Bobbye
Posts: 16,313 +36
Well, sometimes it's the simple things that work best! HJT shows several Norton/Symantec processes still on the system, including several Services. So either you idn't run the Norton Removal or it didn't complete.
Most of the Norton entries show 'file missing', but one entry does not show that and when it runs, it causes the reboot. This would only be in Normal Mode so that makes sense. So we need to remove ALL of the Norton processes including the Services: I can do that with script, but first let's just stop then and see if this is the cause. The entry below in Red is what I think is causing the reboots.
-------------------------------
Please reopen HijackThis to 'do system scan only.' Check each of the following if present: (you may not find all of the entries- that's okay)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (file missing)
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Close all Windows except HijackThis and click on "Fix Checked."
=================================
Since you are already in Safe Mode, go right into this:
Click on Start> Rum> type in msconfig> Enter> Selective Startup> Startup tab> Uncheck ALL Symantec processes. If you are not sure of the entry, hold eft mouse buton down on top frame at the dividing line between 'Command' and 'Location' and move to the right to expand the Command column.
Close when finished.
--------------------------------------------
Now click on Start> Run> type in services.msc> Enter> Double click to open each of the Services below> Change Startup type to Disabled> Stop the Service
Symantec Event Manager
Symantec Settings Manager
CLTNetCnService
Symantec Core LC
COM Host
LiveUpdate or LuComServer_3_4
LiveUpdate Notice or ccSvcHst.exe
Exit Services:
=====================================
See if you can reboot into Normal Mode.
NOTE- you will get a nag message when you reboot because of the msconfig removal. Ignore the message, click 'don't show this message again. Stay in Selective Startup'
Let me know.
Most of the Norton entries show 'file missing', but one entry does not show that and when it runs, it causes the reboot. This would only be in Normal Mode so that makes sense. So we need to remove ALL of the Norton processes including the Services: I can do that with script, but first let's just stop then and see if this is the cause. The entry below in Red is what I think is causing the reboots.
-------------------------------
Please reopen HijackThis to 'do system scan only.' Check each of the following if present: (you may not find all of the entries- that's okay)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (file missing)
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Close all Windows except HijackThis and click on "Fix Checked."
=================================
Since you are already in Safe Mode, go right into this:
Click on Start> Rum> type in msconfig> Enter> Selective Startup> Startup tab> Uncheck ALL Symantec processes. If you are not sure of the entry, hold eft mouse buton down on top frame at the dividing line between 'Command' and 'Location' and move to the right to expand the Command column.
Close when finished.
--------------------------------------------
Now click on Start> Run> type in services.msc> Enter> Double click to open each of the Services below> Change Startup type to Disabled> Stop the Service
Symantec Event Manager
Symantec Settings Manager
CLTNetCnService
Symantec Core LC
COM Host
LiveUpdate or LuComServer_3_4
LiveUpdate Notice or ccSvcHst.exe
Exit Services:
=====================================
See if you can reboot into Normal Mode.
NOTE- you will get a nag message when you reboot because of the msconfig removal. Ignore the message, click 'don't show this message again. Stay in Selective Startup'
Let me know.