Tech Support Guy banner

Kernel32 - Blue screening BSOD

3681 Views 40 Replies 4 Participants Last post by  angirish
I am recieving a couple of error messages/blue screanings which state the following:
"Error:0E:018F:BFF8E64B" then it switches to a message stating:

"Kernel32 caused a general protection fault in module KRNL386.exe at 0001:000075a8"

and periodically i will recieve an error message stating: "Hposm caused an error in Kernel32.DLL" and then another periodic error stating: "ZCast has caused an error in Kernel 32.DLL"

As suggested by WhitPhil in my previous thread I did an AV Check as well as SpyBot, which advised me of several Viruses/TroJans/Worms etc....which I ultimately got rid of after running the Av Check/Spybot. I then ran CWShedder as well as AdAware, which also cleaned up my system.

After all of this I still seem to be getting the above listed error messages/Blue screans. Any suggestions?

WhitPhill, I could use your expertise once again!!! Thanx
Not open for further replies.
21 - 40 of 41 Posts
OK, I guess that means I'm OK to leave everything the way you've suggested.
The hibernate mode is disabled, I changed my screansaver, and I will power up/down as I need to use the comp.

I will keep you posted if things decide to go hay-wire again and/or as error messages appear.

thanx for all your help WhitPhil, you've been a tremendous help.
Hey WhitPhil.....Well it didn't take long to bluescrean on me again. I was on the web, and was logging off and attempting to close everything down when the blue screan appeared with the same original error message. This time it mentioned something about being low on resources and wanted to know if I wanted to shut down Explorer. I did and then the blue screan poped up with the error message and then with the general protection fault in Kernel386.exe.
(Pretty much the same problems that I have been experiencing before)

Any suggestions????
Well, *&&^%*(()!

Ok, let's start at the top.
Run the Online Virus check at TrendMicro (HouseCall)
Run Spybot, updating the definitions before the run.
Run HJT and post back the log again.
And, after a fresh boot, what is your System Resource percentage?
(Explorer > Help > About)

And, the message you are getting is Kernel32 caused and error in KRNL386.exe (not kernel32.exe?)

***One thing to try before posting back the log is to lower your graphics resolution a notch or two.
Start/Settings/Control Panel/System/Performance/ Graphics and move the slide bar lower.

***Also just found a thread where the problem lay with Easy CD Creator. And, after uninstalling it the problem went away.
Is yours a recent install?
Regardless, you could try an uninstall (for a while) and see if the blue screens stay away.
See less See more
krnl386 faults usually resolve to one of three things: low system resources, a conflict with a running program or faulty ram.

Not sure what you currently have running or what your "system resources" level was when this occurred, but you can run a "software" check on the ram using either of these two programs:
OK, this is what I have done so far: I immediately lowered my graphics to the one prior to the lowest setting. Then I ran the Trend Mirco which ran all night until it was complete, (After that, my computer automatically logged me off, due to inactivity, but the screansaver was operating) When I woke up this morning, the Trend Micro indicated No viruses. When I went to indicate that i was complete with the test...the computer grey-screaned on me listing the following error message:

"IEXPLORER caused a general protection fault in module KRNL386.exe at 0001:000075a8"

after I checked "yes" to close it, it caused another grey-screan, which said the following:

"EXPLORER caused a general protection fault in KRNL386.exe at 0001:000075a8"

after I checked "yes" to close it out, it gave me an error message which stated the following:

"dangerously low on resources, would you like to terminate Winmgmt" , when I indicated "yes", it came up with another error message which stated the following: "Error: 0D:016F:000075A8"

then i had to re-boot, because it wouldn't let me do anything else.

After I rebooted I ran SpyBot S&D along with Spyware Blaster, which indicated some items, which I chose to fix and then immunized my system.

I then ran CWShredder, which indicated my system was clean and then finally I ran AVG 6.0, which indicated no viruses. I tried to run my Spyware Guard, but for some reason it didnt want to work.

I ran HiJackthis, and this is what it indicated:

Logfile of HijackThis v1.97.7
Scan saved at 11:50:11 AM, on 4/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

I will leave everything alone for now...until I get your opinions as to what to do next.
See less See more
I forgot to add, The first thing I did after lowering my graphics, was uninstalled my Adaptec CD creator. and then ran the Trend Micro
Hey RollingROG, I went to download the DocMemory, however, it indicated that I must have Win 95/98/2K. Unfortunately I have ME. will it still work???
Yes, it shouldn't matter.

Memtest86 is very easy to create; once you have the floppy you just boot with that and let it run through its entire set of 7 tests for which there are multiple tests for each. I forget what the indications are for failures, but you should get "pass" confirmations for all tests.

However, the information you just posted makes it sounds like this is indeed a "resource" issue, not a hardware problem.

What's this?

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w

Looks suspect to me, and looking at your earlier Scanlog, the first entry was present and evidently not removed, but the second entry was never there.
See less See more
WhitPhil...did you get my last post?? I havn't heard from you.

RollongRog, I downloaded the DocMemory and ran the test. Im not sure if the test ran correctly? It said it did the "test Walk Address '0' " however, it only got to 74.1% complete. I could hear my 'A' drive running, but the test was not showing that it got any further than 74.1%, and it wouldn't let me escape to re-run it...I had to shut the computer off. I ran it a second time....and it came right up to 74.1% and then kept runningw/o going any further (I shut the comp off again) It did state the following:
"Walk Data '0'.....Pass
"Walk Data '1'.....Pass

Now getting back to your last post, you asked me about the following items:

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w

Your guess is good as mine, I am true to my screan name...I a true Computer Virgin, so you'll have to go easy on me. I appreciate yours and WhitPhills help tremendously, but you'll usually have to walk me through some things.

what do you think it is? should I be worried?
See less See more
There are many more tests that should have run. It is possible you had a bad floppy disk when you created the program, you might try re running the setup on a new or newly formatted floppy. I would also suggest trying memtest86.

