1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problem?

Discussion in 'Earlier Versions of Windows' started by annieskid, Feb 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    I just finished running a tune up at Pit Stop, finding several problems, ranging from internet security,low memory, internet cache, bandwidth to a minor problem with the ping test, and a security problem with Outlook Express (which I never use and remove every time I find it) Removed a couple of questionable Startups, several hundred cookies, which made computer freeze, go crazy showing one screen after another, and deny access. I found a Porn Site under objects in Internet Tools I can't remove, a file in the system called TAPISRV.EXE in the kids Registry I'd like to delete if I can do it without messing anything up, and clean this comp out from top to bottom. I lost the directions and link for cleaning it out by typing percent cookies and am getting a kernel32dll. error message opening the Internet, but getting on ok for now. I found a lot of Outlook Express files noone can explain. Seems the eleven year old has been running without ZA for a month or so, with her Dad hooking up to an adult site. I've blocked emails for at least a month from porn sites that have been crazy. I need a decent cookie cleaner, pop-up killer that actually kills the cookies as well, and to reinstall ZA. I assumed Zone Alarm on my name would cover all users. Wrong, now what?
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Tapisrv.exe is the Background Service which provides Windows Telephony (TAPI) Support.
    You don't want to delete it.

    As for your other problems, please do this:

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.
     
  3. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    I've just reinstalled Ad Aware, which I evidently downloaded but forgot to install (oops) and quarantined 54 ugly things that came from who knows where. Do I still need to go to the suggested link? I've installed Zone Alarm Plus from CNet even though it isn't rated very good (59%) but desperately need a nap, having three hours sleep again, with a headache and a sleeping baby. I'll be back ASAP, before the kids get near this thing again, but it's running better already, with no kernel32.dll error opening, and faster like nothing is hanging on trying to smother it.
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Did you install the latest version of Ad-Aware (AAW 6.0), and did you update before scanning?

    And yes, I'd still like to see your Hijack This log, as it may show loads of things that AAW either doesn't recognize or target.
     
  5. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    I removed all traces of aaw I could find before installing Ad Aware 6, very nice program.I figure the porn dialer is in here somewhere, since it returned when I came back here to reply through hotmail.
    Logfile of HijackThis v1.91.2
    Scan saved at 7:16:28 AM, on 2/10/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
    O1 - Hosts: 216.177.73.139 ieautosearch
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
    O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
    O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
     
  6. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    Looked closer at hijack this and found some problems in startup there. Three cookies will not die no matter what I do, and have renamed the WINDOWS?WINIT.BAK listing. Deleted what I could through hijack program, then ran Spybot, which found more than I ever expected. I removed what I could, but cant seem to get rid of five cookies, and have been denied access to the cookie index, so I can't delete there either, though I deleted the file in question, the problem with the eleven year olds cookies remains, preventing me from running the cookie/cache cleaner I just downloaded. No viruses detected at Pit Stop (quick scan) don't know if it's spyware or a worm, but it's making me mad after three hours. Every time I try to delete the file directly, Spybot finds five more. Two cookies are from atdmt, one from qksrv, both look like ad trackers that won't go away no matter what I try.
     
  7. The_Egg

    The_Egg

    Joined:
    Sep 16, 2002
    Messages:
    1,157
    Quick and dirty method:

    add *.qksrv.com and *.atdmt.com to the Restricted Sites zone in:
    IE Options -> Security -> Restricted Sites -> Sites
    and you'll never get another cookie or script from those sites again.

    I always add every spyware site detected by Spybot or Ad-aware.
    The list is getting rather large . . .

    You can back this up (if you ever need to reinstall windows) by exporting this reg key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    Just noticed you're running IE5.x (not 6)
    You can also disable "per-session cookies" c/o Restricted Sites -> Custom Level.


    I'd also be interested to see your StartUpList
    Though I'd presume that Spybot & Ad-Aware should've already got rid of most if not all spyware . . .

    ps. by updating Ad-Aware 6, we meant updating the internal Ref File
    by clicking "check for updates now", just above the Ad-Aware "Start" button
    (there was a new ref file on 6th Feb, and another new one today)
     
  8. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    I'll updat Ad Aware sometime today and work on restricted sites list. Thanks. StartupList report, 2/10/2003, 10:43:42 PM
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\TD_0005.DIR\STARTUPLIST.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v5.50 (5.50.4134.0100)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\PROGRAM FILES\SRN MICRO\SOLOSENT.EXE
    C:\PROGRAM FILES\SRN MICRO\SOLOCFG.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TEMP\TD_0005.DIR\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    3Cmlink = C:\WINDOWS\SYSTEM\3cmlnkW.exe
    SoloSentry = C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
    SoloSchedule = C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
    Run StartupMonitor = StartupMonitor.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    IDMan = C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 10/2/2003, 9:13:20)

    [Rename]
    NUL=c:\windows\profiles\cariamber\cookies\[email protected][2].txt
    NUL=c:\windows\profiles\cariamber\cookies\[email protected]www.qksrv[1].txt
    NUL=c:\windows\temp\cookies\[email protected][2].txt

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [iCC Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPCONNCHECK.DLL
    CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

    [sys Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [AV Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
    CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

    --------------------------------------------------
    End of report, 4,565 bytes
    Report generated in 0.420 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    I also added the Startup Moniter for good measure, bound to be a handy tool.
     
