1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Kernel32 - Blue screening BSOD

Discussion in 'Earlier Versions of Windows' started by compvirgin, Apr 14, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    I am recieving a couple of error messages/blue screanings which state the following:
    "Error:0E:018F:BFF8E64B" then it switches to a message stating:

    "Kernel32 caused a general protection fault in module KRNL386.exe at 0001:000075a8"

    and periodically i will recieve an error message stating: "Hposm caused an error in Kernel32.DLL" and then another periodic error stating: "ZCast has caused an error in Kernel 32.DLL"

    As suggested by WhitPhil in my previous thread I did an AV Check as well as SpyBot, which advised me of several Viruses/TroJans/Worms etc....which I ultimately got rid of after running the Av Check/Spybot. I then ran CWShedder as well as AdAware, which also cleaned up my system.

    After all of this I still seem to be getting the above listed error messages/Blue screans. Any suggestions?

    WhitPhill, I could use your expertise once again!!! Thanx
     
  2. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    From the messages, you still are infested.

    Download and run HiJackThis.
    And copy/paste the log it creates, back here
     
  3. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    WhitPhil...I did the Hijack and this is what it said:


    Logfile of HijackThis v1.97.7
    Scan saved at 10:18:05 PM, on 4/14/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
    C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
    C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
    C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
    C:\WINDOWS\SYSTEM\HPHMON05.EXE
    C:\WINDOWS\SYSTEM\HPZTSB09.EXE
    C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\HPZIPM12.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\WUAUCLT.EXE
    C:\PROGRAM FILES\JUNO6\ZCAST.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\JUNO6\CHKRAS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACROBAT.EXE
    C:\PROGRAM FILES\COMMON FILES\ADOBE\WEB\AOM.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\JUSEARCHENH.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
    O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
    O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\SYSTEM\LMPDPSRV.EXE
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
    O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38031.5588541667
    O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
     
  4. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    Zcast is NetZero task.
    Are you using this?

    HPOsm belongs to an HP task, but the one the web talks about, isn't present.

    I presume that you are running a HP PC as well as a Deskjet???

    I would be tempted to go through the startup list (MSCONFIG) and UNselect all the HP related ones. (you can do a search on the web for the names. The few that I looked for all are unnecessary)

    Unselect them, reboot and ensure the reboot is OK and your printer still works. Most of these tasks add icons to systray to give you quick access to something.

    As well, UNselect OSA, MOSEARCH, MoneyExpress, LoadQm, WorksFUD, Adobe Gamma Loader

    The task LMPDPSRV "supposedly" is related to a Lexmark Printer or Scanner? Do you have one of these installed? If so, again, I would UNselect this task, and then confirm that everything continues to run OK.

    The Kernel32 causing an error in krnl386 is still strange.
    But, removing all these apps from startup will free ram, resources and cpu. So, give them a shot!
     
  5. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    Zcast I beleieve is my ISP. I actually have JUNO, But I think it's owned by NetZero.

    I do have an HP PC as well as a HP Photosmart 7760 printer.

    AS per your suggestion, I went through my MSCONFIG and UNselected MOSEARCH, LoadQm, WorksFUD, Adobe Gamma Loader. I looked for "money Express" and it didnt list it, however, I did have a "money Agent" which I UNselected. I also Unselected LMPDPSRV, which was an old Lexmark printer i had. The only one I couln't find was: OSA?????

    I went through the list and Unselected the following(I couln't tell you why, I just figured that i wasn't using them): "task Monitor", "share to web Namespace Daemon", "HPSoftware update", "Scheduling Agent", and "Microsoft Office startup". I'm sure there were more I could have UNSelected, but I was too scared to mess anything up.

    You had mentioned to check the WEB for all the HP definitions....Where do I go to find them???? I have: HP HUPDOS, HP Component Manager, HPHMON05, HPDJ Taskbar Utility. Should i UNSelect them as well???

    thanx for all your help WhitPhil.
     
  6. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    HPHUPd05 is a Software Update Checker (the 05 is a version number)

    HP Component Manager - "Checks the internet for updated drivers/utilities for your HP product"

    HPHMON05 - "Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Disable if you don't use the reader "

    HP DeskJet Taskbar - "Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer "

    I would UNselect them all (unless you use the last two).
    All of these programs can be run via Start > Programs

    You have UNselected Taskmon, which is OK, but I would now do the following.
    Taskmon monitors programs as they start, and logs that info for Defrag to allow it to try and optimize program startup. It is generally accepted that this does little for performance, and makes defrag run longer.
    So, run Explorer, and go to View > Folder Options > View tab and Select "Show all files".
    Then, browse to the Windows folder and find a folder called APPLOG.
    Select all files in this folder and delete them. (these are the info files)

    You have also UNselected Scheduling Agent, which could be OK, but be aware that this is the program that automatically runs "things", such as checking for updated virus defintions periodically. Or running defrag on a scheduled basis. If you depend on these things happening, re-select Scheduling Agent.
    (Microsoft Office was OSA. It is a MS program that attempts to start Office Programs faster, and is also the Office ToolBar. So, if you use the Toolbar, you will want to put this one back)

    This page lists most startup programs.

    You should now find that your startup is faster, and hopefully your PC is a little more responsive.
     
  7. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    OK Phil, I redid my unselections to the following: I unselected: "Money agent" "task monitor" "worksfud" "loadQM" "share to web namespace daemon" "lmpdpsrv" "HP software update" "HpHMON 05" "HPDJ Taskbar utility" "MOSearch" and "adobe Gamma Loader.exe"

    Now, I searched for my "APPLOG" to delete it as you requested, but my computer could not find it?????????

    I went to the link you had listed to check the list for startup programs, but it would not let me get to the site....It said i didnt have access?????

    now what should I do????
     
  8. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    The \Applog folder is hidden, so first go to Explorer, View > Folder Options > View Tab and Select Show All Files.
    And, while you are there, UNselect (if it is selected) the "Hide File Extensions for Known File Types". This will make any later troubleshooting a bit easier.

    There should be no issue getting to that site.
    Try this one
     
  9. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    OK PHil, I may be showing my true computer ignorance, but I went to Explorer and went to the "view" tab...but there was no "folder options" and/or "show all files". The best I could find was a file named: "application data" which was in my windows folder. Is that the same thing??? If I cant find it, should I re-select my "taskmon"?

    I was able to get to that site from your new link...it did list a few of my start up programs, but not all.
     
  10. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    This is Windows Explorer, NOT Internet Explorer!
    (folder options is also under Tools)

    Once you select Show All Files, you will be able to find Applog under \Windows.
     
  11. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    OK.....I found it. (Finally) I deleted everything in the Applog folder. Should I also delete them from the Recycle Bin?

    Just before I logged on (after leaving my computer idle for several hours) I got the same blue screan with the same message:

    "Error: OE:018F:BFF8E64B" then after hitting the enter key, it went to a grey screan that said:

    "Kernel32 caused a general protection fault in module KRNL386.EXE at 0001:000075a8" then I had to hit CTRL-Alt Del to restart the comp.

    Now this was before I deleted averthing in my Applog folder. I'll keep an eye on it and let you know if it blue screans, now that the Applog is cleared out.

    Thanx WhitPhil...once again, "You are the MAN."
     
  12. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    Definitely delete them from teh recycle bin.

    Also, do the following for me.

    Start > Find Files
    In the named field, enter kernel32.*
    In the Look in field, use the pulldown to select [C:]
    Find Now

    Let me know what files are found and what folders they are in.

    Tx
     
  13. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    OK, I deleted all the Applog files from the recycle bin as well.

    I searched for "kernel32.*" as requested and it returned with the following:

    "KERNEL32.DLL " which was located in the following: "C:\windows\system 524KB Application extention"


    What are you thinkin'?
     
  14. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    I just wanted to make sure that the Kernel32 in the error message, was Kernel32.dll not Kernel32.exe running somewhere else!

    "Just before I logged on (after leaving my computer idle for several hours) "
    When you did this, was your screensaver active?
    Also, to you have any Power Mgt options set in Control Panel?
    Ie: to go to Standby mode, screen to power off, disk to power down?

    But, other than this failure, how is the PC running now?
     
  15. compvirgin

    compvirgin Thread Starter

    Joined:
    Nov 24, 2003
    Messages:
    50
    yes, my screansave was active, however, I have noticed that it has stopped at times during the idle periods.


    OK, I went to the "Power Options Properties" from my control panel and have the following:

    Power schemes: "always on"

    Settings for Always On power scheme: Turn off monitor - "Never"
    Turn off Hard disk - "Never"

    System standby: "never"
    System Hibernates: "never"

    Advanced Tab: I have nothing selected under this tab

    Hibernate: "Enable hibernate support"

    Should I change a few things here????

    Outside of that, everything seems to be running fine, however, I have not let the computer idle since I made the last changes from the previous thread.

    what are your next suggestions????
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220522

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice