Problem?

[annieskid]

I just finished running a tune up at Pit Stop, finding several problems, ranging from internet security,low memory, internet cache, bandwidth to a minor problem with the ping test, and a security problem with Outlook Express (which I never use and remove every time I find it) Removed a couple of questionable Startups, several hundred cookies, which made computer freeze, go crazy showing one screen after another, and deny access. I found a Porn Site under objects in Internet Tools I can't remove, a file in the system called TAPISRV.EXE in the kids Registry I'd like to delete if I can do it without messing anything up, and clean this comp out from top to bottom. I lost the directions and link for cleaning it out by typing percent cookies and am getting a kernel32dll. error message opening the Internet, but getting on ok for now. I found a lot of Outlook Express files noone can explain. Seems the eleven year old has been running without ZA for a month or so, with her Dad hooking up to an adult site. I've blocked emails for at least a month from porn sites that have been crazy. I need a decent cookie cleaner, pop-up killer that actually kills the cookies as well, and to reinstall ZA. I assumed Zone Alarm on my name would cover all users. Wrong, now what?

 

[TonyKlein]

Tapisrv.exe is the Background Service which provides Windows Telephony (TAPI) Support.
You don't want to delete it.

As for your other problems, please do this:

Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

 

[annieskid]

I've just reinstalled Ad Aware, which I evidently downloaded but forgot to install (oops) and quarantined 54 ugly things that came from who knows where. Do I still need to go to the suggested link? I've installed Zone Alarm Plus from CNet even though it isn't rated very good (59%) but desperately need a nap, having three hours sleep again, with a headache and a sleeping baby. I'll be back ASAP, before the kids get near this thing again, but it's running better already, with no kernel32.dll error opening, and faster like nothing is hanging on trying to smother it.

 

[TonyKlein]

Did you install the latest version of Ad-Aware (AAW 6.0), and did you update before scanning?

And yes, I'd still like to see your Hijack This log, as it may show loads of things that AAW either doesn't recognize or target.

 

[annieskid]

I removed all traces of aaw I could find before installing Ad Aware 6, very nice program.I figure the porn dialer is in here somewhere, since it returned when I came back here to reply through hotmail.
Logfile of HijackThis v1.91.2
Scan saved at 7:16:28 AM, on 2/10/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
O1 - Hosts: 216.177.73.139 ieautosearch
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

 

[annieskid]

Looked closer at hijack this and found some problems in startup there. Three cookies will not die no matter what I do, and have renamed the WINDOWS?WINIT.BAK listing. Deleted what I could through hijack program, then ran Spybot, which found more than I ever expected. I removed what I could, but cant seem to get rid of five cookies, and have been denied access to the cookie index, so I can't delete there either, though I deleted the file in question, the problem with the eleven year olds cookies remains, preventing me from running the cookie/cache cleaner I just downloaded. No viruses detected at Pit Stop (quick scan) don't know if it's spyware or a worm, but it's making me mad after three hours. Every time I try to delete the file directly, Spybot finds five more. Two cookies are from atdmt, one from qksrv, both look like ad trackers that won't go away no matter what I try.

 

[The_Egg]

Quick and dirty method:

add *.qksrv.com and *.atdmt.com to the Restricted Sites zone in:
IE Options -> Security -> Restricted Sites -> Sites
and you'll never get another cookie or script from those sites again.

I always add every spyware site detected by Spybot or Ad-aware.
The list is getting rather large . . .

You can back this up (if you ever need to reinstall windows) by exporting this reg key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Just noticed you're running IE5.x (not 6)
You can also disable "per-session cookies" c/o Restricted Sites -> Custom Level.


I'd also be interested to see your StartUpList
Though I'd presume that Spybot & Ad-Aware should've already got rid of most if not all spyware . . .

ps. by updating Ad-Aware 6, we meant updating the internal Ref File
by clicking "check for updates now", just above the Ad-Aware "Start" button
(there was a new ref file on 6th Feb, and another new one today)

 

[annieskid]

I'll updat Ad Aware sometime today and work on restricted sites list. Thanks. StartupList report, 2/10/2003, 10:43:42 PM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\TD_0005.DIR\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v5.50 (5.50.4134.0100)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\SRN MICRO\SOLOSENT.EXE
C:\PROGRAM FILES\SRN MICRO\SOLOCFG.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\TD_0005.DIR\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
3Cmlink = C:\WINDOWS\SYSTEM\3cmlnkW.exe
SoloSentry = C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
SoloSchedule = C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
Run StartupMonitor = StartupMonitor.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
IDMan = C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 10/2/2003, 9:13:20)

[Rename]
NUL=c:\windows\profiles\cariamber\cookies\[email protected][2].txt
NUL=c:\windows\profiles\cariamber\cookies\[email protected]www.qksrv[1].txt
NUL=c:\windows\temp\cookies\[email protected][2].txt

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job

--------------------------------------------------

Enumerating Download Program Files:

[iCC Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPCONNCHECK.DLL
CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[AV Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

--------------------------------------------------
End of report, 4,565 bytes
Report generated in 0.420 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I also added the Startup Moniter for good measure, bound to be a handy tool.

