Excuse me, I don't want to sound like an idiot but there are some things that I worry about.
First. I have just come across two new icons I've never noticed before. They are HyperTerminal and a file sharing one. When I asked for advice I was told to go to Group Policy and adjust the items. I am running XP Home SP2 and I cannot find a group policy anywhere at all.
When I boot in the morning everything goes well until everything on my hard drive loads then there is quite a pronounced flick on my screen and I get the same screen shot but something is not quite right about it. When I look at the Services in Administrator there are some files I don't think should be running but the buttons for changing them are opaqued and I cannot adjust them. Below is an HJT log that may offer you some ideas about my machine. It doesn't mean squat to me.
Logfile of HijackThis v1.99.1
Scan saved at 4:29:53 PM, on 12/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.ap.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159826177250
O17 - HKLM\System\CCS\Services\Tcpip\..\{F31FD09C-0B9D-4F91-98D2-10EDCDA1BA6F}: NameServer = 203.96.152.4,203.96.152.12
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Your help would be appreciated even if only to give my mind a rest.

Hi rzzle55,

HyperTerminal is a part of Windows, and as I don't know which File Sharing program I can't answer that one...
Where did you ask this?

Your log looks okay to me. Which services do you think should not be running? Does this flick also happen in Safe Mode? Did you recently install something new just before this started happening?

Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.

Sorry to have bothered you. I WILL take your word for it. Just delusional paranoia. Following is as per your suggestion.

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe PageMaker 7.0
Adobe Reader 7.0.8
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
Conexant D850 56K V.9x DFVc Modem
Dell Resource CD
Dragon NaturallySpeaking 9
Google Earth
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
Hubble Images Screen Saver
Intel® PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Macromedia Dreamweaver 8
Macromedia Extension Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft Works 7.0
Nero - Burning Rom
NJStar Chinese WP
OpenOffice.org 2.0
Picasa 2
QuickTime
RealPlayer
Registry Mechanic 5.2
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SigmaTel Audio
Spybot - Search & Destroy 1.4
Spyware Detector
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VoiceTracer
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip
WordWeb
ZoneAlarm

Oh, by the way, is there a security group policy on XP Home?

Hi rzzle55,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

Open "Add/Remove Programs" in the Control Panel. Select the following items:

• J2SE Runtime Environment 5.0 Update 8 <-- not bad but old. Malware knows how to execute older Java versions so they constitute a security risk
• J2SE Runtime Environment 5.0 Update 9 <-- not bad but old. Malware knows how to execute older Java versions so they constitute a security risk
• Spyware Detector Spyware Detector has been delisted from Spyware Warrior's Rogue List. Since the program was on it I recommend to uninstall it and use programs from the trustworthy list which can be viewed on the same page.

and click "Remove" for each of them. If one of the uninstallers wants to download stuff or needs an Internet connection, skip that one and report them to me.

I'm sorry to report that there is no Group Policy Editor on XP Home, the mechanics are in place and working though. If you want to change something in that regard you'll have to do some Registry manipulations.

You didn't answer my questions.... ;)

I beg your pardon. I misinformed you regarding the advice. I read it in another forum and presumed it was applicable to me. Sorry about that. I can't locate the file sharing icon now so maybe I was mistaken. However, there is something else that bothers me. My computer tells me I have 7 users registered on it. I can only see 3. 1.= ASP.net that appears to be password protect although I didn't supply the password. (I have had this before and when I changed the password it disappeared. I have reinstalled the OS since then and voila, there it is again. I have left it alone this time.) 2.= My password protected admin account and 3.= A limited account, password protected, for my son to play games. I have no idea who the other users are apart from maybe Dell put one on before dispatch. MSBA tells me that there are unprotected or insufficient passwords for these extra users but I can't find any record of the extra users. Any advice?
Thanks for your assistance.

Oh, and I bought Spyware Detector after reading reviews and noted that it was removed from the Rogues list. Should I still uninstall it. I can probably download it again from their site. I have a Trend Micro PC-cillon that I had a lot of trouble with so I removed it but I still have the original software purchased at DSE locally. Perhaps I should try it again? I have downloaded the Java as per and when I try to install it it asks for access. I denied access and tried again. Same thing only to a different address. Is this normal for a download? I won't go and do anything until I hear from you.

Hi rzzle55,

Please download SWWhoAmI.

Launch Notepad, and copy/paste the box below into a new text file. Save it as Export.bat and save it on your Desktop.



Locate Export.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

Let's see what those user accounts are.
we'll first see which User Accounts there are.
Access to what? Java needs access to the network so that is okay. And it also has an update scheduler that checks on the Internet if there is one available. The last one is okay, but not needed if you check for updates yourself.

Hi Bobbi, this is the file that came up when I clicked on the .bat file. Notepad file was empty and
DOS cmd window C:\WINDOWS\system32\cmd.exe opened with
the following text.
C:\Documents and settings\(myname)\Desktop>swwhoami/listusers 1>Output.txt 'swwhoami' is not recognised
as an internal or external command, operable program or batch file.
C:\Documents and Settings\(myname)Desktop>notepad Output.txt

I have uninstalled the Zone alarm firewall and reinstalled and updated Trend Micro PC-cillin but as before I can't access my email
and when I command telnet pop3.paradise.net.nz 110 the command window comes up blank and I still can't access my email.
So I guess it's back to the free Zone Alarm. At least I know it works even though I don't understand all the programs that ask for access.
Every day Windows Defender tells me that it has accepted a change on the 'cmd.exe'
Go figure.

