Jump to content

Community.Intuit.com DNS issues


Recommended Posts

I have Windows7 x64 and MBAM 2.2.1.1043 and if I have Malicious Website Protection enabled then when I go to community.intuit.com I get  community.intuit.com’s server DNS address could not be found.  in Google Chrome. If I try Firefox I get Firefox can't find the server at community.intuit.com. If I disable Malicious Website Protection I have no issues.  I tried using the  mbam-clean-2.2.2.7.exe  and doing a reinstall after a reboot with the same issue.

 

 

Link to post
Share on other sites

Hello and Welcome!

This may be a false positive and you can report it in the False Positives Section

https://community.intuit.com/quickbooks-online

If the site above is what your trying to get to, I can do it fine with my version of Malwarebytes that is completely updated.

Can you post your protection log for review where its showing the blocks?

We would need more info on the system....

Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs
(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Thank You,

Firefox

Link to post
Share on other sites

The issue is that MBAM is not showing anything in its logs nor is it popping up any alert boxes. Adding Intuit.com or community.intuit.com to MBAM whitelist does nothing to fix the problem. Only fix is if I disable MBAM Malicious Website option

Link to post
Share on other sites

I already contacted Helpdesk they looked at my log files found no blockage being reported. I am seeing no popup message yet when MBam is installed and Malicious Website blocking is enabled DNS lookups fail in all 4 different browsers here on this one particular computer. Helpdesk said " I’ll check with our team but not likely this issue is from our blocking " that was about a week ago and I am still waiting.

Link to post
Share on other sites

There is no problem with DNS lookups for intuit.com. I have done several MBAM scans and virus scans and found nothing. Other websites have no such issue although there may be other affected sites but I have yet to come across them.

Edited by frozen
Link to post
Share on other sites

  • Root Admin

Hi @frozen

I understand - just want to take a look with you and see if we can track down why it's being blocked by MBMA if possible. If you have time or desire to let me work with you on the issue that would be great, otherwise all I can suggest would be to disable our web blocking mechanism and use the one from your antivirus.

Thanks again

Ron

 

Link to post
Share on other sites

I would prefer to get this fixed as past experience has shown one software will block some websites while the other software will not and vice versa. I just don't want multiple people involved in trying to fix this issue and duplicating the efforts.

Link to post
Share on other sites

  • Root Admin

Okay sounds good. I'll move your post to the Malware Removal section where others are not allowed to post.

Please let me get a new set of FRST logs and run the following for me as well.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Make sure you place a check mark in the Additions check box to get a new log for that as well.

 

Next,

 

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post


Next,

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.


Thanks

 

 

Link to post
Share on other sites

  • Root Admin

Did you create these ADS entries yourself?

 

AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_d [14]
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e [16]
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e2 [84]
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_d [14]
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e [16]
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e2 [84]
AlternateDataStreams: C:\ProgramData\TEMP:44EAFCDF [262]
AlternateDataStreams: C:\Users\gregg\Cookies:3TZfEPru8mf4iejIJQRUHw5Hyvx [2690]
AlternateDataStreams: C:\Users\gregg\Cookies:KJllOSPvQuMwmPuGlYlx [2396]
AlternateDataStreams: C:\Users\gregg\AppData\Local\Temp:9FN6KQ5wI2FCbf8P34 [2420]
AlternateDataStreams: C:\Users\gregg\AppData\Local\Temp:Sfz8GXBYKxD2L4YyC0b9sE [2740]
AlternateDataStreams: C:\Users\gregg\AppData\Local\Temporary Internet Files:UJ3FVCWPjLa38LVCh [2502]

 

You have a lot of software and networking software installed that could possibly be conflicting with each other. There are errors that we need to work on fixing as we..

 

Error: (06/27/2016 01:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.23.85.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Error: (06/21/2016 12:02:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DllHost.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Error: (06/19/2016 10:00:13 AM) (Source: NetBalancer 9.1.2) (EventID: 0) (User: )
Description: This version of NetBalancer is outdated, please download a new one from our website.

Error: (06/18/2016 06:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(40:d3:2d:76:11:8f@fe80::42d3:2dff:fe76:118f._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

System errors:
=============
Error: (06/28/2016 02:59:19 PM) (Source: SbieDrv) (EventID: 1412) (User: )
Description: SBIE1412 In text: [Temp] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%

Error: (06/28/2016 02:59:19 PM) (Source: SbieDrv) (EventID: 1406) (User: )
Description: SBIE1406 Missing or invalid expansion for SystemDrive:  [C0000189]

CodeIntegrity:
===================================
  Date: 2016-03-17 09:21:18.011
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 


Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Device ID: ACPI\PNP0303\4&17DB1A3&0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

You're running CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)  which is/was a good idea at the time but most of the newer encryption threats bypass this and its not as successful at blocking as it used to be. For the most part there should not be any issues with using it but very difficult to 100% test it out completly with the millions of possible differences in software and hardware out there. I doubt it is involved in the issue, at least at this point.

