Norton Crashes/Malwarebytes Will Not Open

fipj · Feb 18, 2013

Hello,

I recently began experiencing an issue where Norton 360 automatically closed due to a 'framework error' and I could not reopen it without rebooting. After rebooting it would start up, but then would shortly shut down again.

Today, I tried uninstalling/re-installing Norton and during both it would crash (eventually the uninstall was successful), but now cannot re-install. When attempting the reinstall I received the following:

Problem signature:
Problem Event Name: APPCRASH
Application Name: N360-UPGRADE-ESD-NoDefs-20-2-1-22-EN.exe
Application Version: 20.2.1.22
Application Timestamp: 50bfcbce
Fault Module Name: convNAME.dll
Fault Module Version: 3.3.7.6
Fault Module Timestamp: 510f9348
Exception Code: c0000005
Exception Offset: 00005722
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033
Additional Information 1: d03b
Additional Information 2: d03b73f0371cbb1bc480ebb851f35bcf
Additional Information 3: c4d9
Additional Information 4: c4d9c20095de1d5d9642a3f0c237fd15

At first I thought it was a Norton issue. I then decided to check to make sure that something had not latched onto my computer and tried running SuperAntiSpyware which ran, but detected nothing of concern. I then tried to run Malwarebytes and when I tried to open the application I received the error "This program is blocked by group policy. For more information, contact your system administrator."

It now appears that this goes beyond just Norton, and at this point, I am not sure if this is a malware issue or related to something else. I am hoping you can give me some insight to this issue or point me in the right direction if I am not in the correct forum.

Thanks,
fipj

TimW · Feb 19, 2013

If you want us to check your system for malware, please do the following:

READ & RUN ME FIRST. Malware Removal Guide

fipj · Feb 20, 2013

I am getting hung up on the following part of step 3 of the Malware Removal Guide:

Malwarebytes Anti-Malware Instructions
Please carefully follow the instructions in the below link to most effectively run it and obtain a log:
Using Malwarebytes Anti-Malware

I tried twice to follow this part of the step and both times my PC shut down suddenly once the install started. I saved the Malwarebytes download .exe file to my desktop and then when running the .exe file the install was set to save to my C: drive. I had previously downloaded Malwarebytes over a year ago and still currently have it installed on my PC (just can't open the current one installed), so I don't know if that has any impact or not.

I am attaching all other logs that I was able to obtain.

Thanks

TimW · Feb 21, 2013

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : Windows Live (rundll32 "C:\Users\Jason\AppData\Local\Yahoo\Windows Live\genroiz.dll",DllRegisterServerW) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : Windows Live (rundll32 "C:\Users\Jason\AppData\Local\Yahoo\Windows Live\genroiz.dll",DllRegisterServerW) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3840228865-3584001021-3375449824-1001_Classes[...]\Run : Windows Live (rundll32 "C:\Users\Jason\AppData\Local\Yahoo\Windows Live\genroiz.dll",DllRegisterServerW) [x] -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Do not reboot your computer yet.

Now re-run Hitman and have it delete all those PUP's.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now re-boot.

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Now reboot again and re-scan with both RogueKiller and Hitman and attach those logs as well.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

Then attach the below logs:
* C:\MGlogs.zip

Make sure you tell me how things are working now!

fipj · Feb 22, 2013

I got up to running the Junk Removal Tool and have attempted to run twice. Once overnight (approx. 10 hours) and the second time for a couple hours. It indicates "Creating a registry backup", but has not moved past that step. I should not have any protection software that would be blocking it as I initially uninstalled Norton when the issue first began and I have been unable to reinstall it. Does this length of time for the run time sound correct? Should I just continue to let it run?

Thanks

TimW · Feb 22, 2013

If it is still running, abort it. Get me the new logs from RogueKiller, Hitman and C:\MGLogs.zip.

fipj · Feb 24, 2013

Please see attached logs for the following:

RogueKiller
Hitman
C:\MGtools\GetLogs.bat

I am currently still unable to reinstall Norton 360, open Malwarebytes and am receiving another APPCRASH error for an audio application. I am also attaching the errors I am receiving for those applications in case they are also needed.

Thanks

chaslang · Feb 24, 2013

Uninstall the below software:
Coupon Printer for Windows
Java(TM) 6 Update 29

Now install the current version of Sun Java from: Sun Java Runtime Environment

Please download OTM by Old Timer and save it to your Desktop.

Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).

Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box
Code:
:Processes
explorer.exe


:Files
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils
C:\Program Files (x86)\Babylon
C:\Users\Jason\AppData\LocalLow\BabylonToolbar\BabylonToolbar
C:\Users\Jason\AppData\LocalLow\BabylonToolbar
C:\windows\TEMP\*.*
C:\Users\Jason\AppData\Local\Temp\*.*


:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{461fc775-35b6-4d0b-9ff3-af280bfaba83}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\s]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
[-HKEY_USERS\S-1-5-21-3840228865-3584001021-3375449824-1001\Software\Softonic]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
) and choose Paste.

Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.

If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

the C:\_OTM\MovedFiles log

C:\MGlogs.zip

Make sure you tell me how things are working now!

fipj · Feb 25, 2013

Attached are the requested logs. After completing the latest requested steps I rebooted and retried the erroring applications described in my 2/24/13 post. Unfortunately, the same issues are still present.

Thanks

chaslang · Feb 25, 2013

Why are you reinstalling Norton? Per your logs it is already installed. Also you have Authentium Antivirus installed and you should never have more than one antivirus installed.

My recommendation is as follows.

