Port Explorer won't load on my home machine

Wow, a lot to read and its good to see you tried a lot of things Tom. I don't think its a LSPFIX problem mainly because the program doesn't start at all. What I am thinking, is some software which isn't loaded in SAFE MODE is getting loaded in normal mode. Do you run any debuggers, softice or something similar? Port Explorer only does "security" checks before the "enter unlock code" stage, so I am thinking Port Explorer is finding some sort of "break in" attempt in its code.

-Jason-

 

Googled again, see lots of real serious issues with the Nprotect and CleanSweep,
sharing violations created by that, etc,
Can you disable those both and have another try?
See also
here at MS support base
And this dialogue at about the norton xpert xchange
is really handy.
Anyway, like said before disable all that stuff
before installing PE or it might be installed correct
already only maybe can't load because of that norton protection.

 

Hello all,
I have tried turning everything off before the install, running the program with all turned off (although in the real world, I wouldn't want to be "running bare" if connected to the net).
A friend mentioned a possibility of a driver conflict.
I fon't understand the cleansweep entry as I don't have it autoload, in dact rarely use it anymore.
I am not a programmer , just one that admires those capable of writing code... never ran a debugger (or a bugger ;>) )
Would a list of audio/video componants be helpful?
I run all of the programs at work (PE runs there) on the Dell (that also acts as my server in a three machine peer to peer network) that I do at home.
Still in the dark,
Tom

 

Maybe you like to make a hijackthis log from both for yourself, print them out and put the one beside the other.
See if there are files in the home computer which are not on the office computer.
You might see the norton files i mean since the first page of this question.
The driver could be the old CleanSweep driver like symantec says themselves in some support message.
here
That can give problems with the nprotect which on it's turn can give those problems with your registry and prevent proper installing or proper running.
Unfortunately you won't be able to run faber toys and PE in the safe mode to see if everything is properly there then.
But you know now the dll is properly registered in the safe mode.

After your reboot, --you have TDS?-- in the process list or else the taskmanager kill those cleansweep and nprotect things if possible (killing is only for this moment, they are not uninstalled with that) and try PE again.

If you want to see what is really in your autostart, use the AutoStartViewer and don't collaps if you see all those entries!
http://www.diamondcs.com.au/index.php?page=asguard

 

Hi Jooske,
Thanks for the links...
Yes I have TDS-3 (can I be a Beta for 4?).
I killed those processes in task manager, (can I REM keys with a semicolon in the registry, for "temporary changes" ((reboot after taken for granted)))

I'll print out as you suggested and compare the two.

The home machine was compromised by a trojan or similar at one point... I wiped the drive and reloaded windows and STILL seemed to have problems, which began my self education into security aspects of computing.
Eventually I wound up pulling the battery and allowing CMOS to "mind-wipe" and re-installing all again.
TDS, the Cleaner, Tauscan are all registered programs I bought and keep up dated, none have found anything from the "Dark Side" but I still wonder

Perhaps something on the hard drive or nonvolatile RAM persisted? (or I could simply be being paranoid.)
Tom

 

Not sure about possibilities in the registry, that's for others to tell about.

Was just thinking about the MSCONFIG
Did you look at that and can you from there disable those nprotect and cleansweeper, reboot and see how PE behaves then?
This way you could if you like try to disable more from startup, but a few you really do need as you know, so don't kill them all! (like the mouse for instance )
Maybe you have the same result killing them via TDS processes, but there might be more hidden in the background starting which is not shown there, like the AutostartViewer could unveil and which in fact should be visible in your hijackthis log several pages back too. Inthere didn't show nothing suspicious, only the possibilitiy of that registry protection with norton / nprotect / maybe a cleansweepdriver, as you said it is an older one ......


Do you remember which infection you had? Did you reformat the hd and wipe afterwards too?
Flashing the cmos.. hmm i leave that to the guys who know.
Did you try at reboot going into the bios and reset the cmos and maybe default bios settings? Might help too.
Before you do i would advise to note down how it is and how it looks with changes so you know what to try if it's not like you want it.

Are you sure all those Norton parts are working ok? Would not immediately advice to uninstall them as they go really deep all through your system, but in case these might have a problem there could be a reason to uninstal and reinstall them properly, but again, only if there are problems with it. Norton can sometimes even get into trouble with installing IE 6.0 or such things, so look carefully.

