Running NRT (Norton Removal Tool) killed Win XP

Like most organizations, we have a computer on just about every desk - with only a couple of exceptions, they're all WinXP Pro. I don't think the janitor has one, and the County Judge - being a lawyer - scrupulously avoids having a computer anywhere near her office. But nearly everyone else has a computer. And - I fear, like most organizations - most of the users spend a significant portion of their "work" day diddling around on internet web sites - shopping, finding videos or music to watch or listen to - we have youtube, facebook, and myspace filtered out, but there are plenty of video and audio feeds still available.

Of course, besides chewing up the bandwidth, this also provides lots of opportunities for viral software infections... and of course some of those opportunities bear poison fruit. I tell them regularly the parable of the burglar bars and the dead-bolted doors, and how they don't help a whole lot if you open the door and invite the burglars into your house because they have a present for you... but it doesn't seem to sink in all the way.

One of the people called the other day and said she couldn't get on the internet anymore, because when she started IE it would give her an error message about an "unhandled exception" and all she could do was click on that, which didn't do anything... and then a few seconds later another copy of IE would start up, throw the same error... and another, and another, until her computer was frozen. I took a quick look, opined that even Micro$oft wouldn't add "sorry for the inconvinience" to their messages (maybe they do, but I haven't seen any such egregious spelling errors in their messages, and I don't think they're ever "sorry", although they do "apologize", but only in a legal sense, which doesn't mean what most people think it does). So I'm figuring some sort of infectious crud...

I checked it out with the 'net unplugged, and sure enough there were several little processes wanting to access the 'net, so I started following the Major Geeks guides, and began with uninstalling suspect stuff manually, clearing the quarantined files and recycle bin, running ccleaner... I uninstalled a whole bunch of freeze.com screen saver crap, magentic im/email, weatherbug, and various toolbars and browser helpers, which at least stopped the IE "errors" - although she lost all her pretty screen pictures and the puppy quit running out on her screen to yap at her about incoming mail. Cleaned out the old Java code and installed the latest. Then I screwed up and departed from the steps - I noticed her NAV 2006 was way out of date, and thought I'd just go ahead and move her to AVG, which has worked well for me and everyone else whose computers I've updated with it.

So... here's the problem: I downloaded the Norton Removal Tool from Symantec, and ran it. It flapped around for a good bit, and finally announced that it was done and wanted a restart, but suggested turning the Windows Firewall on if it wasn't already on. I went to start/settings. windows firewall and... "Windows cannot open this file: rundll32.exe" - uh-oh. Well, maybe NRT just corrupted the memory pointers, let's go with the reboot - hell, it's unplugged anyway, and I'm sorta doubting that any software is going to jump the air gap... and... after putting up about five icons (actually it put them all up, but only a few get the "real" image) and it starts announcing "Can't find HP Digital Imaging Monitor.lnk", "Can't find Microsoft Office.lnk" and so on.

I look at the link properties - they look fine, pointing to executables mainly, in the PRogram Files directory, and the executables are there. But not only has Windows forgotten how to follow links, it's also forgotten how to start executables. It can't start ccleaner.exe - hell, it can't even start iexplore.exe from the file list.

It does (sort of) start IE from the desktop icon. Actually, what happens is that it starts, asks if I want it to be the default, then pops up two "Installing" windows, which I quickly kill. One of them said something about "Microsoft Small Business"... I don't think I'm going any farther with that, and of course, it can't display the home page since the 'net is unplugged...

At this point, I'm leery of continuing on and trying to d/l the tools called for in the cleaning procedure (SpyBot's already downloaded - I always add it along with AVG, and AVG is also already downloaded and ready to install).

I suppose I can reinstall Windows, but before I do, should I go ahead with the cleaning procedure (if it will even go) or is there something else I might take a look at?

 

Got interrupted as I was posting this... just got back, and checked the directories... sure enough, rundll32.exe is where it should be (in \windows\system32) so... why isn't it being found? Don't mean to bump this, but the "edit" wasn't jumping out at me (is it timed? some are and after 1/2 hour or so, you can't edit any longer), and I figgered someone would ask about the rundll32.exe - whether it was gone or whatever... it's there, looks right size, right date.

 

Still don't know what happened. I gave up and re-installed/repaired Windoze. Had some problems with drivers for the nVidious geForce card, but finally got past that after a considerable amount of screwing around in safe mode (would NOT boot normal mode - froze right at startup). I've always thought NIC and video are the most frequent hardware/software problems... seems that way, anyhow.

Now the only problem I see immediately is that something (probably AVG or SpyBotDest) has decided to not let me use some links in IE (it's not my computer - I very very very rarely use IE) - specifically, I went to the top of MG here and looked for (and found) a link to download UltimateDefrag, but whatever-it-is wouldn't let me click on it successfully... oh, it got the finger and all, but no result from clicking - had to type it into the address field, which went okay, so I'm slightly puzzled. That will need to be fixed and then I think this one is done.