Since you didn't personally install those entries, check them in the HijackThis scan, close the browser and select "fix checked":

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w

You can send the JUSearch folder in c:\program files to the reycle bin after rebooting.

After doing this keep us posted on whether you get any further blue screens.

No, I'm still following your trials and tribulations. I just thought that I'd give Hollywoodland Rog a shot.
It still bothers me that the errors are referencing krnl386. I "thought" this was related to 16-bit apps, and it's usage would be few and far between.

Other than the bluescreen after the virus check, how has your PC been treating you?

Also, while you are getting rid of items, there are still some apps that I think you can get rid of.

Microsoft Works Portfolio
HP Component Manager
PP6100b (something related to your scanner. If needed, you should be able to run this via Start > Programs)
HPDJ Taskbar Utility

Also, you are running both McAfee and AVG virus scanners. This is not a good idea. Choose one.
See less See more
Phil you're right it is for "backward" 16bit compatibily, but of course general protection faults can be ram related in either case.

For what it's worth we do see rundll (the 16bit version of rundll32.exe) being used to load this 16bit app:

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
I apologize WhitPhil and RollingRog, it appears that the TechGuy Forum was not sending me emails letting me know that you were responding to my last post. So therefore I was not checking the site. Anyway, let me fill you in on what I have done since both of your last posts

Rolling Rog, I tried the DocMemory Test once again, and it did the same thing, ran real quick, got up to 74.1% and stopped????

I went to the simmtester site.....and didn't know which one to download. (there were too many options, and I didn't know which one to choose...can you direct me to which one I need?)

I ran the HIJack program and "Fixed" the following selections as you requested:

"R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w"

and sent the listed folder to the recycle bin as well

"JUSearch folder in c:\program files "

WhitPhil, I also did as you requested and UNselected the following:

Microsoft Works Portfolio
HP Component Manager
PP6100b (something related to your scanner. If needed, you should be able to run this via Start > Programs)
HPDJ Taskbar Utility

Now you mentioned about selecting either AVG or McAfee. Well I guess it's apparent that the McAfee was not working due to the fact that when I first started this Kernel32 problem and you suggested downloading the AVG, and it discovered several Viruses/Trojans/Worms etc....I am assuming that the McAfee was not doing what it was supposed to.

I guess I will get rid of the McAfee, but how do you suggest I do that?

thanks again fella's for all your patience with me and your continued diligence to helping me solve this VERY annoying problem.

I will leave my computer on today and check back in later. Usually I experience the Bluescreaning when I leave the computer idle for a while.
See less See more
Preliminary answer: as I remember both of the download options worked in Win98 and I assume WinME (I know others have used them), but I will have to get my registration up to date there to check again.

In the meantime, did you try the memtest86 method? You just run the setup to create a bootable floppy, then boot with it and let it complete its full compliment of tests. To discontinue testing just remove the floppy and hit 'esc' to reboot

This is the one you want to download:
update: RollingRog, I had to Restore my JUSearch folder from the recycle bin....I think it had something to do with my ISP, which is JUNO.

I'm not sure, but I had to restore it, then I had problems getting online, so I re-installed JUNO. Is this a JUNO folder? should I leave it alone or send it to the recycle bin again?
You're right it must be a Juno folder -- and curiously the CLSID ( {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8}) for the "search hook" and the file hcm.exe is also used by Netzero.

Still the startup hcm.exe was not present in the original log.

Is it there now after reinstalling Juno?

So Here's what I would do, leave the folder restored. But run msconfig and see if hcm.exe is present under the Startup tab. If it is, try unchecking it. It can easily be rechecked if there is a problem doing that.

About Simmtester; I don't recall having a problem running either the standard or the "free DOS" version in Win98, but I would recommend you use this one:

Software version:*V1.45a - 05/31/00 or V2.1b - 12/20/03
RollingRog, the "hcm.exe" was not present under the Startup Tab.

I tried several times to get the simmtester to work, after reading the directions, it appears that I need Version 2.0. (because I have Win ME) I tried both version 1.45 and 2.1 and both will not work. where can I find version 2.0?????
I realy don't think the problem is with the version you are running. You say it loads and begins to run. Once it does that it is out of the hands of the Operating System version entirely and issues are entirely hardware related.

That's why I want you to try memtest86 to confirm.
OK, becuase the simmtester along with the memtest did not seem to be working, i tried a different test called "MemTest 2.5" from HCI Designs, which tests the reliability of the RAM. I ran the test for almost 24hrs., which ran 101+k loops and 650+k%.....and it found no errors on my system. I cant explain why the other two tests did not want to work, but hopefully this test did the same thing.

prior to the MemTest scan, I ran spybot, AVG 6.0 virus checker, CWShredder, AdAware 6.0. Everything was either cleaned up(from AdAware) and/or no reports of viruses/problems(Spybot, AVG, and CWShredder)

What next? Should I post another Hijack listing and see what shows up?
Hey RollingRog...WhitPhil, where are you????? Whats the plan of attack? You kinda left me hangin' over here. I would appreciate any further advise.
21 - 40 of 41 Posts
Not open for further replies.