  9. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    I put everything in restricted sites, or tried to. It renamed the files _restore\temp\a0016961, which I've spent the day trying to shred, ran ad aware, spybot and hijack this on repeatedly without fixing this or _restore\temp\a0016964. Fine, so I hunt for it, when restricted sites won't let me add one of the new intruders, saying I need to remove the file first. This sneaky piece of crap has created four folders I can't touch, with no value when I search for them. I can see them in the line-up under My Computer, but can't find them. I want in depth virus scan, but what kind of adware ads folders? Worm? The folders are labeled _Restore, _Temp, _Restore Temp, and one I can't get to see even. I'm not seeing it in the first page of start up lists, only at the bottom as something extra that doesn't belong. The folders are directly under browse, and I don't know which of the folrders that open to search. Next...
     
  10. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    Internet acting freaky also, had to change settings to enable Java to even check my hotmail, though it worked fine this morning, so I don't think it was resetting anything at Pit Stop. Never say never again.
     
  11. The_Egg

    The_Egg

    Joined:
    Sep 16, 2002
    Messages:
    1,157
    Are you talking about this folder?
    C:\_RESTORE

    If so, that's where WinME stores all the System Restore backups.
    You can't delete anything in there.
    The only way is to turn off System Restore, which effectively auto deletes almost everything in C:\_Restore

    Before any Anti-Virus or Spyware Remover programs can delete any _Restore files, you need to (temporarily) disable System Restore via the System Control Panel.
    http://www.trendmicro.com/en/security/advisories/win_me_clean.htm
     
  12. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    Newest Startup list, compare WINITBAK listing. Problem!StartupList report, 2/12/2003, 4:38:55 AM
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v5.50 (5.50.4134.0100)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\PROGRAM FILES\SRN MICRO\SOLOSENT.EXE
    C:\PROGRAM FILES\SRN MICRO\SOLOCFG.EXE
    C:\WINDOWS\STARTUPMONITOR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    3Cmlink = C:\WINDOWS\SYSTEM\3cmlnkW.exe
    SoloSentry = C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
    SoloSchedule = C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
    Run StartupMonitor = StartupMonitor.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 10/2/2003, 23:10:40)

    [Rename]
    NUL=c:\_restore\temp\a0016964.cpy
    NUL=c:\_restore\temp\a0016961.cpy
    NUL=c:\spm2\thank.exe
    NUL=c:\windows\sbnet\showbehind.exe
    NUL=c:\windows\temp\cookies\[email protected][1].txt

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [iCC Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPCONNCHECK.DLL
    CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

    [sys Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [AV Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
    CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

    --------------------------------------------------
    End of report, 4,580 bytes
    Report generated in 0.194 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
    Can't find in Windows search, zero value, four new folders under search blank, computer listings, with browse over them, full of stuff downloaded by kids. Changes every time I try to delete it, with multiple listings in Spybot, several cant be fixed: 10 streamed history files.
     
  13. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    Taking two minutes to open any Internet Window, slow as Christmas bandwidth and Ping Test at Pit Stop, download speed half normal speed. Big Problem to kids who are banned from computer til this is fixed (2 days) this thing can't be restricted. In security/restricted sites, deleted all entries yesterday, let me add www.a001691.cpy, but would not let me add a0016964.cpy, saying I must remove it from system first. I can't find it. Worse, the listing in Security/Sites deleted itself, leaving only a ww blank space. What kind of adware does sneaky stuff like that?
     
