Tech Support Guy banner
Cancel

Kernel32 - Blue screening BSOD

3683 Views 40 Replies 4 Participants Last post by  angirish
C
I am recieving a couple of error messages/blue screanings which state the following:
"Error:0E:018F:BFF8E64B" then it switches to a message stating:

"Kernel32 caused a general protection fault in module KRNL386.exe at 0001:000075a8"

and periodically i will recieve an error message stating: "Hposm caused an error in Kernel32.DLL" and then another periodic error stating: "ZCast has caused an error in Kernel 32.DLL"

As suggested by WhitPhil in my previous thread I did an AV Check as well as SpyBot, which advised me of several Viruses/TroJans/Worms etc....which I ultimately got rid of after running the Av Check/Spybot. I then ran CWShedder as well as AdAware, which also cleaned up my system.

After all of this I still seem to be getting the above listed error messages/Blue screans. Any suggestions?

WhitPhill, I could use your expertise once again!!! Thanx
Save
Like
Status
Not open for further replies.
1 - 20 of 41 Posts
C
WhitPhil...I did the Hijack and this is what it said:

Logfile of HijackThis v1.97.7
Scan saved at 10:18:05 PM, on 4/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\JUNO6\ZCAST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\JUNO6\CHKRAS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACROBAT.EXE
C:\PROGRAM FILES\COMMON FILES\ADOBE\WEB\AOM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\JUSEARCHENH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\SYSTEM\LMPDPSRV.EXE
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38031.5588541667
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
See less See more
Save
Like
C
Zcast I beleieve is my ISP. I actually have JUNO, But I think it's owned by NetZero.

I do have an HP PC as well as a HP Photosmart 7760 printer.

AS per your suggestion, I went through my MSCONFIG and UNselected MOSEARCH, LoadQm, WorksFUD, Adobe Gamma Loader. I looked for "money Express" and it didnt list it, however, I did have a "money Agent" which I UNselected. I also Unselected LMPDPSRV, which was an old Lexmark printer i had. The only one I couln't find was: OSA?????

I went through the list and Unselected the following(I couln't tell you why, I just figured that i wasn't using them): "task Monitor", "share to web Namespace Daemon", "HPSoftware update", "Scheduling Agent", and "Microsoft Office startup". I'm sure there were more I could have UNSelected, but I was too scared to mess anything up.

You had mentioned to check the WEB for all the HP definitions....Where do I go to find them???? I have: HP HUPDOS, HP Component Manager, HPHMON05, HPDJ Taskbar Utility. Should i UNSelect them as well???

thanx for all your help WhitPhil.
See less See more
Save
Like
C
OK Phil, I redid my unselections to the following: I unselected: "Money agent" "task monitor" "worksfud" "loadQM" "share to web namespace daemon" "lmpdpsrv" "HP software update" "HpHMON 05" "HPDJ Taskbar utility" "MOSearch" and "adobe Gamma Loader.exe"

Now, I searched for my "APPLOG" to delete it as you requested, but my computer could not find it?????????

I went to the link you had listed to check the list for startup programs, but it would not let me get to the site....It said i didnt have access?????

now what should I do????
Save
Like
C
OK PHil, I may be showing my true computer ignorance, but I went to Explorer and went to the "view" tab...but there was no "folder options" and/or "show all files". The best I could find was a file named: "application data" which was in my windows folder. Is that the same thing??? If I cant find it, should I re-select my "taskmon"?

I was able to get to that site from your new link...it did list a few of my start up programs, but not all.
Save
Like
C
OK.....I found it. (Finally) I deleted everything in the Applog folder. Should I also delete them from the Recycle Bin?

Just before I logged on (after leaving my computer idle for several hours) I got the same blue screan with the same message:

"Error: OE:018F:BFF8E64B" then after hitting the enter key, it went to a grey screan that said:

"Kernel32 caused a general protection fault in module KRNL386.EXE at 0001:000075a8" then I had to hit CTRL-Alt Del to restart the comp.

Now this was before I deleted averthing in my Applog folder. I'll keep an eye on it and let you know if it blue screans, now that the Applog is cleared out.

