My first suggestion is to get off of Win95/98/ME. Second - do what the webpage for handle suggest http://www.sysinternals.com/ntw2k/freeware/handle.shtml Read about object managers in Inside Windows 2000, and/or use winobj.
As you don't say where you picked up 'handle', I can only assume this is the one you are referring to in your email. // I am new to security and I am apologizing if my question // has been posted // and answered already on this forum. // I have installed "Handle" on my computer and how would I // interpret the // output so I can find which process is good and which one is // not... Anyone can help with a begunning of explanation. // // Eg: MSGSRV32.EXE PID :ffc07435 // 4:Process MSGSRV32.EXE (FFC07435) http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q138708&; // 8:Mutex MPRMutex http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214353,0 0. html http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmeot he r/hh/wmeother/kernel_994i.asp - might wrap. More than likely this is the program setting up the 'share' (aka mutex) of the object MSGSRV.DLL or MPREXE.DLL. Off the top of my head. // 10:Process <Non-existant Process> (FFC03E75) // 14:Process MPREXE.EXE(FFC062A5) // 18:Thread MPREXE.EXE(FFC062A5 ):FFC06495 http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q155857&; // 1C:Thread <Non-existant Process>(FFC03E75):FFC0205D // Just a guess at this point as I have never used 'handle'. My guess is that the 'non-existant process' is a thread that opened and closed faster than the program could get the owner info, and then rescanned to find the thread or process that spawned the thread gone.