 

[annieskid]

I put everything in restricted sites, or tried to. It renamed the files _restore\temp\a0016961, which I've spent the day trying to shred, ran ad aware, spybot and hijack this on repeatedly without fixing this or _restore\temp\a0016964. Fine, so I hunt for it, when restricted sites won't let me add one of the new intruders, saying I need to remove the file first. This sneaky piece of crap has created four folders I can't touch, with no value when I search for them. I can see them in the line-up under My Computer, but can't find them. I want in depth virus scan, but what kind of adware ads folders? Worm? The folders are labeled _Restore, _Temp, _Restore Temp, and one I can't get to see even. I'm not seeing it in the first page of start up lists, only at the bottom as something extra that doesn't belong. The folders are directly under browse, and I don't know which of the folrders that open to search. Next...

 

[annieskid]

Internet acting freaky also, had to change settings to enable Java to even check my hotmail, though it worked fine this morning, so I don't think it was resetting anything at Pit Stop. Never say never again.

 

[The_Egg]

Are you talking about this folder?
C:\_RESTORE

If so, that's where WinME stores all the System Restore backups.
You can't delete anything in there.
The only way is to turn off System Restore, which effectively auto deletes almost everything in C:\_Restore

Before any Anti-Virus or Spyware Remover programs can delete any _Restore files, you need to (temporarily) disable System Restore via the System Control Panel.
http://www.trendmicro.com/en/security/advisories/win_me_clean.htm

 

[annieskid]

Newest Startup list, compare WINITBAK listing. Problem!StartupList report, 2/12/2003, 4:38:55 AM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v5.50 (5.50.4134.0100)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\SRN MICRO\SOLOSENT.EXE
C:\PROGRAM FILES\SRN MICRO\SOLOCFG.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
3Cmlink = C:\WINDOWS\SYSTEM\3cmlnkW.exe
SoloSentry = C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
SoloSchedule = C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
Run StartupMonitor = StartupMonitor.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 10/2/2003, 23:10:40)

[Rename]
NUL=c:\_restore\temp\a0016964.cpy
NUL=c:\_restore\temp\a0016961.cpy
NUL=c:\spm2\thank.exe
NUL=c:\windows\sbnet\showbehind.exe
NUL=c:\windows\temp\cookies\[email protected][1].txt

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job

--------------------------------------------------

Enumerating Download Program Files:

[iCC Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPCONNCHECK.DLL
CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[AV Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

--------------------------------------------------
End of report, 4,580 bytes
Report generated in 0.194 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Can't find in Windows search, zero value, four new folders under search blank, computer listings, with browse over them, full of stuff downloaded by kids. Changes every time I try to delete it, with multiple listings in Spybot, several cant be fixed: 10 streamed history files.

 

[annieskid]

Taking two minutes to open any Internet Window, slow as Christmas bandwidth and Ping Test at Pit Stop, download speed half normal speed. Big Problem to kids who are banned from computer til this is fixed (2 days) this thing can't be restricted. In security/restricted sites, deleted all entries yesterday, let me add www.a001691.cpy, but would not let me add a0016964.cpy, saying I must remove it from system first. I can't find it. Worse, the listing in Security/Sites deleted itself, leaving only a ww blank space. What kind of adware does sneaky stuff like that?

 

[annieskid]