Uninstall Norton 360 and Norton Utilities 15

Uninstall Authentium Antivirus - if you don't see it, don't worry the below will manually remove leftovers.

Uninstall Malwarebytes

Please run the below.

Norton Removal Tool (SymNRT)

Reboot your PC

Run OTM.exe (on your Desktop) by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).

Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).

Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box
Code:
:Processes
explorer.exe

:Services
DiskDoctorService
N360
SpeedDiskService
vseamps 
vsedsps
vseqrts

:Files
C:\Program Files\Common Files\Authentium
C:\ProgramData\Norton
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Norton 360
C:\Program Files (x86)\NortonInstaller
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Common Files\Symantec Shared

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DD662A0C-12FE-4b38-BA53-247F7EC82F46}"=-
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
) and choose Paste.

Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.

If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)

Now select the Start Repairs tab.

The click the Start button.

Create a System Restore point if prompted.

On the next screen, click the Unselect All button to first deselect all repairs.

Now select the following repair options:

Reset Registry Permissions

Reset File Permissions

Register System Files

Repair WMI

Remove Policies Set By Infections

Repair Windows Updates

Set Windows Services To Default Startup

Now on the lower right side check the box to Restart/Shutdown System When Finished

Then make sure the Restart System radio button is enabled.

Shutdown any other programs that you are running now before continuing.

Now click the Start button.

Be patient while the tool repairs the selected items.

It should reboot automatically when finished.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

the C:\_OTM\MovedFiles log

C:\MGlogs.zip

Make sure you tell me how things are working now!

DO NOT attempt to reinstall Norton or Malwarebytes yet. First I want to make sure everything was cleaned up.

The problems with your audio card and any addition software issues, may need to be worked in the Software Forum where non-malware issues are more appropriate.

fipj · Feb 26, 2013

Hello,

Norton 360 had been attempting to initialize each time I restarted my PC. It then would ask for me to “Agree and Install” and when I attempt to install it would crash. I was not aware that Authentium Antivirus was loaded as I did not see it in my program list. I was unable to uninstall Norton 360 through Control Panel/Programs and Features as it crashed again when I attempt to do so, but it appears that the Norton uninstall link you provided took care of it.

When attempting to uninstall Malwarebytes through Control Panel/Programs and Features I received the following error message “You do not have sufficient access to uninstall Malwarebytes Anti-Malware version 1.70.0.1100. Please contact your system administrator.” My profile is setup as the administrator for my PC, so I am not sure why this error is occurring. I also tried to uninstall again after completing all of the latest steps outlined and still received the error message.

After rebooting following running the Windows Repair I also still received the "VIA HD Audio CPL has stopped working" APPCRASH error.

Latest logs are attached.

Thanks

chaslang · Feb 27, 2013

fipj said: ↑

After rebooting following running the Windows Repair I also still received the "VIA HD Audio CPL has stopped working" APPCRASH error.
Click to expand...

You will have to post about this in the Software Forum or the Hardware Forum.

In fact your permissions issues may also have to be addressed in the Software Forum. This seems to be a frequent issue with Vista and Win7. There hundreds/thousands of complaints on the internet where people run into problem with permissions with these versions of Windows. I don't know of any standard generic fix other than reinstall. However try the below.

Boot into safe boot mode and re-run the Windows Repair program. Then see if you can uninstall Malwarebytes.

fipj · Feb 27, 2013

Sorry, I originally missed your suggestion from a prior post about submitting the audio issue question under another forum. I will submit that question in another forum per your recommendation.

I was able to boot into safe mode, re-run the Windows Repair program and then uninstall Malwarebytes. I wasn’t sure if I needed to run MGtools again, but went ahead and did so and have attached the latest log. At this point do you think it is now ok to try and reinstall Norton 360 and Malwarebytes?

I also noticed that when I had run HitmanPro that the first message references a missing file that may cause an error at startup and has an option to repair. I do receive a missing .dll file error message at start up. Would having Hitman make this repair correct this error message? I have attached a screenprint of Hitman referencing the error and the .dll file error received at start up.

Thanks

chaslang · Feb 28, 2013

fipj said: ↑

At this point do you think it is now ok to try and reinstall Norton 360 and Malwarebytes?
Click to expand...

You can give them a try and see what happens but again, none of this seems to be malware related.

fipj said: ↑

I also noticed that when I had run HitmanPro that the first message references a missing file that may cause an error at startup and has an option to repair.
Click to expand...

Not sure why you get this. I don't even see OpenOffice installed. Do you have OpenOffice installed? I tend to doubt Hitman Pro could fix this unless a spare copy of the file is around and the program would have to still be installed to begin with. Again this is also a non-malware issue.

fipj said: ↑

I do receive a missing .dll file error message at start up.
Click to expand...

This is also not a malware problem. This is from your Seagate Dashboard software that you may have to reinstall.

Log in or Sign up

Norton Crashes/Malwarebytes Will Not Open

fipj Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

fipj Private E-2

Attached Files:

RKreport[1]_S_02202013_02d1926.txt

TDSSKiller._02.20.2013_log.txt

HitmanPro_20130220_2024.log

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

fipj Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

fipj Private E-2

Attached Files:

RKreport[2]_S_02242013_02d1747.txt

HitmanPro_20130224_1847.log

MGlogs.zip

Errors.doc

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

fipj Private E-2

Attached Files:

02252013_151736.log

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

fipj Private E-2

Attached Files:

02262013_080429.log

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

fipj Private E-2

Attached Files:

MGlogs.zip

Hitman Repair Error.zip

HipServAgent-System Error.doc

chaslang MajorGeeks Admin - Master Malware Expert Staff Member