[Referring for driver assist] System Check issue

[Bobbye]

Well, sometimes it's the simple things that work best! HJT shows several Norton/Symantec processes still on the system, including several Services. So either you idn't run the Norton Removal or it didn't complete.

Most of the Norton entries show 'file missing', but one entry does not show that and when it runs, it causes the reboot. This would only be in Normal Mode so that makes sense. So we need to remove ALL of the Norton processes including the Services: I can do that with script, but first let's just stop then and see if this is the cause. The entry below in Red is what I think is causing the reboots.
-------------------------------
Please reopen HijackThis to 'do system scan only.' Check each of the following if present: (you may not find all of the entries- that's okay)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (file missing)
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe


Close all Windows except HijackThis and click on "Fix Checked."
=================================
Since you are already in Safe Mode, go right into this:
Click on Start> Rum> type in msconfig> Enter> Selective Startup> Startup tab> Uncheck ALL Symantec processes. If you are not sure of the entry, hold eft mouse buton down on top frame at the dividing line between 'Command' and 'Location' and move to the right to expand the Command column.

Close when finished.
--------------------------------------------
Now click on Start> Run> type in services.msc> Enter> Double click to open each of the Services below> Change Startup type to Disabled> Stop the Service
Symantec Event Manager
Symantec Settings Manager
CLTNetCnService
Symantec Core LC
COM Host
LiveUpdate or LuComServer_3_4
LiveUpdate Notice or ccSvcHst.exe
Exit Services:
=====================================
See if you can reboot into Normal Mode.
NOTE- you will get a nag message when you reboot because of the msconfig removal. Ignore the message, click 'don't show this message again. Stay in Selective Startup'

Let me know.

 

[cbusch]

norton removal

I tried all of the steps listed multiple times with no success. I even ran the norton removal tool again that did not work either. After running msconfig and services.msc and restarting the computer it did go a bit further into start up before it rebooted, but the system still will not load in normal mode
What would you like me to do next?
thanks

 

[cbusch]

I forgot to add that each time I did what was instructed and then restarted everything went back to the way it was before I did the HJThis fixes and disabled everything in msconfig and services.msc

 

[Bobbye]

Please tell me what you did before this started:

The computer will start in normal mode but will then turn off and restart. I was able to enter the system in safe mode but am lost from what to do from here.

I tried all of the steps in your response #11 and could not get them to work so I went onto #12
For some reason the internet will not work on the computer again.
I have run Rkill.com but am not sure if it worked reading the log.

Did it ever work in Normal Mode since we started?

Steps on #11: Did you even try this? What happened?

The only suggestion I have to stop the reboot loop will be limited to whether there are actually some restore points on the system:
Start Windows :

1. Insert the Windows Vista or Windows 7 installation disc in the drive, and then restart the computer.
2. When you are prompted to start from the disc, press any key.
3. When you are prompted, configure the Language to install, Time and currency format, and Keyboard or input method options that you want, and then click Next.
4. On the next page, click Repair your computer.

Select a restore point:

1. On the System Recovery Options page, click the version of the Windows operating system that you want to repair, and then click Next.
2. On the System Recovery Options page, click System Restore.
3. On the System Restore page, click Next.
4. Select a restore point at which you know that the operating system was working, and then click Next.

The restore point should be a date before the first time that you experienced the problem that is described in the "Symptoms" section. To select a date, use the Choose a different restore point option, and then click Next.
5. If you are prompted to specify which disk to restore, select the hard disk on which the operating system is installed, and then click Next.
6 O.n the Confirm your restore point page, click Finish.
7. When the restoration process is complete, click Restart.
(Courtesy Microsoft)

---------------------------------
If you did and there were no restore points, please do the following:

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Last good configuration option when the Windows Advanced Options menu appears, and then press ENTER.

Will this solve the reboot/Normal Mode problem??
=============================
You need to run the system through Error Checking. This may take a while if you don't do it as part of the regular maintenance;

Using Windows Explorer:
Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

Let it complete. System will reboot when finished.

 

[cbusch]

1) Q:What was I doing before this started? "The computer will start in normal mode but will then turn off and restart. I was able to enter the system in safe mode but am lost from what to do from here."

A:I was downloading one of the files instructed to from your post when Internet Security 2012 started to run. The system restarted and this is when it began to go into the reboot loop. I was lost then because I had never had to do anything in safe mode before

2) Q:For some reason the internet will not work on the computer AGAIN.

A: When I first posted the internet would not work on the computer in any mode, you had me go into, I believe, Proxy settings and change some settings and the internet began to work. Then when the computer went into the reboot loop it stopped working in all modes again, I even went into the settings again as instructed but the settings did not need to be changed like before. So I have no access to the internet on the computer

3) Q:"I have run Rkill.com but am not sure if it worked reading the log."

