Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

virus scan needed

1K views 6 replies 3 participants last post by  jm100dm 
#1 ·
Me again, after posting system info in Windows ME with Startup list, no response today, ready to panic. Something (virus, trojan,whatever) crashed computer 6-8-2000, killing Restore program. Two technicians, several hundred dollars later, new problem. 4,000 plus files modified 6-8 , created problem 1-26-03 in system files, many of which now read 0 bytes. Virus scans showing system as clean for the past week, listed as Not Available in Help and Support (now on desktop for easy access) Most of the bad files are archived shown as clear, ghostly pictures. Some have a flower on them, why?
 
#2 ·
Startups look ok to me:*StateMgr c:\windows\system\restore\statemgr.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
3Cmlink c:\windows\system\3cmlnkw.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IDMan c:\program files\internet download manager\idman.exe /onboot NANCY HKU\NANCY\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
msnmsgr "c:\program files\msn messenger\msnmsgr.exe" /background NANCY HKU\NANCY\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msnmsgr "c:\program files\msn messenger\msnmsgr.exe" /background .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCHealth c:\windows\pchealth\support\pchschd.exe -s All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PersFw "c:\program files\kerio\personal firewall\persfw.exe" /hide All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Run StartupMonitor startupmonitor.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry c:\windows\scanregw.exe /autorun All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SchedulingAgent mstask.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
SoloSchedule c:\progra~1\srnmic~1\solocfg.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoloSentry c:\progra~1\srnmic~1\solosent.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskMonitor c:\windows\taskmon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TrueVector c:\windows\system\zonelabs\vsmon.exe -service All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ZoneAlarm Pro c:\progra~1\zonela~1\zoneal~1\zapro.exe -nopopup All Users Common Startup

