New
#21
Well, I attempted both an uninstall from the Windows uninstall box and the Norton uninstall tool and neither worked. I'm now in Safe Mode and neither is working; functioning exactly it did in a regular boot.
Well, I attempted both an uninstall from the Windows uninstall box and the Norton uninstall tool and neither worked. I'm now in Safe Mode and neither is working; functioning exactly it did in a regular boot.
I have never, never known the link I gave to fail.
Try once again, if that fails, then:
Download and run Autoruns.
Do NOT change anything there, no matter how great the temptation.
simply:
File| Save | Save button | then exit
Zip up the resulting autoruns.arn and I will analyze that file.
Autoruns for Windows
If fully uninstalling Norton following Layback and Karl's guidance doesn't solve your problems then I would move on to the Repair Install as a last resort before Clean Reinstall - Factory OEM Windows 7.
We're here to help every step of the way.
Thanks guys, much appreciated. I attempted the tool again and it flickers a dialog box on the screen for a split second and then disappears. Checking the process list, it says it's open but there's no way to access it and the process can't be ended.
AutoRuns Zip attached.
AutoRuns.zip
Edit: I appreciate it, Greg (and everyone else). I've used this site to help with small blips here and there but this was the first time the issue was big enough to make me say "Well crap" and create an account.
Go back into autoruns
This time you will uncheck certain items: Do NOT delete the items.
On the Internet Explorer tab:
Look under the the Publisher column
Uncheck the 3 Symantec entries.
On the Scheduled Tasks tab:
Publisher column,
Uncheck the three Symantec entries.
Under the Drivers tab, you really have some work:
Uncheck the 13 Symantec entries (look under the Publisher column)
close Autoruns and immediately REBOOT!
==================================================
After and ONLY after completing the above:
then
Due to some other entries, I'm going to need you to run WDO.
Follow this procedure precisely:
HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.
Download Windows Defender Offline (about 764 kB)
You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows
NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.
You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.
The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe
For the curious, this program was originally name Microsoft Standalone System Sweeper.
INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.
UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).
Since the malware database is sometimes updated several times in a day, always update before running.
PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives
The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.
RESULTS OF THE SCAN
The results will be in 4 log files on your computer's disk in:
=================================================
Here is how to upload the results from WDO.
======================================Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
# and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# **********************INSTRUCTIONS**************************
# STEP 1 *****************************************************
# RUN PowerShell as administrator
# START ORB | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 *****************************************************
# COPY, using CTRL+C, every line down thru both EXIT statements
# PASTE into Powershell == Right-Click at the PowerShell Prompt
# (Ctrl+V does not work)
# Start copying with first line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
# Lines starting with a # are ignored by PowerShell
# ************************************************************
#functions
function New-Zip {
param([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
[String] $Path, [Switch] $PassThru, [Switch] $Force )
Process { if (Test-Path $path) {if (-not $Force) { return } }
Set-Content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
$item = Get-Item $path; $item.IsReadOnly = $false;if ($passThru) { $item } } }
function Copy-ToZip {param(
[Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')]
[String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
Begin {$ShellApplication = New-Object -ComObject Shell.Application
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path = Resolve-Path $ZipFile
$ZipPackage =$ShellApplication.Namespace("$Path")}
Process {$RealFile = Get-Item $File; if (-not $RealFile) { return }
if (-not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc = 0 }
Write-Progress "Copying to $ZipFile" $RealFile.FullName -PercentComplete $perc}
$Flags = 0; if ($force) {$flags = 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
$ZipPackage.CopyHere($realFile.Fullname, $flags);Start-Sleep -Milliseconds 500}}
$fileinfo = join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir = $env:windir + '\Microsoft Antimalware\Support'
$a = dir $dir -rec -force -ea:silentlycontinue | sort-object -property lastwritetime
$b = $a | where {$_.extension -eq '.log'} |Select mode, fullname, name, creationtime, lastwritetime, lastaccesstime, length, extension
$b | out-file -append $fileinfo
$b | foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo
$ziploc = $env:userprofile + '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy-tozip $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo
EXIT
EXIT
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
# Get-WinEvent: The system can not find the path specified
# you need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
# Run PowerShell
# enter $host.version
# you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2 0 -1 -1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
# Run PowerShell
# enter Set-ExecutionPolicy -executionpolicy remotesigned
#
# ************************************************************
=======================================
After and ONLY after receiving the file generated there, can I proceed.
Internet Explorer tab unchecks perfectly but when I click on Scheduled Tasks tab, it has an hourglass and displays nothing. After a reboot, tabs can't be unchecked until I refresh at which point it does the same thing all over again. Twice it has locked up, no tabs clickable, no windows "program has stopped responding" box or anything.
Edit: Would sorting through the "Everything" tab hold all the same entries? I've got no problem going down through one by one and finding them all if that will work.
FlawedHero,
Since you can not carry out that procedure,
then my final recommendation is to carry out the recommendations of GregRocker is post #23.
Have a nice day.
karl
Thanks karlsnooks, I appreciate all the advice and thanks to everyone else for all the assistance. And now for the reinstall...
Edit: Also, sticking with a Nortonless setup, just to be safe.