Thanx WhitPhil...once again, "You are the MAN."
Save
Like
C
OK, I deleted all the Applog files from the recycle bin as well.

I searched for "kernel32.*" as requested and it returned with the following:

"KERNEL32.DLL " which was located in the following: "C:\windows\system 524KB Application extention"


What are you thinkin'?
Save
Like
C
yes, my screansave was active, however, I have noticed that it has stopped at times during the idle periods.


OK, I went to the "Power Options Properties" from my control panel and have the following:

Power schemes: "always on"

Settings for Always On power scheme: Turn off monitor - "Never"
Turn off Hard disk - "Never"

System standby: "never"
System Hibernates: "never"

Advanced Tab: I have nothing selected under this tab

Hibernate: "Enable hibernate support"

Should I change a few things here????

Outside of that, everything seems to be running fine, however, I have not let the computer idle since I made the last changes from the previous thread.

what are your next suggestions????
See less See more
Save
Like
C
OK, I will do just that. If I have any further problems.....you will be the first I come screaming for.

Are my "Power Options Properties" set correctly?????

thanx for all your help WhitPhil.
Save
Like
C
OK, I disabled my hibernate option. Is it better to have my hibernate option on and set for a certain time limit for it to kick in?

Im not sure if this matters, but I usually get on my computer one time a day, sometimes twice (sometimes I wont use it for a couple of days or even up to a week at times)...so when i'm not using it, I turn the machine off until I need to use it again. Is it better for me to let the machine run 24/7 and let the machine go into hibernate mode???? OR am I ok to shut it down when I'm not using it?

It's not a laptop, its an HP7855 home PC.

I also changed my screansaver to another picture option. (Maybe this one will be less stressfull on the PC???
Save
Like
C
OK, I guess that means I'm OK to leave everything the way you've suggested.
The hibernate mode is disabled, I changed my screansaver, and I will power up/down as I need to use the comp.

I will keep you posted if things decide to go hay-wire again and/or as error messages appear.

thanx for all your help WhitPhil, you've been a tremendous help.
Save
Like
C
Hey WhitPhil.....Well it didn't take long to bluescrean on me again. I was on the web, and was logging off and attempting to close everything down when the blue screan appeared with the same original error message. This time it mentioned something about being low on resources and wanted to know if I wanted to shut down Explorer. I did and then the blue screan poped up with the error message and then with the general protection fault in Kernel386.exe.
(Pretty much the same problems that I have been experiencing before)

Any suggestions????
Save
Like
C
OK, this is what I have done so far: I immediately lowered my graphics to the one prior to the lowest setting. Then I ran the Trend Mirco which ran all night until it was complete, (After that, my computer automatically logged me off, due to inactivity, but the screansaver was operating) When I woke up this morning, the Trend Micro indicated No viruses. When I went to indicate that i was complete with the test...the computer grey-screaned on me listing the following error message:

"IEXPLORER caused a general protection fault in module KRNL386.exe at 0001:000075a8"

after I checked "yes" to close it, it caused another grey-screan, which said the following:

"EXPLORER caused a general protection fault in KRNL386.exe at 0001:000075a8"

after I checked "yes" to close it out, it gave me an error message which stated the following:

"dangerously low on resources, would you like to terminate Winmgmt" , when I indicated "yes", it came up with another error message which stated the following: "Error: 0D:016F:000075A8"

then i had to re-boot, because it wouldn't let me do anything else.

After I rebooted I ran SpyBot S&D along with Spyware Blaster, which indicated some items, which I chose to fix and then immunized my system.

I then ran CWShredder, which indicated my system was clean and then finally I ran AVG 6.0, which indicated no viruses. I tried to run my Spyware Guard, but for some reason it didnt want to work.

I ran HiJackthis, and this is what it indicated:

Logfile of HijackThis v1.97.7
Scan saved at 11:50:11 AM, on 4/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\JUNO6\ZCAST.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38031.5588541667
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

I will leave everything alone for now...until I get your opinions as to what to do next.
See less See more
Save
Like
C
I forgot to add, The first thing I did after lowering my graphics, was uninstalled my Adaptec CD creator. and then ran the Trend Micro
Save
Like
C
Hey RollingROG, I went to download the DocMemory, however, it indicated that I must have Win 95/98/2K. Unfortunately I have ME. will it still work???
Save
Like
C
WhitPhil...did you get my last post?? I havn't heard from you.

RollongRog, I downloaded the DocMemory and ran the test. Im not sure if the test ran correctly? It said it did the "test Walk Address '0' " however, it only got to 74.1% complete. I could hear my 'A' drive running, but the test was not showing that it got any further than 74.1%, and it wouldn't let me escape to re-run it...I had to shut the computer off. I ran it a second time....and it came right up to 74.1% and then kept runningw/o going any further (I shut the comp off again) It did state the following:
"Walk Data '0'.....Pass
"Walk Data '1'.....Pass

Now getting back to your last post, you asked me about the following items:

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w

Your guess is good as mine, I am true to my screan name...I a true Computer Virgin, so you'll have to go easy on me. I appreciate yours and WhitPhills help tremendously, but you'll usually have to walk me through some things.

what do you think it is? should I be worried?
See less See more
Save
Like
C
I apologize WhitPhil and RollingRog, it appears that the TechGuy Forum was not sending me emails letting me know that you were responding to my last post. So therefore I was not checking the site. Anyway, let me fill you in on what I have done since both of your last posts

Rolling Rog, I tried the DocMemory Test once again, and it did the same thing, ran real quick, got up to 74.1% and stopped????

I went to the simmtester site.....and didn't know which one to download. (there were too many options, and I didn't know which one to choose...can you direct me to which one I need?)

I ran the HIJack program and "Fixed" the following selections as you requested:

"R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w"

and sent the listed folder to the recycle bin as well

"JUSearch folder in c:\program files "

WhitPhil, I also did as you requested and UNselected the following:

HPSYSDRV
Microsoft Works Portfolio
DJRegfix
HPLogiFinder
CamMonitor?
HPHUPD05
HP Component Manager
PP6100b (something related to your scanner. If needed, you should be able to run this via Start > Programs)
HPDJ Taskbar Utility

Now you mentioned about selecting either AVG or McAfee. Well I guess it's apparent that the McAfee was not working due to the fact that when I first started this Kernel32 problem and you suggested downloading the AVG, and it discovered several Viruses/Trojans/Worms etc....I am assuming that the McAfee was not doing what it was supposed to.

I guess I will get rid of the McAfee, but how do you suggest I do that?

thanks again fella's for all your patience with me and your continued diligence to helping me solve this VERY annoying problem.

I will leave my computer on today and check back in later. Usually I experience the Bluescreaning when I leave the computer idle for a while.
See less See more
Save
Like
C
update: RollingRog, I had to Restore my JUSearch folder from the recycle bin....I think it had something to do with my ISP, which is JUNO.

I'm not sure, but I had to restore it, then I had problems getting online, so I re-installed JUNO. Is this a JUNO folder? should I leave it alone or send it to the recycle bin again?
Save
Like
C
RollingRog, the "hcm.exe" was not present under the Startup Tab.

I tried several times to get the simmtester to work, after reading the directions, it appears that I need Version 2.0. (because I have Win ME) I tried both version 1.45 and 2.1 and both will not work. where can I find version 2.0?????
Save
Like
C
OK, becuase the simmtester along with the memtest did not seem to be working, i tried a different test called "MemTest 2.5" from HCI Designs, which tests the reliability of the RAM. I ran the test for almost 24hrs., which ran 101+k loops and 650+k%.....and it found no errors on my system. I cant explain why the other two tests did not want to work, but hopefully this test did the same thing.

prior to the MemTest scan, I ran spybot, AVG 6.0 virus checker, CWShredder, AdAware 6.0. Everything was either cleaned up(from AdAware) and/or no reports of viruses/problems(Spybot, AVG, and CWShredder)

What next? Should I post another Hijack listing and see what shows up?
Save
Like
1 - 20 of 41 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top