But3cmlnkw.exe c:\windows\system\3cmlnkw.exe 0xfffdeee3 256 Not Available Not Available Not Available Not Available 28.00 KB (28,672 bytes) 2/1/2003 9:32:09 PM
ddhelp.exe c:\windows\system\ddhelp.exe 0xfff9527f 256 Not Available Not Available Not Available 4.07.01.3000 45.27 KB (46,352 bytes) 1/26/2003 8:33:36 PM
explorer.exe c:\windows\explorer.exe 0xfffd0b7f 32 Not Available Not Available Not Available 5.50.4134.100 220.00 KB (225,280 bytes) 1/26/2003 8:30:16 PM
helpctr.exe c:\windows\pchealth\helpctr\binaries\helpctr.exe 0xfff52fff 32 Not Available Not Available Not Available 4.90.0.2525 484.27 KB (495,888 bytes) 1/26/2003 8:33:38 PM
idman.exe c:\program files\internet download manager\idman.exe 0xfffcd3a3 32 Not Available Not Available Not Available 1, 0, 0, 1 1,008.00 KB (1,032,192 bytes) 2/10/2003 8:48:07 AM
iexplore.exe c:\program files\internet explorer\iexplore.exe 0xfff8d127 32 Not Available Not Available Not Available 5.50.4134.100 72.00 KB (73,728 bytes) 1/26/2003 8:30:18 PM
kernel32.dll c:\windows\system\kernel32.dll 0xffef22d3 128 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
kernel32.dll c:\windows\system\kernel32.dll 0xffff6433 32 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
kernel32.dll c:\windows\system\kernel32.dll 0xffffc5f3 32 Not Available Not Available Not Available 4.90.3000 524.00 KB (536,576 bytes) 1/26/2003 8:32:42 PM
mprexe.exe c:\windows\system\mprexe.exe 0xffffcfb7 32 Not Available Not Available Not Available 4.90.3000 28.00 KB (28,672 bytes) 1/26/2003 8:33:42 PM
msnmsgr.exe c:\program files\msn messenger\msnmsgr.exe 0xfffd84e3 32 Not Available Not Available Not Available 5.0.0543 2.08 MB (2,181,704 bytes) 12/5/2002 5:24:54 PM
mstask.exe c:\windows\system\mstask.exe 0xfffe1f2b 32 Not Available Not Available Not Available 4.71.2721.1 124.00 KB (126,976 bytes) 1/26/2003 8:33:42 PM
persfw.exe c:\program files\kerio\personal firewall\persfw.exe 0xfffe6bdb 32 Not Available Not Available Not Available 2, 1, 4, 0 384.00 KB (393,216 bytes) 2/12/2003 5:22:10 AM
pstores.exe c:\windows\system\pstores.exe 0xfff67e8b 32 Not Available Not Available Not Available 5.00.2133.2 82.77 KB (84,752 bytes) 1/26/2003 8:30:22 PM
rnaapp.exe c:\windows\system\rnaapp.exe 0xfff770c7 32 Not Available Not Available Not Available 4.90.3000 56.00 KB (57,344 bytes) 1/26/2003 8:33:44 PM
solocfg.exe c:\program files\srn micro\solocfg.exe 0xfffc3ee3 32 Not Available Not Available Not Available 1, 0, 0, 1 288.00 KB (294,912 bytes) 1/31/2003 12:52:18 PM
solosent.exe c:\program files\srn micro\solosent.exe 0xfffc331f 32 Not Available Not Available Not Available Not Available 76.00 KB (77,824 bytes) 9/19/2002 4:21:28 PM
spool32.exe c:\windows\system\spool32.exe 0xfff8facf 32 Not Available Not Available Not Available 4.90.3000 44.00 KB (45,056 bytes) 1/26/2003 8:33:46 PM
startupmonitor.exe c:\windows\startupmonitor.exe 0xfffc3e0b 32 Not Available Not Available Not Available Not Available 84.00 KB (86,016 bytes) 5/20/2000 5:23:48 PM
stmgr.exe c:\windows\system\restore\stmgr.exe 0xfffb61ef 32 Not Available Not Available Not Available 4.90.0.2533 60.27 KB (61,712 bytes) 1/26/2003 8:33:46 PM
systray.exe c:\windows\system\systray.exe 0xfffdae0b 32 Not Available Not Available Not Available 4.90.3000 36.00 KB (36,864 bytes) 1/26/2003 8:33:47 PM
tapisrv.exe c:\windows\system\tapisrv.exe 0xfff8f167 32 Not Available Not Available Not Available 4.90.3000 120.00 KB (122,880 bytes) 1/26/2003 8:33:47 PM
taskmon.exe c:\windows\taskmon.exe 0xfffd6fdf 32 Not Available Not Available Not Available 4.90.3000 28.00 KB (28,672 bytes) 1/26/2003 8:33:47 PM
vsmon.exe c:\windows\system\zonelabs\vsmon.exe 0xfffe4a8b 32 Not Available Not Available Not Available 3.5.169.002 869.29 KB (890,152 bytes) 2/10/2003 3:45:35 AM
winmgmt.exe c:\windows\system\wbem\winmgmt.exe 0xfff9f1ff 32 Not Available Not Available Not Available 1.50.1164.0000 192.08 KB (196,685 bytes) 1/26/2003 8:33:50 PM
wmiexe.exe c:\windows\system\wmiexe.exe 0xfffbb913 32 Not Available Not Available Not Available 4.90.2452.1 16.00 KB (16,384 bytes) 1/26/2003 8:33:50 PM
zapro.exe c:\program files\zone labs\zonealarm\zapro.exe 0xfffcc9ff 32 Not Available Not Available Not Available 3.5.169.002 621.29 KB (636,200 bytes) 2/10/2003 3:45:37 AM
 
#3 ·
First of all I don't have windows ME but I'll try to help. If the folders have 0 bites then they are empty and will not effect anything. As for the ghostly appearance check my attachment. The files that appear that way are hidden files and folders. The not available may be referring to the fact that there is nothing in them. Don't know for sure just my guess.

Are you still experiencing a problem or just curious of your findings?

The flower may have something to do with what program they are associated with.
 

Attachments

#4 ·
No obvious problem except fear of computer crashing again, with some problems showing up during testing at Pit Stop with bandwidth and Ping, adware changing, renaming itself, renaming my WINITBAK file two or three times (more about all that in ME posted yesterday) Is it dangerous to unhide these files, if they're system or read only files?
 
#7 ·
You can change them back to hidden by opening any folder then
view
folder options
view
hidden ----- Change the option here.

They are hidden to prevent them from being deleted or altered by mistake.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top