Found a lot of System configuration files opened or changed 1-26-03 and Restore/Health. Checked files Properties, dates back to 6-8-02 there, same day we picked up a virus that's since been cleaned by two technicians at two different shops. Restore, file of virus origin, still not working, now dated 1-26-03. Spool 23 has shortcut labeled 1-26-03, with many system files archived, 0 mb.
I'll hunt for info, but am listing another list that seems to be important:3cmlnkw.exe c:\windows\system\3cmlnkw.exe 0xfffdeee3 256 Not Available Not Available Not Available Not Available 28.00 KB (28,672 bytes) 2/1/2003 9:32:09 PM
ddhelp.exe c:\windows\system\ddhelp.exe 0xfff9527f 256 Not Available Not Available Not Available 4.07.01.3000 45.27 KB (46,352 bytes) 1/26/2003 8:33:36 PM
explorer.exe c:\windows\explorer.exe 0xfffd0b7f 32 Not Available Not Available Not Available 5.50.4134.100 220.00 KB (225,280 bytes) 1/26/2003 8:30:16 PM
helpctr.exe c:\windows\pchealth\helpctr\binaries\helpctr.exe 0xfffa862f 32 Not Available Not Available Not Available 4.90.0.2525 484.27 KB (495,888 bytes) 1/26/2003 8:33:38 PM
idman.exe c:\program files\internet download manager\idman.exe 0xfffcd3a3 32 Not Available Not Available Not Available 1, 0, 0, 1 1,008.00 KB (1,032,192 bytes) 2/10/2003 8:48:07 AM
kernel32.dll c:\windows\system\kernel32.dll 0xffef22d3 128 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
kernel32.dll c:\windows\system\kernel32.dll 0xffff6433 32 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
kernel32.dll c:\windows\system\kernel32.dll 0xffffc5f3 32 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
mprexe.exe c:\windows\system\mprexe.exe 0xffffcfb7 32 Not Available Not Available Not Available 4.90.3000 28.00 KB (28,672 bytes) 1/26/2003 8:33:42 PM
msnmsgr.exe c:\program files\msn messenger\msnmsgr.exe 0xfffd84e3 32 Not Available Not Available Not Available 5.0.0543 2.08 MB (2,181,704 bytes) 12/5/2002 5:24:54 PM
mstask.exe c:\windows\system\mstask.exe 0xfffe1f2b 32 Not Available Not Available Not Available 4.71.2721.1 124.00 KB (126,976 bytes) 1/26/2003 8:33:42 PM
persfw.exe c:\program files\kerio\personal firewall\persfw.exe 0xfffe6bdb 32 Not Available Not Available Not Available 2, 1, 4, 0 384.00 KB (393,216 bytes) 2/12/2003 5:22:10 AM
solocfg.exe c:\program files\srn micro\solocfg.exe 0xfffc3ee3 32 Not Available Not Available Not Available 1, 0, 0, 1 288.00 KB (294,912 bytes) 1/31/2003 12:52:18 PM
solosent.exe c:\program files\srn micro\solosent.exe 0xfffc331f 32 Not Available Not Available Not Available Not Available 76.00 KB (77,824 bytes) 9/19/2002 4:21:28 PM
spool32.exe c:\windows\system\spool32.exe 0xfff8facf 32 Not Available Not Available Not Available 4.90.3000 44.00 KB (45,056 bytes) 1/26/2003 8:33:46 PM
startupmonitor.exe c:\windows\startupmonitor.exe 0xfffc3e0b 32 Not Available Not Available Not Available Not Available 84.00 KB (86,016 bytes) 5/20/2000 5:23:48 PM
stmgr.exe c:\windows\system\restore\stmgr.exe 0xfffb61ef 32 Not Available Not Available Not Available 4.90.0.2533 60.27 KB (61,712 bytes) 1/26/2003 8:33:46 PM
systray.exe c:\windows\system\systray.exe 0xfffdae0b 32 Not Available Not Available Not Available 4.90.3000 36.00 KB (36,864 bytes) 1/26/2003 8:33:47 PM
taskmon.exe c:\windows\taskmon.exe 0xfffd6fdf 32 Not Available Not Available Not Available 4.90.3000 28.00 KB (28,672 bytes) 1/26/2003 8:33:47 PM
vsmon.exe c:\windows\system\zonelabs\vsmon.exe 0xfffe4a8b 32 Not Available Not Available Not Available 3.5.169.002 869.29 KB (890,152 bytes) 2/10/2003 3:45:35 AM
winmgmt.exe c:\windows\system\wbem\winmgmt.exe 0xfff9f1ff 32 Not Available Not Available Not Available 1.50.1164.0000 192.08 KB (196,685 bytes) 1/26/2003 8:33:50 PM
wmiexe.exe c:\windows\system\wmiexe.exe 0xfffbb913 32 Not Available Not Available Not Available 4.90.2452.1 16.00 KB (16,384 bytes) 1/26/2003 8:33:50 PM
zapro.exe c:\program files\zone labs\zonealarm\zapro.exe 0xfffcc9ff 32 Not Available Not Available Not Available 3.5.169.002 621.29 KB (636,200 bytes) 2/10/2003 3:45:37 AM
Is anything on my system working still, since it all looks dead, though it's still sorta here?

 

[jm100dm]

annieskid

I would like to try to help but I'm comfused. Where is all the info coming from that you are posting? What are you trying to do? This is what I'm referring to.

Quote
"I'll hunt for info, but am listing another list that seems to be important:3cmlnkw.exe c:\windows\system\3cmlnkw.exe 0xfffdeee3 256 Not Available Not Available Not Available Not Available 28.00 KB (28,672 bytes) 2/1/2003 9:32:09 PM
ddhelp.exe c:\windows\system\ddhelp.exe 0xfff9527f 256 Not Available Not Available Not Available 4.07.01.3000 45.27 KB (46,352 bytes) 1/26/2003 8:33:36 PM etc....."

What is spool32?

3cmlnkw.exe ---- appears to be a driver for a modem.