  14. annieskid

    annieskid Thread Starter

    Joined:
    Jan 26, 2002
    Messages:
    134
    Found a lot of System configuration files opened or changed 1-26-03 and Restore/Health. Checked files Properties, dates back to 6-8-02 there, same day we picked up a virus that's since been cleaned by two technicians at two different shops. Restore, file of virus origin, still not working, now dated 1-26-03. Spool 23 has shortcut labeled 1-26-03, with many system files archived, 0 mb.
    I'll hunt for info, but am listing another list that seems to be important:3cmlnkw.exe c:\windows\system\3cmlnkw.exe 0xfffdeee3 256 Not Available Not Available Not Available Not Available 28.00 KB (28,672 bytes) 2/1/2003 9:32:09 PM
    ddhelp.exe c:\windows\system\ddhelp.exe 0xfff9527f 256 Not Available Not Available Not Available 4.07.01.3000 45.27 KB (46,352 bytes) 1/26/2003 8:33:36 PM
    explorer.exe c:\windows\explorer.exe 0xfffd0b7f 32 Not Available Not Available Not Available 5.50.4134.100 220.00 KB (225,280 bytes) 1/26/2003 8:30:16 PM
    helpctr.exe c:\windows\pchealth\helpctr\binaries\helpctr.exe 0xfffa862f 32 Not Available Not Available Not Available 4.90.0.2525 484.27 KB (495,888 bytes) 1/26/2003 8:33:38 PM
    idman.exe c:\program files\internet download manager\idman.exe 0xfffcd3a3 32 Not Available Not Available Not Available 1, 0, 0, 1 1,008.00 KB (1,032,192 bytes) 2/10/2003 8:48:07 AM
    kernel32.dll c:\windows\system\kernel32.dll 0xffef22d3 128 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
    kernel32.dll c:\windows\system\kernel32.dll 0xffff6433 32 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
    kernel32.dll c:\windows\system\kernel32.dll 0xffffc5f3 32 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
    mprexe.exe c:\windows\system\mprexe.exe 0xffffcfb7 32 Not Available Not Available Not Available 4.90.3000 28.00 KB (28,672 bytes) 1/26/2003 8:33:42 PM
    msnmsgr.exe c:\program files\msn messenger\msnmsgr.exe 0xfffd84e3 32 Not Available Not Available Not Available 5.0.0543 2.08 MB (2,181,704 bytes) 12/5/2002 5:24:54 PM
    mstask.exe c:\windows\system\mstask.exe 0xfffe1f2b 32 Not Available Not Available Not Available 4.71.2721.1 124.00 KB (126,976 bytes) 1/26/2003 8:33:42 PM
    persfw.exe c:\program files\kerio\personal firewall\persfw.exe 0xfffe6bdb 32 Not Available Not Available Not Available 2, 1, 4, 0 384.00 KB (393,216 bytes) 2/12/2003 5:22:10 AM
    solocfg.exe c:\program files\srn micro\solocfg.exe 0xfffc3ee3 32 Not Available Not Available Not Available 1, 0, 0, 1 288.00 KB (294,912 bytes) 1/31/2003 12:52:18 PM
    solosent.exe c:\program files\srn micro\solosent.exe 0xfffc331f 32 Not Available Not Available Not Available Not Available 76.00 KB (77,824 bytes) 9/19/2002 4:21:28 PM
    spool32.exe c:\windows\system\spool32.exe 0xfff8facf 32 Not Available Not Available Not Available 4.90.3000 44.00 KB (45,056 bytes) 1/26/2003 8:33:46 PM
    startupmonitor.exe c:\windows\startupmonitor.exe 0xfffc3e0b 32 Not Available Not Available Not Available Not Available 84.00 KB (86,016 bytes) 5/20/2000 5:23:48 PM
    stmgr.exe c:\windows\system\restore\stmgr.exe 0xfffb61ef 32 Not Available Not Available Not Available 4.90.0.2533 60.27 KB (61,712 bytes) 1/26/2003 8:33:46 PM
    systray.exe c:\windows\system\systray.exe 0xfffdae0b 32 Not Available Not Available Not Available 4.90.3000 36.00 KB (36,864 bytes) 1/26/2003 8:33:47 PM
    taskmon.exe c:\windows\taskmon.exe 0xfffd6fdf 32 Not Available Not Available Not Available 4.90.3000 28.00 KB (28,672 bytes) 1/26/2003 8:33:47 PM
    vsmon.exe c:\windows\system\zonelabs\vsmon.exe 0xfffe4a8b 32 Not Available Not Available Not Available 3.5.169.002 869.29 KB (890,152 bytes) 2/10/2003 3:45:35 AM
    winmgmt.exe c:\windows\system\wbem\winmgmt.exe 0xfff9f1ff 32 Not Available Not Available Not Available 1.50.1164.0000 192.08 KB (196,685 bytes) 1/26/2003 8:33:50 PM
    wmiexe.exe c:\windows\system\wmiexe.exe 0xfffbb913 32 Not Available Not Available Not Available 4.90.2452.1 16.00 KB (16,384 bytes) 1/26/2003 8:33:50 PM
    zapro.exe c:\program files\zone labs\zonealarm\zapro.exe 0xfffcc9ff 32 Not Available Not Available Not Available 3.5.169.002 621.29 KB (636,200 bytes) 2/10/2003 3:45:37 AM
    Is anything on my system working still, since it all looks dead, though it's still sorta here?
     
  15. jm100dm

    jm100dm

    Joined:
    May 26, 1999
    Messages:
    994
    annieskid

    I would like to try to help but I'm comfused. Where is all the info coming from that you are posting? What are you trying to do? This is what I'm referring to.

    Quote
    "I'll hunt for info, but am listing another list that seems to be important:3cmlnkw.exe c:\windows\system\3cmlnkw.exe 0xfffdeee3 256 Not Available Not Available Not Available Not Available 28.00 KB (28,672 bytes) 2/1/2003 9:32:09 PM
    ddhelp.exe c:\windows\system\ddhelp.exe 0xfff9527f 256 Not Available Not Available Not Available 4.07.01.3000 45.27 KB (46,352 bytes) 1/26/2003 8:33:36 PM etc....."

    What is spool32?

    3cmlnkw.exe ---- appears to be a driver for a modem.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/117912

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice