Faulting application

[Guest]

I have searched for this file on my system, non found, I searched my registry
for the file name, and nothing there.

Can someone tell me as to why I am having a faulting app on a non existing
file?

Application Error Faulting application pprekop.exe, version 4.2.0.172,
faulting module ole32.dll, version 5.1.2600.2182, fault address 0x10017bed.

Thank you

I have posted this in the office group as well...

 

[DL]

It would have been helpful to have crossposted, rather than multi posting

 

[Rock]

I have searched for this file on my system, non found, I searched my
registry
for the file name, and nothing there.

Can someone tell me as to why I am having a faulting app on a non existing
file?

Application Error Faulting application pprekop.exe, version 4.2.0.172,
faulting module ole32.dll, version 5.1.2600.2182, fault address
0x10017bed.

It should be in the \windows\system32 folder. If you are going to post to
different groups, crosspost, that is post to all the groups at the same
time, rather than mutliposting - posting separately.

 

[Guest]

Thanks for the thought Rock, but I do not know how to crosspost, within this
newsgroup. As I stated I did a search from head to toe including hidden files
& folders. I have no sony components in my system, I have a thinkpad A30.

 

[GSV Three Minds in a Can]

I have searched for this file on my system, non found, I searched my registry
for the file name, and nothing there.

Can someone tell me as to why I am having a faulting app on a non existing
file?

Application Error Faulting application pprekop.exe, version 4.2.0.172,
faulting module ole32.dll, version 5.1.2600.2182, fault address 0x10017bed.

Sounds like you might be infected then, down at the rootkit level.
Google Is Your Friend - there are several rootkit revealers/removers
available. I'd personally start with rootkit revealer from sysinternals,
since that doesn't attempt to fix anything.

/rant on
The way M$ have constructed Windows (for the benefit of Digital Rights
Mgmt folks, and virus writing spamming b&stards) it is quite possible to
hide both files (and folders) and registry keys. Go look at
HKLM\security with regedit .. see anything? Nope you wont. Now export
it. Now you see it. However what you see is binary/hex/whatever,
designed to be hard to search and modify. And you actually have
permissions for that key - there are probably several on your system
that you don't even have read access for (unless you are logged on as
'SYSTEM').

The 'personal' computer is rapidly becoming more M$'s property than your
own, except when some trojan/virus/spyware/rootkit has already claimed
it for itself.
/end rant

 

[Ken Blake, MVP]

Thanks for the thought Rock, but I do not know how to crosspost,
within this newsgroup.

The reason you're having such problems is that you are using the web
interface to participate in this newsgroup--it's the slowest, clunkiest,
most error-prone method there is. Do yourself a favor and switch to a
newsreader, such as Outlook Express, which comes with Windows. See
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

 

[Rock]

Thanks for the thought Rock, but I do not know how to crosspost, within
this
newsgroup. As I stated I did a search from head to toe including hidden
files
& folders. I have no sony components in my system, I have a thinkpad A30.

As Ken said it's a much better experience using a newsreader. You can post
to several groups at the same time then. It's easier to keep track of your
posts. Multiposting has a variety of problems. People in one newsgroup may
not see the responses in another and so don't get the benefit of the
solution. It makes it harder to know what to suggest for those posters who
go to multiple groups and see the same post. They might not remember what
they posted elsewhere, and it contributes to duplication of effort.
Crossposting to a few, select and relevant groups is ok.

I don't know if you did a Google search for that file. If not here it is.
Not much there, but you could look around.
http://www.google.com/search?hl=en&q=pprekop.exe&btnG=Google+Search

 

[Guest]

Thank you for this information,

I did download sysinternal rootkit revealer resultes are below;

"Hidden from Windows API.",10/18/2005 4:23 AM,2.50 KB,"C:\$AttrDef"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$BadClus"
"Hidden from Windows API.",10/18/2005 4:23 AM,14.65 GB,"C:\$BadClus:$Bad"
"Hidden from Windows API.",10/18/2005 4:23 AM,468.81 KB,"C:\$Bitmap"
"Hidden from Windows API.",10/18/2005 4:23 AM,8.00 KB,"C:\$Boot"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend\$ObjId"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend\$Quota"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend\$Reparse"
"Hidden from Windows API.",10/18/2005 4:23 AM,64.00 MB,"C:\$LogFile"
"Hidden from Windows API.",10/18/2005 4:23 AM,11.67 MB,"C:\$MFT"
"Hidden from Windows API.",10/18/2005 4:23 AM,4.00 KB,"C:\$MFTMirr"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Secure"
"Hidden from Windows API.",10/18/2005 4:23 AM,128.00 KB,"C:\$UpCase"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Volume"
"Hidden from Windows API.",10/18/2005 4:24 AM,2.50 KB,"E:\$AttrDef"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$BadClus"
"Hidden from Windows API.",10/18/2005 4:24 AM,41.24 GB,"E:\$BadClus:$Bad"
"Hidden from Windows API.",10/18/2005 4:24 AM,1.29 MB,"E:\$Bitmap"
"Hidden from Windows API.",10/18/2005 4:24 AM,8.00 KB,"E:\$Boot"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend\$ObjId"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend\$Quota"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend\$Reparse"
"Hidden from Windows API.",10/18/2005 4:24 AM,64.00 MB,"E:\$LogFile"
"Hidden from Windows API.",10/18/2005 4:24 AM,135.97 MB,"E:\$MFT"
"Hidden from Windows API.",10/18/2005 4:24 AM,4.00 KB,"E:\$MFTMirr"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Secure"
"Hidden from Windows API.",10/18/2005 4:24 AM,128.00 KB,"E:\$UpCase"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Volume"

I also downloaded Sypsweeper from webroot, it has the feature of checking
for rootkit, this found 1 item, I am getting somewhere.

Once again thank you for your help,

SteveL

 

[GSV Three Minds in a Can]

I ran several removal tools amd this is my results;

Blacklight from F-secure reports no infections
RootKit revealer reports nothing
MS Malicious software removal tool reports nothing
Ice Sword reports nothing
Prevx reports nothing
Sophos reports nothing
Oversight reports nothing
Hijackthis reports nothing


Spysweeper reports 1 infection
StopZilla reports 1 infection

So I don't understand why you can't find pprekop.exe then, since nothing
can be hiding it. I assume you have turned on 'show system files' and
'show hidden files' etc. If you were using (god help you) the Win XP
search engine, you also have to go into 'advanced' to tell it you want
it to look =really= hard .. you know, in subfolders, system files, and
suchlike.

If you ever actually FIND the offending file, you can hopefully find out
some more details about it.

remind me again - did you search the registry for 'pprekop' (keys and
data values)??

 

[GSV Three Minds in a Can]

No such file on my system, yes i did enable all of the hidden file features
in folder options, yes I did a search for the file with advanced options,
within hidden folders.
The only other thing I see is the report to MS, which I did tell the system
to send, within that dialog box, it stated that "event id 1000 file name
faultrep.dll ver. 5.1.2600.2180 source is application error.

That just says that fault reporting (faultrep.dll) is passing on a fault
which was an application error (from the seemingly hidden application).
It's possible that the app in question is renaming a .exe file and then
running it, but that sort of suspicious behaviour is usually a sign of
something nasty (as indeed is hiding things from the user, although
'nasty' can just be some DRM garbage).

You didn't answer the second query - no sign of the name in the registry
anywhere?? Google has never heard of it, seemingly, so if it's malware
it is either new, or else mutable (i.e. a new name for every lucky
sucker).

Someone has to be starting SOMETHING to get that .exe to run (albeit the
file you ask to run may have some other name) so you could use msconfig
(or better yet, Mike Lin's startup.cpl applet) to see what is being
loaded from where, and disable it.

I arrived late to this discussion, so you could also remind me WHEN does
this happen, roughly? I wonder if anything will show in task manager, or
sysinternals 'process explorer' at the time the error message is spat
out. You might also want to generate a logged boot (possible from
msconfig, boot tab) to see if there are any strange .sys files being
loaded, and/or look at 'hidden devices' in device manager and see what
might be there that perhaps shouldn't be.

Booth those are complicated by the amount of stuff which M$ have chosen
to hide, and which you actually need.

 

[Guest]

After starting/stoping apps on my system I have figured out which app is
causing the error, I have sent the error to the appropriate company.

Thanks again

 

[GSV Three Minds in a Can]

After starting/stoping apps on my system I have figured out which app is
causing the error, I have sent the error to the appropriate company.

Well, for the benefit of future sufferers, who might Google across this
thread, could you maybe tell us which application is was, and why it has
a .exe file that you apparently couldn't find? (or is it secret??).

 

[Guest]

Yes, sure, it is stupid. PartyPoker.net. I e-mailed them and they stated that
it was not part of there pgm, the only thing is while I have event viewer
open I start the game and the error shows up.
Go figure....

BTW, I uninstalled the pgm and have not had the problem since.