompt window, type the following and press Enter:
    netsh wfp capture start
  2. Now, type the following and press Enter:
    ping iptest.malwarebytes.org
  3. Once that finishes, as will be indicated by a line showing the current path (C:\Windows\System32) with a blinking cursor next to it, type the following and press Enter:
    netsh wfp capture stop
  4. Once complete, you will find a file called wfpdiag or wfpdiag.cab within the folder C:\Windows\System32, please copy and paste it to your desktop then attach it to your next reply.

To sum up, once completed, I need the following two files:

  • Tasks.txt
  • wfpdiag.cab

Please let me know if you get the same access denied error message this time around.

Thanks :)

Link to post
Share on other sites

Thanks.

When reviewing your Attach.txt file from DDS, it also indicated some permissions problems:

==== Event Viewer Messages From Past Week ========

.

4/6/2012 4:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/4/2012 6:54:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user SCULLY2\Kimberly Rajagopalan SID (S-1-5-21-1205331184-3898182619-4109533501-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/4/2012 5:34:08 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

4/3/2012 10:28:37 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

4/3/2012 10:19:21 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

4/2/2012 9:21:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/2/2012 9:21:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

3/31/2012 8:46:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user SCULLY2\Kimberly Rajagopalan SID (S-1-5-21-1205331184-3898182619-4109533501-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/31/2012 7:07:06 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

3/30/2012 8:08:17 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

3/30/2012 4:01:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

3/30/2012 11:40:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

.

==== End Of File ===========================

That leads me (and at least one of my co-workers) to believe that permissions is the issue here. The same thing causing the access denied errors when you try to run wfpdiag is preventing Malwarebytes Anti-Malware from communicating with WFP, which is where the IP block info comes from, and is also causing issues with other programs and processes on your system (several of the items in your Event Viewer entries above for example).

Permissions issues can emerge for a variety of reasons, including damage done by a past infection (the rootkit ZAccess/ZeroAccess/Maxx++ is imfamous for this), as well as something like a broken user profile or alterations to permissions made by installing a piece of software. It could have also been a policy set in place by a system admin or IT if they've changed anything on your system.

Unfortunately, I'm not sure what the precise fix would be in this case, as it is a Windows system issue, and I do not want to damage your system by trying potential fixes that may do more harm than good, so I would recommend first, contacting your company's IT department if they have deployed any policies on your system or made any changes to see if they can reset things to normal for you so that you can determine if Malwarebytes then works properly, or contacting Microsoft Support directly, as they should be able to guide you in the steps necessary to safely repair the problem.

I apologize that we've done all this only to have a possible cause, and no definite solutions for you and I appreciate all the patience you've shown with me, performing every step of every task that I've asked, being courteous and professional the entire time, but I'm just not comfortable with the risk of trying to fix something knowing that I may end up doing more harm to your system than good.

Link to post
Share on other sites

Hello again,

One last thing to check assuming you're still here.

One of my co-workers suggested that you try disabling the Bonjour service (it's installed by iTunes).

  • Click on START and type cmd
  • Once cmd appears in the top of the list under Programs, right-click on it and choose Run as administrator
  • In the command prompt window, type the following and press Enter:
    net stop "bonjour service
  • Once it says that the service has been stopped successfully, type the following and press Enter
    sc config "bonjour service" start= disabled
  • Once it says that it has been configured successfully, rastart your computer and try once more to visit iptest.malwarebytes.org to see if you get a block notification and if the IP block is logged in your most recent protection log

Link to post
Share on other sites

I am still here. I tried disabling the Bonjour service but still no go. I disabled all the non-microsoft services except for Mbam service, but still no go. But I think I took care of the error that you spoke about in the previous post. I dont see that error any more in the logs.

Link to post
Share on other sites

OK, thanks for checking.

One of my co-workers has requested that you open a ticket on our HelpDesk as he wishes to assist you directly.

Please fill out the form, and be sure to make a note requesting the assistance of Ron Lewis. He is one of our top Support techs and has extensive experience with both consumer and corporate environments and issues, so this issue is likely right up his alley.

Link to post
Share on other sites

  • 3 weeks later...
  • 1 year later...

  • i tried the free one which it comes with 30 days of realtime protection and i loved it some time i go to some web site like movie 2k which they try to download and redirect to other web or unwanted pop up the the free malware bytes with realprotection on(within 30 days) it pops up and block the ip adress and give message that block ip # on the top up the page(i still enter to the web but in the backroud web site tries to do something ) but when i purchased the malware bytes and activated the software ,it stopped donig the popup and blocking the ip address and i dont see the warning anymore i like to know is there anyone knows about this issue

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.