 

For our MBAM program these files should be excluded by your firewall
mbampt.exe,mbamscheduler.exe, and mbam.exe should be allowed out through your firewall

This restriction is probably not valid and should be removed in most cases.
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

You're using the Google Public DNS which is good but I would make it the primary and your router the secondary unless you have a dozen computers or more at home you're constantly connecting to for data.
Tcpip\..\Interfaces\{5533B2F9-7891-45FD-BAFC-C332FA9DFBC5}: [NameServer] 192.168.1.1,8.8.8.8

Please work on correcting the above errors as best you can and let me know if you need help with any of them. Then we'll scan again to see where we're at.

Thanks

 

Link to post
Share on other sites

  • Root Admin

Okay, well we'll need to remove them as we continue to clean up issues. Please run a full disk check on your system - if you need to know how please let me know. Then review the other issues listed and try to repair those. I'll check back on you again tomorrow.

Thanks again

 

Link to post
Share on other sites

I uninstalled the following apps:

Netbalancer, Sandboxie, Cryptoprevent, NMap, Remote Utilities Viewer, UltraVNC, Unlocker, Wireshark and WOL Magic Packet Sender.

Did a chkdsk c:/r in an elevated command prompt window and rebooted and let it run. I did not see any errors but did not catch all of the Journal checking it was doing.

I changed the DNS settings around.

 

Regarding excluding those certain MBAM files should not the installation process automatically do that? I am only using the Windows7 firewall here.

Regarding the Google HKLM\Software\Policies would that of been inserted by ADWCleaner or by your Anti-Exploit product? I did not do anything to that registry entry.

Link to post
Share on other sites

  • Root Admin

Didn't necessarily mean for you to uninstall all of that. Just wanted you to be aware you're having issues according to the logs.

I can help you with any adjustments, etc. Please run the FRST scan again and make sure you place a check mark in the Additions check box to get a new log for that too. Then post back both new logs as attachments and I'll take a look how things look now.

Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

Thanks

 

Link to post
Share on other sites

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          6/29/2016 10:52:09 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      GregAMD
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Win7NewInstall.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x22c7a.
  421120 file records processed.                                        
File verification completed.
  1117 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  58 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  521994 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  421120 file SDs/SIDs processed.                                        
CHKDSK is compacting the security descriptor stream
Cleaning up 4428 unused security descriptors.
  50438 data files processed.                                          
CHKDSK is verifying Usn Journal...
  35949504 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  421104 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  10283658 free clusters processed.                                        
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 125293567 KB total disk space.
  83508216 KB in 207712 files.
    122948 KB in 50441 indexes.
         4 KB in bad sectors.
    527763 KB in use by the system.
     65536 KB occupied by the log file.
  41134636 KB available on disk.

      4096 bytes in each allocation unit.
  31323391 total allocation units on disk.
  10283659 allocation units available on disk.

Internal Info:
00 6d 06 00 6b f0 03 00 4a f1 06 00 00 00 00 00  .m..k...J.......
30 03 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  0...:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-06-29T15:52:09.000000000Z" />
    <EventRecordID>124416</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>GregAMD</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is Win7NewInstall.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x22c7a.
  421120 file records processed.                                        
File verification completed.
  1117 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  58 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  521994 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  421120 file SDs/SIDs processed.                                        
CHKDSK is compacting the security descriptor stream
Cleaning up 4428 unused security descriptors.
  50438 data files processed.                                          
CHKDSK is verifying Usn Journal...
  35949504 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  421104 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  10283658 free clusters processed.                                        
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 125293567 KB total disk space.
  83508216 KB in 207712 files.
    122948 KB in 50441 indexes.
         4 KB in bad sectors.
    527763 KB in use by the system.
     65536 KB occupied by the log file.
  41134636 KB available on disk.

      4096 bytes in each allocation unit.
  31323391 total allocation units on disk.
  10283659 allocation units available on disk.

Internal Info:
00 6d 06 00 6b f0 03 00 4a f1 06 00 00 00 00 00  .m..k...J.......
30 03 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  0...:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

Next,

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Thanks

 

Link to post
Share on other sites

I did not reset Chrome since I did that over this weekend and it did not help. The issue wrt community.intuit.com failing DNS lookups is happening in multiple browsers and even at an elevated CMD prompt or when using NSLOOKUP and multiple DNS servers. The issue goes away in all cases when MBAM's Malicious Website Protection is disabled.

Fixlog.txt

Link to post
Share on other sites

I tried doing a tracert from an elevated command prompt out to community.intuit.com after running FRTS and rebooting and no change. It still times out. I turn off malicious website protection and the DNS and subsequent tracert completes

Link to post
Share on other sites

  • Root Admin

Yes, I understand and I believe you that it happens. Just trying to clean up the computer some first to make sure something else is not inferring. 

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

 

Then download Process Monitor from Microsoft

https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

Then extract it to its own folder. Then run as administrator. Then open a browser window to the site and let it fail. Then right click MBAM and disable the web blocker and reload the browser. Then save the Process Monitor file and zip it up and attach on your next reply please.

Thanks

 

Link to post
Share on other sites

  • Root Admin

Yes, I understand and I believe you that it happens. Just trying to clean up the computer some first to make sure something else is not inferring. 

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

 

Then download Process Monitor from Microsoft

https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

Then extract it to its own folder. Then run as administrator. Then open a browser window to the site and let it fail. Then right click MBAM and disable the web blocker and reload the browser. Then save the Process Monitor file and zip it up and attach on your next reply please.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.