Yet another PC won't start thread

I’ve been trying to help colleague at work with her PC which won’t start properly.

The PC is an Acer Aspire T510 (AMD Sempron) with XP Home Edition, SP2, and Norton / Symantec PC security suite 9.1.

It gets to the login screen just fine, but freezes shortly after you log in. The mouse pointer freezes with an hour-glass beside it, and the PC locks solid. Sometimes you get to see the desktop and then it freezes, but not usually. This happens across all users, both admin and restricted. Waiting does not help.

It loads just fine in Safe Mode, but the wireless adapter software doesn’t work in safe mode with networking. The PC has an onboard NIC but there is no wired connection.

A scan with Malware Bytes picked up the usual adware & tracking cookies, plus there was a registry entry identified as being for Vundo, but Vundo did not appear to be present, and the behaviour is not consistent with Vundo anyway.

The initial line of investigation was some software her bank’s website had asked her to download - always a red flag - but we talked to the bank and it was legit and the software failed to install anyway.

There is nothing useful in the Event Viewer - the only red entries are when I boot into Safe Mode and from those that fail in Safe Mode (e.g. DCOM)

I’ve scanned through the HDD visually and nothing immediately stood out. There’s plenty of HDD space. I’ve done a CHKDSK.

I tried two system restores - one to a week ago, and another to 3 weeks ago - without success. I did a virus scan after each, of course, re-removing the errant registry entries.

I’ve been thoroughly through disabling startup items in MSConfig. I’ve tried disabling Symantec via Computer Administration, Services. I’ve tried disabling the network cards in Device Manager.

I’ve tried creating a new user, with no success.

I tried to remove Symantec but it will not allow uninstallation in Safe Mode, and my removal tool cannot cope with the latest version.

She has no backup, so I’ve recommended she purchase a USB drive and do a backup from Safe Mode.

All that took me 3 hours.

I can’t help feeling I’m missing something very simple.

If you have disabled everything in the start up folder, it sounds like it is Norton.

What removal tool are you using?

I’m not sure it’s Norton. I disabled all the Norton / Symantec services with no effect. I just wanted to try it as I’ve had bad experiences with it in the past. I tried using the Symantec removal tool when the uninstall failed.

What happened when you ran the Symantec removal tool?

The tool said that it had expired.

Download a fresh copy

Well yes, but that’s a little hard to do when you’re on site with no internet connection.

Are you saying it expires if you try to download it elsewhere, and bring it back? That sucks. Perhaps, if you have a laptop with an Ethernet port, you can connect it to the wireless network and share that connection over the wire (which should work in safe mode).

It seems rather stupid that the removal tool does not run in safe mode. The point of the tool is that Norton screwed up, and, since it runs at startup, that can mean it borked the computer.

No. I was at her home, and there was no other computer with which to download anything.

We’re getting very caught up on the Norton issue, and I’m not sure it’s relevant. I included it as one of the things that I tried to do for completeness.

All I can offer is my opinion. In my opinion, the prime suspect is Norton. I wouldn’t waste a lot of time chasing down other possibilites until Norton has been successfully removed. Just stopping the Norton services is not enough to ensure that Norton is not causing the problem.