I reinstalled Zone alarm and tried to access the video tutorial and up came the message to test network connections.
Click on yes and XP Diag says there is an improper Winsock setting which allows outside access to your computer. Do you want
Windows to reset this. Answer "yes' and shut down and reboot.
I'm sure there are gremlins inside my computer!!!!

Where did you download SWWhoAmI to? Can you put it in the same location as the batch file (most probably the Desktop)? Then double clck the batchfile again please.

Silly me. I didn't download the link as I didn't realise it was a download link. However I am unable to access the download site.
I'm connected and everything else is working OK but try as I might, the link page will not open. Is there anywhere else that file could be available from. If, as I suspect, some one is controlling this machine it will reject anything that may expose it, do you think?
I tried cutting and pasteing the address and launching it from another browser window but no dice. I'll have a look on google and see
if I can find another download site. No, Google doesnt even come up with anything at all SSWhoAmI or sswhoami both no reply.
I cut and pasted the address into the search box and again nothing came up. Maybe the site is down. I'll have a look at Microsoft and see if there's anything there.
Cheers.
rzzle55

No, nothing on the microsoft WS and advanced search turned up no replies either. sswhoami is an unknown program for this machine but perhaps only this machine. I could try accessing it from a public library site and loading it to CD and trying again on this machine. This has happened to me so many times. I'll probably find myself unable to download update files next or access any security sites.
This has happened before and I've only solved the problem by reinstalling the OS. I'd dearly love to get to the bottom of this.

it's sWwhoami and sorry about the link. I mistyped it.

This is the correct link

Hi Bobbi, Following is the list from Export.bat
Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
| Entertainment
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Russell
| SUPPORT_388945a0 (Disabled)
I have no idea who the Administrator is or how you got the extra information for your comp.
I never asked for ASP.net and I guess the Administrator may be the Dell service crew. The others are (apparently) disabled.
I didn't quite understand how you accessed that extra information. Is ASPNET supposed to be there?
Now that I see the information 3 of the 7 are disabled. HelpAssistant and SUPPORT are two I've never seen before. Guest (disabled) I have seen before but Ent., ASP., and Russ., are the only three I am sure of.

Hi rzzle55,

The ones you don't know about are standard User accounts available on all Windows-computers. Administrator is usually hidden in XP, but still there. The others are disabled, so they cannot log on to the computer.

HelpAssistant and SUPPORT_388945a0 are accounts from Microsoft. When someone at Microsoft Support Desk asks you to enable them, it is alright to do so otherwise they are best left disabled. The less active accounts, the less chance of someone breaking the computer's security.

As this also looks okay, I can only assume nothing weird is going on. Are you still having problems with the email?

Hi Bobbi, The only trouble I have is when email arrives, there is an icon beside nearly all incoming mail that says there are attachments on the message. but there are no attachments. I have tried unclicking the "Do not allow attachments to download" but the icons remain.
I don't know if this is a problem or not. I use Outlook Express for email. It has just made me wary of opening any mail I'm not expecting.
Probably not a bad thing. Thank you for your patience and assistance. You have eased my mind and allowed me to have a better Christmas. Merry Christmas to all of you at Gladiator.

Hi rzzle55,

I use Pegasus for my email, so I am not fluently with Outlook Express.

I would try to reinstall it though. See if there is something fishy with the mails.

Also the attachment paperclip could mean that it is an HTML encoded email. That woud mean that you have a normal "text message" and also an "HTML version" of that same email in the message. You can check that by rightclicking the mail and choosing something like "Source" or "RAW message" from the menu.

Merry Christmas to you too.

Hi Bobbi,
Here I go again. da**. Just downloaded Comodo Firewall and activated it. It told me it couldn't use the "fast user" thingimabob. I tried to enable it from the admin tools and it refused to start so switch off and reboot still not working even though I enabled "Automatic". I can't switch it on!! Comodo seems to be working alright but it tells me there are two systems running. What does that mean? Also, when I access the admin tools there is a definite screen change and the icons and typeface change. When I try to start the Fast user facility a small window opens as if a password is required but it quickly changes and I get an error message #1068 the group could not start.
Please tell me there is nothing to worry about.

Hi rzzle55,

Fast User? You mean "Fast User Switching Compatibility"?

Launch Notepad, and copy/paste the box below into a new text file. Save it as Export.bat and save it on your Desktop.



Locate Export.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

Hi Bobbi, I have reconfigured the Fast users compatibility swiching back to it's original which is manual STOPPED.
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: FastUserSwitchingCompatibility
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME : LocalSystem
After checking the Comodo Forum it appears that this is not uncommon and the advice is to ignore it. It still doesn't explain why there are two systems operating but I'll have a look at the forum again and get back to you.
Thanks for your help

That looks like it should be.

As you are also searching the Comodo forums I will leave you in their hands. I expect they know more about their product then I do.

Good luck and happy holidays.