Hi,

Had been using Norton (which was out of date) and free Zone Alarm for a couple of years, but decided to consolidate AV / Firewall into one package as Norton always made the machine slow.

Purchased combined firewall+AntiVirus from ZoneLabs with VISA card.

My Norton elapsed ages ago, but I wanted to renew virus protection in light of web-borne viruses. I use MessageLabs for email, so there’s no danger of getting infected that way.

Prior to installing combined ZL Anti + Firewall, Norton and Free ZoneAlarm were uninstalled, and reg-edit was run to remove their keys.

Now I can’t get the new ZoneLabs AV + firewall (or the Free ZL Firewall to install), it just stops in its tracks after a few boxes flash across screen.

The Task manager started flickering between 34 and 35 processes, one process was registering and going away. Removed ZA from registry and the processes have stabilised without one popping in and out.

Went back to ZoneLabs and re-downloaded software, still got same problem.

Have installed free anti-virus software for time being from H-BEDV Antivir, and 30 day trial of Kerio.

Am running WIN2000 SP4 (does everything but sit up and beg). It’s annoying to think I spent cash on the combined ZA package if I can’t use it. I do wonder if there was some kind of clash when I installed ZL anti-virus after Norton / Symantec???

Also, more worryingly, when I go to the ADD / REMOVE program in SETTINGS, only a few programs register, yet there are numerous programs on the pc, and I am also unable to remove or change any program as the CHANGE / REMOVE tab is grey-ed out.

Am wondering if reg-edit removed something, but I’m cautious using it and doubt that.

Would dearly love to move over to Linux, but can’t figure out how I would keep my IE favourites, Outlook files, or certain software I’ve become accustomed to. Maybe a dual-boot system is in order to smooth the transition.

Any advice to salvage win2k for a few weeks would be very gratefully received - changing OS at the moment is not something I have time for.

I hope this makes sense, it's late and I'm a tad pi$$ed off.

Thanks

Sorry, can't help with your problem 'cos I don't know Win2K.

But I can recommend MEPIS linux http://mepis.com/
Warren Woodford has crafted a superb Linux distro
Put together by one guy rather than a committee.

Very very nice.

$9.95

Hi WG774,

Please download 'Hijack This!' from here (http://www.thespykiller.co.uk/), unzip, and place it in it’s own folder, (not in the temp folder, or on the desktop) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.

This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.

Cheers

Liam

Thank-you very much for the assistance, log file below:


Logfile of HijackThis v1.98.2
Scan saved at 09:01:27, on 20/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Zoom\CnxDslTb.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINDOWS\system32\internat.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\administrator\Desktop\HIJACK THIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://minisearch.startnow.com/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Zoom\CnxDslTb.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Justin"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE38AFE3-4FEC-4A65-9ABB-13697C87889D}: NameServer = 158.152.1.43 158.152.1.58

WG774,

It looks like you are running the StartNow.HyperBar. I would suggest getting rid of it.

Here are the things we want HJT! to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://minisearch.startnow.com/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

That was only a quick check. I did not notice much else.

I would recommend switching to Ad-Aware for Spyware, and Zone Alarm for your Firewall. As for popup blockers, I would not use them since they usually mask potential problems on your computer.

Take Care,

Richard

P.S. I am sure Liam will have more for you to do.

Have removed processes as instructed.

Can't help wondering if one of the processes still running is Norton-related, which could be stopping the installation of ZA??

Still don't get the full complement of programs appear in the ADD / REMOVE icons, not sure why?

Many Thanks :ok: