Hi All,

I've searched through some of the existing threads and couldn't find the info I need and it's essential I figure this out as soon as possible. But before I describe my problem, I just want to say that this is an AWESOME community based on what I've read so far and as a new member, I can foresee that I will be enjoying these forums immensely. Also, my profound apologies if I am posting this issue under the wrong forum.

Okay, I have disabled netbios on my win2kpro machine in "network control panel > lan > properties > tcp/ip > advanced > wins" and also in "services", however when I run a netstat -a I'm showing all kinds of open ports and I know that two of them (139 and 137) are ports I do not want open. 139 is listening and I can't figure out how to close it down. I ran antiyports.exe and found that the process mapped to it is "system" but even while logged on as administrator I'm unable to end that process in task manager (didn't think it would work, but tried it). I've also completely uninstalled the file and print sharing protocol, though it was disabled since install.

I'm afraid my system has been somehow compromised despite running zone alarm pro (fully updated) and NAV. I have been unable to successfully run a full system scan with NAV, however I did go to symantec's site and ran their web-version. It came back clean as well as an AVG scan I performed. The problem when I run NAV is that it gets to 99% and hangs everytime. I reinstalled it and ran live update but still it fails to complete a full system scan. It seemed to keep hanging on a file in the windows media player directory so I completely uninstalled that component and it's associated update to version 9, but now it still hangs on different files.

If I have to fdisk and reinstall from backups I will, but my PGP key was in a folder on the local drive and even though it was encrypted with win2k's built-in encryption utility I'm afraid that someone may have lifted it. I had removed the win2k encryption recovery key, but stupidly put it back on my system temporarily in a different directory so I could back it up to cd and never wiped it.

I'm sorry for the long-winded post but I really need help figuring out if I've been pillaged or if this might just be some kind of anomaly. I can paste in a copy of my netstat results if it might help anyone.

Thanks a 11110100001001000000 for _any_ help!

Steve