 

Hi All,

I'm afraid I haven't opportunity to read through the entire thread at the moment but as I understand it you can launch PE fine in Safe Mode but not in normal mode, even if you stop all processes aside from Explorer and Systray before attempting launching PE. If this is the case then it very well may come down to a driver issue or protocol stack issue.

You may want to try going into Safe Mode With Networking Support and see if you have network connectivity and if so see if PE can launch. Unfortunately, I am not positive that this mode of SafeMode will use the normal driver so I am not postive that this will pinpoint the issue but I think it will narrow it down.

It may be worthwhile (only if you are comfortable with the network setup) to completely remove the protocols and NIC driver reboot, and let it autodetect and make sure it loads a fresh driver (not one cached on the system) and then re-add the protocols and set the config for your net.

This will be a little work but I think it just might work, particularly if PE does not operate on your system in the Network enabled Safe Mode.

HTH,

Dan

 

I also haven't had enough time to read completely, but something I wonder is..

You have Cleansweep, do you have Crashguard or any other tools like it ? Are they installed on the working machine too ? Something like this could have a driver which is causing a problem for PE

 

Greetings all,
No, I don't use Crashguard, and now that I think about it there were problems getting Symantec Systemworks 2003 installed on this machine.
This is a standalone machine, not networked... should I still try the safemode with networking support? If so, how do I go about it?
It isn't an option on my startup menu (which shows at each boot (Tweakui).

I haven't looked into MSconfig, but will.

Never did identify the bug, but have been into CMOS and the setup screens often enough to remember what was necessary.
Did Fdisk (twice, just in case ;>), formatted the drive (twice) and then reloaded.

I haven't changed anything in BIOS at this stage for the PE problems... if I did, what tro look for/do?

I am attaching the autoload viewer results... I didn't turn anything off, just ran it a few moments ago.
Many thanks again for your time, your thoughts and input,
Tom

 

That's the readme file, can you attach your logfile please?

Several messages above you wrote about the computer in a network and acting as a server and the one or the other being the private system so now i am completely losing trail (again!) how it now can be a stand alone system.
Please again explain if the network thing is a valid point and trying those recommendations come with that.
(maybe better draw it and add info which is which and on which is running PE and TDs and WG and ??)

There are systems which don't even allow a format, let alone fdisk or the kind, so not sure if that could be an issue too.

 

Hello,
Sorry for the confusion...
I bought two licenses... one for work (networked) and one for home (the problem child).
As I am now at work, I'll have to send the logfile this afternoon/evening. Sorry about the wrong attachment, I'm a two cuppa kind of guy, and the first hadn't hit bottom yet .
TIA,
Tom

 

Hi Tom,

So your home machine is not on the Internet yet?

Do you have a network card physically installed?

If so, when you view the devices in Device Manager do you see the Network Card listed there and is it free from any problem indications (i.e. there is no yellow or red mark near the icon for it in Device Manager)?

Normally, you would have the network capable safe mode option available to you when you press F8 during the bootup process (before you see the GUI start to load up) but it may be that the option is not there if Windows insists you don't have a network card.

I'm speculating somewhat wildly here but it may conceivably be the case that PE will not react well if the NIC config is unstable or incomplete. Speculating further, this instability might not impact PE in SafeMode as it completely ignores the NIC and its config but *would* have to contend with it in Normal mode and Safe Mode with Networking.

Anyways, looking forward to your answers

Regards,

Dan

 

Let's see if I can clear this up <G>.
The machine at home has no NIC, is connected to the internet via external modem.
The autostart log is attached (I think I managed to get the right file this time ;<).

The menu called by F8 is always on screen at start-up thanks to Tweakui settings, and a network safe-mode isn't visable as one of the choices.

The home machine has never been anything other than a stand alone...
Thanks in advance,
Tom

 

Did you see this part of the link in my former message #53 about CleanSweep from the symantec's own site?
"If you have the CleanSweep QDFSDRV filter driver (found in the Control Panel in the Devices icon) loaded and running, it will disable Norton UnErase Protection.

To resolve the Windows NT Recycle Bin and Norton Protection problems, remove CleanSweep's Smart Sweep from the Startup folder and restart. You may also need to remove the CleanSweep Usage Monitor from the Startup folder and restart the computer."
As that thing or the settings are causing so many problems (not only for NT! which you'll notice if you google for symantec+nprotect+cleansweep), it is not for nothing that i asked you to make sure from the MSCONFIG that thing is disabled from startup for your next try. You are full with all kinds of norton utilities and blockers!
It might not be the software itself, as you're the first with this stubborn problem and many people use the norton programs, av/at, utilities, system works, it might rather be some setting, and if not with these tools maybe in your Tweaking some setting was changed too much.
You will not like the script blocker active either, if you like to use TDS to it's full potential including scripts.
WormGuard is a good protection for malicious scripts without crippling the system with disabling every script from running, also the wanted ones.

 

Good morning,
There is no problem with Norton unerase or protected recycle bin...
I haven't had a chance to run MSCONFIG as yet (too many things needing attention all at the same time).
But the items you mentioned are not in my startup folder.
I will disable the cleansweep line (Does a semi-colon act as a REM line when used in a registry key?) in MSCONFIG.
I will also re-disable the script blocker in Symantec, if WG will act in its place.
As to TDS and scripts, I'll need to learn substantially more about that area of computing to even understand all of what TDS offers :>(.
I primarily added it as a part of my efforts to detect and remove malware from my machines.
Yours,
Tom

 

I gave you the example of the symantec site as it is in fact about NPROTECT which can go on the loose because of CleanSweep with an older filter driver in the latter and thus causing problems elsewhere.
The example is a reply on a question relating to a NT system, but it can happen on any system.
If you google for nprotect+symantec you will see many examples; i posted somewhere above another example with the support answers from microsoft.
The files are both somehow in your autostart as they are in the hijackthis and autostartviewer as automatic started so they are there somewhere.
Maybe in TDS in the autostart explorer, anywhere it must be able to get rid of their autostart function, maybe opening the programs themselves and changing autostart options there if possible, at least get rid of the cleansweep monitoring.
Look you know to use the rather advanced tweak functions, so i'm sure you'll find out how to get the cleansweep and nprotect disabled.

When you open start > run > msconfig
you see the tabs of which you take the last tab "autostart" (startup?) where you can uncheck functions you do want to disable for the moment.
Apply and OK and you'll have to reboot.
As they don't disappear from that list you can always put them back at wish.

I have that tweak thing too, but i never have it in the autostart, get it out unless you really need it there; the few times i need it i start it via the control panel.
But that one would show up in the TDS autostart explorer and can be killed from there too but you might prefer via the msconfig uncheck.

Did you find out in the meantime the differences in the hijackthis logs from both systems?

 

Hi Tom,

Dont DELETE any entries at all, use MSCONFIG to untick some and if you dont mind, untick all the startups that could be causing the problem, such as :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ADUserMon
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Iomega Startup Options
C:\Program Files\Iomega\Common\ImgStart.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Iomega Drive Icons
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Deskup
C:\Program Files\Iomega\DriveIcons\deskup.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ADService
C:\Program Files\Iomega\AutoDisk\ADService.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ScriptBlocking
C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\CSINJECT.EXE
c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SymTray - Norton SystemWorks
c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"


Because you are only unticking them, you can tick them to restore their startup after you have tested. Can you untick ALL of those and reboot, then try Port Explorer ?

 

Hello,
did as requested, still won't run.
I tried to zip several text files and find a zipped file isn't allowed for upload.
So I'll cutnpaste:
Thanks,
Tom


This is all that's running per ctrl+alt+del window

Explorer
zapro
ccapp
starter
nprotect
rnaapp


StartupList report, 8/15/03, 6:40:19 AM
StartupList version: 1.52
Started from : C:\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\OPSYS\SYSTEM\KERNEL32.DLL
C:\OPSYS\SYSTEM\MSGSRV32.EXE
C:\OPSYS\SYSTEM\MPREXE.EXE
C:\OPSYS\SYSTEM\mmtask.tsk
C:\OPSYS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\OPSYS\SYSTEM\MSTASK.EXE
C:\OPSYS\EXPLORER.EXE
C:\OPSYS\SYSTEM\RNAAPP.EXE
C:\OPSYS\STARTER.EXE
C:\OPSYS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\OPSYS\RUNDLL32.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\OPSYS\Start Menu\Programs\StartUp]
Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.EXE

Shell folders Common Startup:
[C:\OPSYS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\OPSYS\scanregw.exe /autorun
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
CriticalUpdate = C:\OPSYS\SYSTEM\wucrtupd.exe -startup
POINTER = point32.exe
EnsoniqMixer = starter.exe
ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
QuickTime Task = C:\OPSYS\SYSTEM\QTTASK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
TrueVector = C:\OPSYS\SYSTEM\ZONELABS\VSMON.EXE -service
ccEvtMgr = "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
SymTray - Norton SystemWorks = c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
SchedulingAgent = mstask.exe

--------------------------------------------------

Shell & screensaver key from C:\OPSYS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\OPSYS\WININIT.BAK listing:
(Created 10/8/2003, 9:14:20)

[rename]
NUL=c:\tmp\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

c:\PROGRA~1\NORTON~1\NORTON~1\NAVDX.EXE /startup
PATH C:\PROGRA~1\WIN98RK;%PATH%
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\OPSYS
set temp=c:\temp
set tmp=c:\tmp
PATH C:\PROGRA~1\WIN98RK;c:\;c:\opsys;c:\opsys\command;c:\pkzip
set dircmd=dir /w/p
SET PATH="C:\Program Files\PKWARE\PKZIPC\";%PATH%
SET PKSFXDATA=C:\Program Files\Common Files\PKWARE\Pksfxs.dat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1 Copernic Intra-Daily ~Default User.job
2 Copernic Daily ~Default User.job
3 Copernic Weekly ~Default User.job
4 Copernic Monthly ~Default User.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[CV3 Class]
InProcServer32 = C:\OPSYS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1097/V31Controls/x86/w98/en/actsetup.cab

[Update Class]
InProcServer32 = C:\OPSYS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37595.119375

[Shockwave Flash Object]
InProcServer32 = C:\OPSYS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\OPSYS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[ActiveDataObj Class]
InProcServer32 = C:\OPSYS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\OPSYS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\OPSYS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 6,015 bytes
Report generated in 0.105 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Logfile of HijackThis v1.96.0
Scan saved at 6:38:42 AM, on 8/15/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\OPSYS\SYSTEM\KERNEL32.DLL
C:\OPSYS\SYSTEM\MSGSRV32.EXE
C:\OPSYS\SYSTEM\MPREXE.EXE
C:\OPSYS\SYSTEM\mmtask.tsk
C:\OPSYS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\OPSYS\SYSTEM\MSTASK.EXE
C:\OPSYS\EXPLORER.EXE
C:\OPSYS\SYSTEM\RNAAPP.EXE
C:\OPSYS\STARTER.EXE
C:\OPSYS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ewol.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\OPSYS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\OPSYS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CriticalUpdate] C:\OPSYS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\OPSYS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [TrueVector] C:\OPSYS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Look for Spybot-S&&D updates (HKLM)
O9 - Extra 'Tools' menuitem: Look for Spybot-S&&D updates (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37595.119375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

 

UNcheck that Nprotect in the MSCONFIG
close that thing, off out say NO to nprotect
kill it temporary any way make sure it is closed and not running.

If you change the file extensions into TXT you can attach them here, one per posting or one big one in which you pasted them all.

what are ccapp and starter?
are they needed? are they UNcheckable in MSCONFIG?

If Gavin asks to send some files to him personally that is to submit@diamondcs.com.au if it is a suspicious file
or support@diamondcs.com.au for that and other files and support emails or gavin@diamondcs.com.au if Gavin asks to send something to that mailbox explicite.

It is never allowed to attach nasties or nasty code --also not in txt format-- in a posting here.
Only logfiles like you did so we all can look into it and try to help you with it.

I'm sure in the meantime you've tried to look at the differences in your hijackthis files on the two computers and with a big marker marked out the differences.
Are those significant?

Gavin asked you to close all those symantec/norton utility parts and i asked you to close the Tweak thing and all are still there, you did not close them from the MSCONFIG
nor from the applications themselves to NOT allow them at startup.
close them, again go to MSCONFIG and uncheck everything except the mouse and firewall.
try again.

 

Jooske,
Per Gavin I unchecked all he asked for, but symtray came up anyhow...
Honestly haven't had the time to compare log files, but this weekend I'll make time.
Nprotect is supposed to be soley for the recycle bin (and I don't think it was one of the things I was requested to disable VIA msconfig,) but will do so later. (I'm back at the "salt mine" again.)
Tom

 

A note was IM'ed to Gavin referencing the attached file.
I unchecked all norton stuff, tweakui stuff etc...
It still won't run.
ccapp is part of my antivirus program.

I have attached a file that is hijackthis.log from the home machine with most stuff disabled, and the same file from the office machine where all runs well.
Hopefully someone here can see something I cannot.
Thanks in advance for your efforts and your time,

Tom

 

On the first glimpse it looks like you're missing files on the home system, if that is the upper one, right?
Did you try to run SFC and was anything missing?
I can at this moment only think of one by one do enable the things you like and try again, if the SFC did not find anything more.

In save mode PE was registered and running properly, right?
Then it's logical to think the installation was correct and in normal mode there is something blocking it, some weird setting, anything. More there you seem to have the same programs on both.
If PE had not ran in safe mode i could only imagine it is asking for c:\windows\system\*.dll and other files belonging to PE; you could make a folder named c:\windows\system and copy the dll and the sporder file there; sounds rediculous and i don't think it works but i think you about ready to try anything rediculous too in this frustrating situation.
There is either something blocking or missing, a file, a setting.
You scanned the system for all possible nasties? I recently found the online scan at www.ravantivirus.com rather good (i always love a second opinion, certainly because you have been infected in the past)

Maybe somebody sees anything in the hijacklogs you just posted.

Is it so if due to some reason norton utilities feels damaged, that it could be protecting itself and blocking an application like this? Is it working all properly if you use any of the Norton tools?
And the ZAPro too? If you go the the Gibson site www.grc.com and go to ShieldsUp! is all the firewall working as it should?
Have there been any other error messages from other programs, crashes, anything?

 

Hello,

On the first glimpse it looks like you're missing files on the home system, if that is the upper one, right?

Yes... which files do you mean?

Did you try to run SFC and was anything missing?

System File Checker
Not recently.

In save mode PE was registered and running properly, right?

Yes, except no values or ports were visible... it asked for and accepted my unlock code.

Then it's logical to think the installation was correct and in normal mode there is something blocking it, some weird setting, anything. More there you seem to have the same programs on both.

This puzzles me as well.



If PE had not ran in safe mode i could only imagine it is asking for c:\windows\system\*.dll and other files belonging to PE; you could make a folder named c:\windows\system and copy the dll and the sporder file there; sounds rediculous and i don't think it works but i think you about ready to try anything rediculous too in this frustrating situation.

Stranger things have happened! Does anyone on your end have an in with the people that wrote the code Seems like they would know if was "hardwired" for specific folder names.

There is either something blocking or missing, a file, a setting.
You scanned the system for all possible nasties? I recently found the online scan at www.ravantivirus.com rather good (i always love a second opinion, certainly because you have been infected in the past)

I'm downloading from their site as I write. :



Maybe somebody sees anything in the hijacklogs you just posted.

Is it so if due to some reason norton utilities feels damaged, that it could be protecting itself and blocking an application like this? Is it working all properly if you use any of the Norton tools?

Not at this time, some are disabled <BG>

And the ZAPro too? If you go the the Gibson site www.grc.com and go to ShieldsUp! is all the firewall working as it should?

Been there done that, but not recently... scored Stealth!


Have there been any other error messages from other programs, crashes, anything?

Other than TDS-3 coming active as though the file associations were screwed up (as described in the previous post), no.

Still hanging in, but beginning to despair
Tom

 

The HijackThis logs look fine.

I noticed on the previous autostartviewer logs that you had one or two VXDs that seem to me to be game related. It is barely conceivable that one of these may introduce complications with PE that have been hitherto unnoticed. I don't work with 98 enought to recall if you can disable those drives individually, perhaps through MSConfig?

I *think* these are game related

C:\OPSYS\system\msgamio.vxd
C:\OPSYS\system\gckernel.vxd

If this doesn't work, and you are comfortable with re-establishing your Internet dialup settings, you may want to try my earlier idea of nuking the network config and rebuilding it from scratch from your pre-made detailed notes

At that time I was working under the misapprehension that the system had a NIC in it so instead you should just go into the network neighborhood properties and (after noting all the requisite settings) remove all protocols and services there and then reboot and then re-establish those settings.

Sorry I can't come up with anything more definitive

 

Dan,

I think the files you mentioned (vxd) are related to the MS joystick and its config program...


An aside to Jooske:
Which files did you think might be missing? I forgot to ask in my reply. Never mind... I LOVE the ability to re-edit these posts <BSEG>

I *can* redo the dialup , but I don't understand the connection... perhaps a brief look into your thinking?

Thanks again for the collective time and efforts,
Tom