Kernel32 - Blue screening BSOD

Well, *&&^%*(()!

Ok, let's start at the top.
Run the Online Virus check at TrendMicro (HouseCall)
Run Spybot, updating the definitions before the run.
Run HJT and post back the log again.
And, after a fresh boot, what is your System Resource percentage?
(Explorer > Help > About)

And, the message you are getting is Kernel32 caused and error in KRNL386.exe (not kernel32.exe?)

***One thing to try before posting back the log is to lower your graphics resolution a notch or two.
Start/Settings/Control Panel/System/Performance/ Graphics and move the slide bar lower.

***Also just found a thread where the problem lay with Easy CD Creator. And, after uninstalling it the problem went away.
Is yours a recent install?
Regardless, you could try an uninstall (for a while) and see if the blue screens stay away.

OK, this is what I have done so far: I immediately lowered my graphics to the one prior to the lowest setting. Then I ran the Trend Mirco which ran all night until it was complete, (After that, my computer automatically logged me off, due to inactivity, but the screansaver was operating) When I woke up this morning, the Trend Micro indicated No viruses. When I went to indicate that i was complete with the test...the computer grey-screaned on me listing the following error message:

"IEXPLORER caused a general protection fault in module KRNL386.exe at 0001:000075a8"

after I checked "yes" to close it, it caused another grey-screan, which said the following:

"EXPLORER caused a general protection fault in KRNL386.exe at 0001:000075a8"

after I checked "yes" to close it out, it gave me an error message which stated the following:

"dangerously low on resources, would you like to terminate Winmgmt" , when I indicated "yes", it came up with another error message which stated the following: "Error: 0D:016F:000075A8"

then i had to re-boot, because it wouldn't let me do anything else.

After I rebooted I ran SpyBot S&D along with Spyware Blaster, which indicated some items, which I chose to fix and then immunized my system.

I then ran CWShredder, which indicated my system was clean and then finally I ran AVG 6.0, which indicated no viruses. I tried to run my Spyware Guard, but for some reason it didnt want to work.

I ran HiJackthis, and this is what it indicated:

Logfile of HijackThis v1.97.7
Scan saved at 11:50:11 AM, on 4/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\JUNO6\ZCAST.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38031.5588541667
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

I will leave everything alone for now...until I get your opinions as to what to do next.

Yes, it shouldn't matter.

Memtest86 is very easy to create; once you have the floppy you just boot with that and let it run through its entire set of 7 tests for which there are multiple tests for each. I forget what the indications are for failures, but you should get "pass" confirmations for all tests.

However, the information you just posted makes it sounds like this is indeed a "resource" issue, not a hardware problem.

What's this?

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w

Looks suspect to me, and looking at your earlier Scanlog, the first entry was present and evidently not removed, but the second entry was never there.

WhitPhil...did you get my last post?? I havn't heard from you.

RollongRog, I downloaded the DocMemory and ran the test. Im not sure if the test ran correctly? It said it did the "test Walk Address '0' " however, it only got to 74.1% complete. I could hear my 'A' drive running, but the test was not showing that it got any further than 74.1%, and it wouldn't let me escape to re-run it...I had to shut the computer off. I ran it a second time....and it came right up to 74.1% and then kept runningw/o going any further (I shut the comp off again) It did state the following:
"Walk Data '0'.....Pass
"Walk Data '1'.....Pass

Now getting back to your last post, you asked me about the following items:

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w

Your guess is good as mine, I am true to my screan name...I a true Computer Virgin, so you'll have to go easy on me. I appreciate yours and WhitPhills help tremendously, but you'll usually have to walk me through some things.

what do you think it is? should I be worried?

Hi:

No, I'm still following your trials and tribulations. I just thought that I'd give Hollywoodland Rog a shot.
It still bothers me that the errors are referencing krnl386. I "thought" this was related to 16-bit apps, and it's usage would be few and far between.

Other than the bluescreen after the virus check, how has your PC been treating you?

Also, while you are getting rid of items, there are still some apps that I think you can get rid of.

HPSYSDRV
Microsoft Works Portfolio
DJRegfix
HPLogiFinder
CamMonitor?
HPHUPD05
HP Component Manager
PP6100b (something related to your scanner. If needed, you should be able to run this via Start > Programs)
HPDJ Taskbar Utility

Also, you are running both McAfee and AVG virus scanners. This is not a good idea. Choose one.

I apologize WhitPhil and RollingRog, it appears that the TechGuy Forum was not sending me emails letting me know that you were responding to my last post. So therefore I was not checking the site. Anyway, let me fill you in on what I have done since both of your last posts

Rolling Rog, I tried the DocMemory Test once again, and it did the same thing, ran real quick, got up to 74.1% and stopped????

I went to the simmtester site.....and didn't know which one to download. (there were too many options, and I didn't know which one to choose...can you direct me to which one I need?)

I ran the HIJack program and "Fixed" the following selections as you requested:

"R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w"

and sent the listed folder to the recycle bin as well

"JUSearch folder in c:\program files "

WhitPhil, I also did as you requested and UNselected the following:

HPSYSDRV
Microsoft Works Portfolio
DJRegfix
HPLogiFinder
CamMonitor?
HPHUPD05
HP Component Manager
PP6100b (something related to your scanner. If needed, you should be able to run this via Start > Programs)
HPDJ Taskbar Utility

Now you mentioned about selecting either AVG or McAfee. Well I guess it's apparent that the McAfee was not working due to the fact that when I first started this Kernel32 problem and you suggested downloading the AVG, and it discovered several Viruses/Trojans/Worms etc....I am assuming that the McAfee was not doing what it was supposed to.

I guess I will get rid of the McAfee, but how do you suggest I do that?

thanks again fella's for all your patience with me and your continued diligence to helping me solve this VERY annoying problem.

I will leave my computer on today and check back in later. Usually I experience the Bluescreaning when I leave the computer idle for a while.