A: In the log for Rkill.com it stated at the end "Processes terminated by Rkill or while it was running:" So I wasn't sure if Rkill was terminated or another program

4) Yes it worked in normal mode for a short period until Internet Security 2012 started to run

5) Yes I tried the steps in #11 but the computer did not come with an instillation disk so I had to do this from the system menu. I used a restore point that was from before I noticed the computer acting up but it did not stop the endless reboot loop.
I did this again today and went back to and even earlier restore point and still have no luck getting the computer to reboot into normal mode, it continues to do an endless reboot.

6)Q:"You need to run the system through Error Checking. This may take a while if you don't do it as part of the regular maintenance;"

A: I tried to do this but don't think it worked because the computer went into the reboot loop. Is my thinking on this correct?

Do I need to reinstall all of the software you have had me download since we began working on the system because I searched for them and did not find any of the actual programs just the logs. Jijackthis, rkill, farbar service scanner, mbam, etc? I used a restore point from 11 days prior to the system acting up

What would you like me to do next?
thanks for all of the help

 

[Bobbye]

A: In the log for Rkill.com it stated at the end "Processes terminated by Rkill or while it was running:" So I wasn't sure if Rkill was terminated or another program

The purpose of RKill is to terminate any processes that are interfering with running the programs> The processes were terminated by RKill.

Do I need to reinstall all of the software you have had me download since we began working on the system because I searched for them and did not find any of the actual programs just the logs. Jijackthis, rkill, farbar service scanner, mbam, etc? I used a restore point from 11 days prior to the system acting up

When you used the system restore point, it didn't have the programs you had downloaded. So essentially, you removed anything we had done after 11 days ago to the present. So basically, you have to start over.
------------------------
Safe Mode shouldn't be 'scary.' It just makes a difference in what runs. The screen looks pale in color and slightly less than sharp> this is because some drivers don't load in Safe Mode or Safe Mode with Networking>>>

FYI:
If a symptom does not reappear when you start in Safe Mode, you can eliminate the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use Safe Mode to remove the device or reverse the change.

Using Safe Mode to determine a basic source of a problem:The choices:

• Safe Mode: Loads the minimum set of device drivers (serial or PS/2 mouse devices, standard keyboards, hard disks, CD-ROM drives, and standard VGA devices)and system services required to start Windows XP/2000/2003.(Event Log, Plug and Play, remote procedure calls (RPCs), and Logical Disk Manager.) User specific startup programs do not run. This is helpful in determining whether problems are due to specific programs.
  
• Safe Mode with Networking: Includes the services and drivers needed for network connectivity. Safe mode with networking enables logging on to the network, logon scripts, security, and Group Policy settings. Nonessential services and startup programs not related to networking do not run. Helpful if needed but should be used with caution as the security programs don't load in this mode.
  
• Safe Mode with Command Prompt: Starts the computer in safe mode, but displays the command prompt rather than the Windows GUI interface.
  
• Last Known Good Configuration, which starts your computer using the registry information that was saved at the last shutdown.

So by using the different options of Safe Mode, you can sometimes determine what the area of problem is- and isn't.

For the same reasons above, we have you do some scans in Safe Mode because we need to prevent some processes from running to allow us to remove malware.
======================================
Since everything we've done has been wiped out, I'd like you to try this option:

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Last Known Good Configuration option when the Windows Advanced Options menu appears, and then press ENTER.

See if this allows you to stay running and not reboot until do want it to.

Let me know.

If this doesn't work, I'm going to have you thread moved to a forum that can help find the drivers that are causing the problem.

 

[cbusch]

last good config point

Thanks for the info it was informative. i did as you wanted but am still not able to boot into normal mode.

 

[Bobbye]

One more question:

What happens when you boot into Normal Mode?

 

[cbusch]

The computer starts like it normally would but when it gets to the windows emblem and windows start up chime it turns off and back on, I have not been able to get past this point in normal mode.

 

[Bobbye]

I'd like you to run the following please. Be sure that the loop is recent, even if you have to force it. Some processes don't start in safe Mode so they aren't of any use to us. Hopefully this will show the Event Error that happens when the startup fails:

You can also check the computer clock when the startup fails and let me know the time. This will help me with the Event Errors.

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 20 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)

 

[cbusch]

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/03/2012 5:34:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[cbusch]

I ran the program and this is what I got, not sure if there should have been more or not. i checked all of the boxes as instructed. the only difference is where you said "Critical ( vista only) I did not have that it said Critical ( not XP )

 

[Bobbye]

Sorry Chris- been sick.

In view of the fact that the system is unstable now and we cannot successfully run the scans, I'd like you to start a new thread in the Windows BSOD forum. Suggest Subject: Caught in reboot loop (or something describing the problem)

The fact that you can run in Safe Mode but loop in Normal Mode suggest a corrupt driver. I don't do the minidumps, but someone there can have you run, then interpret which driver(s) is corrupt. If that handles the problem, send me a PM and we can check to make sure the malware is gone and Services started.

If someone suggest posting here, tell them we've been working but can't complete>>>need driver help.