[compvirgin]

I am recieving a couple of error messages/blue screanings which state the following:
"Error:0E:018F:BFF8E64B" then it switches to a message stating:

"Kernel32 caused a general protection fault in module KRNL386.exe at 0001:000075a8"

and periodically i will recieve an error message stating: "Hposm caused an error in Kernel32.DLL" and then another periodic error stating: "ZCast has caused an error in Kernel 32.DLL"

As suggested by WhitPhil in my previous thread I did an AV Check as well as SpyBot, which advised me of several Viruses/TroJans/Worms etc....which I ultimately got rid of after running the Av Check/Spybot. I then ran CWShedder as well as AdAware, which also cleaned up my system.

After all of this I still seem to be getting the above listed error messages/Blue screans. Any suggestions?

WhitPhill, I could use your expertise once again!!! Thanx

 

[WhitPhil]

From the messages, you still are infested.

Download and run HiJackThis.
And copy/paste the log it creates, back here

 

[compvirgin]

WhitPhil...I did the Hijack and this is what it said:

Logfile of HijackThis v1.97.7
Scan saved at 10:18:05 PM, on 4/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\JUNO6\ZCAST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\JUNO6\CHKRAS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACROBAT.EXE
C:\PROGRAM FILES\COMMON FILES\ADOBE\WEB\AOM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\JUSEARCHENH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\SYSTEM\LMPDPSRV.EXE
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38031.5588541667
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

 

[WhitPhil]

Zcast is NetZero task.
Are you using this?

HPOsm belongs to an HP task, but the one the web talks about, isn't present.

I presume that you are running a HP PC as well as a Deskjet???

I would be tempted to go through the startup list (MSCONFIG) and UNselect all the HP related ones. (you can do a search on the web for the names. The few that I looked for all are unnecessary)

Unselect them, reboot and ensure the reboot is OK and your printer still works. Most of these tasks add icons to systray to give you quick access to something.

As well, UNselect OSA, MOSEARCH, MoneyExpress, LoadQm, WorksFUD, Adobe Gamma Loader

The task LMPDPSRV "supposedly" is related to a Lexmark Printer or Scanner? Do you have one of these installed? If so, again, I would UNselect this task, and then confirm that everything continues to run OK.

The Kernel32 causing an error in krnl386 is still strange.
But, removing all these apps from startup will free ram, resources and cpu. So, give them a shot!

 

[compvirgin]

Zcast I beleieve is my ISP. I actually have JUNO, But I think it's owned by NetZero.

I do have an HP PC as well as a HP Photosmart 7760 printer.

AS per your suggestion, I went through my MSCONFIG and UNselected MOSEARCH, LoadQm, WorksFUD, Adobe Gamma Loader. I looked for "money Express" and it didnt list it, however, I did have a "money Agent" which I UNselected. I also Unselected LMPDPSRV, which was an old Lexmark printer i had. The only one I couln't find was: OSA?????

I went through the list and Unselected the following(I couln't tell you why, I just figured that i wasn't using them): "task Monitor", "share to web Namespace Daemon", "HPSoftware update", "Scheduling Agent", and "Microsoft Office startup". I'm sure there were more I could have UNSelected, but I was too scared to mess anything up.

You had mentioned to check the WEB for all the HP definitions....Where do I go to find them???? I have: HP HUPDOS, HP Component Manager, HPHMON05, HPDJ Taskbar Utility. Should i UNSelect them as well???

thanx for all your help WhitPhil.

 

[WhitPhil]

HPHUPd05 is a Software Update Checker (the 05 is a version number)

HP Component Manager - "Checks the internet for updated drivers/utilities for your HP product"

HPHMON05 - "Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Disable if you don't use the reader "

HP DeskJet Taskbar - "Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer "

I would UNselect them all (unless you use the last two).
All of these programs can be run via Start > Programs

You have UNselected Taskmon, which is OK, but I would now do the following.
Taskmon monitors programs as they start, and logs that info for Defrag to allow it to try and optimize program startup. It is generally accepted that this does little for performance, and makes defrag run longer.
So, run Explorer, and go to View > Folder Options > View tab and Select "Show all files".
Then, browse to the Windows folder and find a folder called APPLOG.
Select all files in this folder and delete them. (these are the info files)

You have also UNselected Scheduling Agent, which could be OK, but be aware that this is the program that automatically runs "things", such as checking for updated virus defintions periodically. Or running defrag on a scheduled basis. If you depend on these things happening, re-select Scheduling Agent.
(Microsoft Office was OSA. It is a MS program that attempts to start Office Programs faster, and is also the Office ToolBar. So, if you use the Toolbar, you will want to put this one back)

This page lists most startup programs.

You should now find that your startup is faster, and hopefully your PC is a little more responsive.

 

[compvirgin]

OK Phil, I redid my unselections to the following: I unselected: "Money agent" "task monitor" "worksfud" "loadQM" "share to web namespace daemon" "lmpdpsrv" "HP software update" "HpHMON 05" "HPDJ Taskbar utility" "MOSearch" and "adobe Gamma Loader.exe"

Now, I searched for my "APPLOG" to delete it as you requested, but my computer could not find it?????????

