Norton won't update, can't log into WLM

While in WLM chatting multiple message boxes popped up and I closed them only to be kicked out of WLM. Could not log into WLM got service unavailable error. Norton toolbar icon went red x, opened Norton, revealed Norton at risk attempted to use FIX IT NOW (definitions out of date), but despite update finishing, error persisted (latest update stated less than one minute, but still states definitions were out of date).

Attempted to use SKYPE, allowed to log in, however, someone I was talking to on the phone and knew to be online on SKYPE was shown as offline, and my messages did not go through. He attempted to send me some SKYPE messages and he said they bounced.

I ran Norton remove and reinstall, it fixed the problem for a few minutes, only for the problem to reoccur after I rebooted.

I have followed the read and run me first instruction, but the problems still persist. I have attached logs.

My computer think it's June, that's why the log dates are wrong. Aslo, I could only attach 4 files, I will attach the MGTOOLS log in the next post.

 

MGTools log

 

Welcome to MajorGeeks, WOPR1

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• Ad-Aware
• Bing Rewards Client Installer
• Coupon Printer for Windows
• Norton Internet Security (re-run the Norton Removal Tool too)
• Spybot - Search & Destroy

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

http://img684.imageshack.us/img684/6489/aswmbr.gif Please download aswMBR to your desktop.

• Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
• Select Yes when asked "Would you like to download latest Avast! virus definitions?"
• Click the [Scan] button.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]Collect::[4][/COLOR]
C:\Documents and Settings\THE BOSS\Local Settings\Application Data\aefdhb4f6rpj8dih7lxn3t445l0k
[COLOR="DarkRed"]DDS::[/COLOR]
uInternet Connection Wizard,ShellNext = hxxp://www.bitdefender.com/site/MyAccount/newAccount/
[COLOR="DarkRed"]Driver::[/COLOR]
aawservice
[COLOR="DarkRed"]File::[/COLOR]
C:\Documents and Settings\THE BOSS\Templates\aefdhb4f6rpj8dih7lxn3t445l0k
[COLOR="DarkRed"]Folder::[/COLOR]
C\WINDOWS\$NtUninstallKB18848$
C:\Program Files\Lavasoft
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[COLOR="DarkRed"]Suspect::[137][/COLOR]
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir_

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Hold off on installing Norton. Just attach the logs requested above and let me know how the system is running at this point.

 

Sorry this took so long - ran the programs you requested, and here are the logs you asked for. I don't have regular access to this computer; that's why I wasn't able to do this sooner.

 

No problem.
However, you missed a couple of steps:

1. The updated MGlogs.zip
2. Telling me how the computer is working now

The other logs are clean.

 

Ran MGTools, will attach logs. Windows Live Messenger is still behaving oddly - repair states that the hosts file has some entries in it preventing it from functioning properly and says something about key ports, but won't repair it. I cleared out all the hosts files, it stopped whining about hosts files but kept saying key ports are bunged up and won't repair it. I've isolated the hosts file problem to an entry in 'hosts.msn,' but all that's in it is entries by spybot search & destroy's immunization feature. This suggests that Windows Live Messenger's been hijacked to redirect to a malicious server.

I can't test Skype at this time, but the person I was talking to before isolated an issue with Skype on his end last week, so it may have been a coincidence and a non-issue on my end.

Any tips? Should I reinstall Norton? Should I uninstall and reinstall Windows Live Messenger? Anything suspicious in the MGTools log? Any idea how I can fix the key ports issue?

Also, I uninstalled 'HP Smart Web Printing' because it was popping up a windows installer thing whenever I tried opening My Computer. Not anything of note related to this, but thought you should know in case that impacts anything.

 

I would try this. At the very least, see if the problem goes away once you have uninstalled both Norton and Windows Live Messenger.

Your MGlogs.zip is clean. I'm not sure what you mean by "key ports". Is this a message being given from Windows Live Messenger?

No problem. Thanks for letting me know.

It does not sound like malware is responsible for your computer problems anymore. I would recommend seeking additional advice in the Software forum.

Good luck!

__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

Hello. Thank you for your help.

Allow me to clarify my concerns a bit

If you can't connect to Windows Live Messenger, you are given the option to 'repair.' This usually fixes any problems with your configuration.

I attempted this, and it said that some entries in my hosts file, as well as some 'key ports,' were misconfigured.

The only entries in the applicable hosts file are ones blocking illegitimate malware-propagating websites, having been automatically configured by Spybot Search & Destroy's 'Immunization' feature.

The repair feature fixed neither of the issues, and since the Windows Live Messenger repair choked on a hosts file configured to block malware, I am wondering if something actually modified the installation of Windows Live Messenger.

I will attach the 'offending' hosts file. I had to rename it to 'hosts.txt' for it to upload - the original filename was 'hosts.msn'.

To clarify another point, if I uninstall Windows Live Messenger, like you requested, that would mean neither of the problems that I have noticed would be able to be tested, since they were problems with, well, Norton and Windows Live Messenger. Do you mean you want me to uninstall Windows Live Messenger and then reinstall them both?

 

This is the hosts file that should be attached:

Code:

"C:\WINDOWS\system32\drivers\etc\"
hosts         [B][COLOR="Red"]Jul 10 2012[/COLOR][/B]          27  "hosts"

However, this brings up a concern and maybe is the problem. Your system is a month ahead of the current time. See below:

Code:

Windows OS is  

Microsoft Windows XP [Version 5.1.2600]
It's Mon [B][COLOR="Red"]July 16, 2012[/COLOR][/B]  05:56:44 PM

Try changing the system to June 16th and let me know if the problem persists.

I'm not very familiar with Windows Live Messenger. You can probably get better help on this in the Software forum.

 

Ah- HA! that was it! Thanks for the help! Norton's working fine now too. Clean bill of health.

Thanks for the help - this is a computer used to connect to a hospital VPN, and as a result has some sensitive information on it. You can guess from there why I'm a bit on-edge about it being secured. HIPAA and all that.

 

It's no problem. I'm glad to hear that fixed it.