I went to the link you had listed to check the list for startup programs, but it would not let me get to the site....It said i didnt have access?????

now what should I do????

 

[WhitPhil]

The \Applog folder is hidden, so first go to Explorer, View > Folder Options > View Tab and Select Show All Files.
And, while you are there, UNselect (if it is selected) the "Hide File Extensions for Known File Types". This will make any later troubleshooting a bit easier.

There should be no issue getting to that site.
Try this one

 

[compvirgin]

OK PHil, I may be showing my true computer ignorance, but I went to Explorer and went to the "view" tab...but there was no "folder options" and/or "show all files". The best I could find was a file named: "application data" which was in my windows folder. Is that the same thing??? If I cant find it, should I re-select my "taskmon"?

I was able to get to that site from your new link...it did list a few of my start up programs, but not all.

 

[WhitPhil]

This is Windows Explorer, NOT Internet Explorer!
(folder options is also under Tools)

Once you select Show All Files, you will be able to find Applog under \Windows.

 

[compvirgin]

OK.....I found it. (Finally) I deleted everything in the Applog folder. Should I also delete them from the Recycle Bin?

Just before I logged on (after leaving my computer idle for several hours) I got the same blue screan with the same message:

"Error: OE:018F:BFF8E64B" then after hitting the enter key, it went to a grey screan that said:

"Kernel32 caused a general protection fault in module KRNL386.EXE at 0001:000075a8" then I had to hit CTRL-Alt Del to restart the comp.

Now this was before I deleted averthing in my Applog folder. I'll keep an eye on it and let you know if it blue screans, now that the Applog is cleared out.

Thanx WhitPhil...once again, "You are the MAN."

 

[WhitPhil]

Definitely delete them from teh recycle bin.

Also, do the following for me.

Start > Find Files
In the named field, enter kernel32.*
In the Look in field, use the pulldown to select [C:]
Find Now

Let me know what files are found and what folders they are in.

Tx

 

[compvirgin]

OK, I deleted all the Applog files from the recycle bin as well.

I searched for "kernel32.*" as requested and it returned with the following:

"KERNEL32.DLL " which was located in the following: "C:\windows\system 524KB Application extention"


What are you thinkin'?

 

[WhitPhil]

I just wanted to make sure that the Kernel32 in the error message, was Kernel32.dll not Kernel32.exe running somewhere else!

"Just before I logged on (after leaving my computer idle for several hours) "
When you did this, was your screensaver active?
Also, to you have any Power Mgt options set in Control Panel?
Ie: to go to Standby mode, screen to power off, disk to power down?

But, other than this failure, how is the PC running now?

 

[compvirgin]

yes, my screansave was active, however, I have noticed that it has stopped at times during the idle periods.


OK, I went to the "Power Options Properties" from my control panel and have the following:

Power schemes: "always on"

Settings for Always On power scheme: Turn off monitor - "Never"
Turn off Hard disk - "Never"

System standby: "never"
System Hibernates: "never"

Advanced Tab: I have nothing selected under this tab

Hibernate: "Enable hibernate support"

Should I change a few things here????

Outside of that, everything seems to be running fine, however, I have not let the computer idle since I made the last changes from the previous thread.

what are your next suggestions????

 

[WhitPhil]

I'd run with it for a while. It may be worthwhile to switch to another screensaver in case that is part of the problem.

 

[compvirgin]

OK, I will do just that. If I have any further problems.....you will be the first I come screaming for.

Are my "Power Options Properties" set correctly?????

thanx for all your help WhitPhil.

 

[WhitPhil]

Nothing really wrong in power.
But, since you have System Hibernates set to Never, I would Disable the option under Hibernate.

Is this a laptop??

 

[compvirgin]

OK, I disabled my hibernate option. Is it better to have my hibernate option on and set for a certain time limit for it to kick in?

Im not sure if this matters, but I usually get on my computer one time a day, sometimes twice (sometimes I wont use it for a couple of days or even up to a week at times)...so when i'm not using it, I turn the machine off until I need to use it again. Is it better for me to let the machine run 24/7 and let the machine go into hibernate mode???? OR am I ok to shut it down when I'm not using it?

It's not a laptop, its an HP7855 home PC.

I also changed my screansaver to another picture option. (Maybe this one will be less stressfull on the PC???

 

[WhitPhil]

From the MS Help, it indicates that IF your hardware supports it, there will be a Hibernate tab with the options to control Hibernation.
Note that it also states "You cannot put your computer in hibernation if you have a FAT32 drive". (whether this is true or not, I don't know)

It is used most of the time on laptops, to force the PC into hibernate (save everthing currently running) when the laptop lid is closed (as in accidentally). If it isn't set this way, closing the lid would power down and loose all running tasks.

On a desktop, I personally don't see the use.

For one thing, if you set it up to hibernate when you hit the power off, it means you would never go through the bootup sequence. Which in turn means, startup tasks such as ScanRegistry (backup the reg files) would never run.

So, in your case, with "infrequent" use, I would power down/up each time.
(IMHO)