[SOLVED] kernel32.dll error

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

lroshau

Thread Starter
Joined
Nov 13, 2003
Messages
76
IEXPLORE caused an invalid page fault in
> > module <unknown> at 0000:78453b2f.
> > Registers:
> > EAX=0064b66c CS=016f EIP=78453b2f EFLGS=00010246
> > EBX=0064b66c SS=0177 ESP=0055002c EBP=0055004c
> > ECX=005500d0 DS=0177 ESI=83a8e750 FS=4817
> > EDX=bff76855 ES=0177 EDI=005500f8 GS=0000
> > Bytes at CS:EIP:
> >
> > Stack dump:
> > bff76849 005500f8 0064b66c 00550114 005500d0 00550204 bff76855
> 0064b66c
> > 005500e0 bff87fe9 005500f8 0064b66c 00550114 005500d0 78453b2f
> 005502bc
> >
> >
> >
> >
> > I get the message above when using Internet Explorer when trying to
> open
> > my
> > hotmail account.
> >
> > I get this one (below) using Internet Exlporer trying to navigate
> > through
> > the Harley Davidson website.
> >
> > IEXPLORE caused an invalid page fault in
> > module KERNEL32.DLL at 016f:bff87ede.
> > Registers:
> > EAX=c00309c4 CS=016f EIP=bff87ede EFLGS=00010216
> > EBX=04f0cb10 SS=0177 ESP=04e0ffe8 EBP=04e10054
> > ECX=04e10208 DS=0177 ESI=8452c8e0 FS=111f
> > EDX=bff76855 ES=0177 EDI=04e10230 GS=0000
> > Bytes at CS:EIP:
> > 53 56 57 8b 30 83 7d 10 01 8b 4e 38 89 4d f8 75
> > Stack dump:
> > I also get a different one sometimes when trying to open internet
> > explorer
> > and then my homepage gets changed to cool-search.net
> >
> > There are other website that give the error message also.
I found that when I get the error message on the harley davidson web site that I can navigate all thru the site but with the error message in the middle of the screen.
And as for when I try to go to hotmail if I delete everything in my temporary files like cookies and then log back in to MSN I can get to hotmail one time then it's back to the same error message
 

lroshau

Thread Starter
Joined
Nov 13, 2003
Messages
76
Here is the scan log from Hijack this
Logfile of HijackThis v1.97.6
Scan saved at 10:58:38 AM, on 11/15/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\IVASION\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBMENU.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.white-pages.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.white-pages.ws/results.php?show=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.martfinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.white-pages.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.martfinder.com/
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\UPDATES\XTUPDATE.DLL (file missing)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\MSMGII.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\UPDATES\XUPITERTOOLBAR.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [WrDialer] C:\WINDOWS\WrDialer.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [GRA] C:\cabs\grainstall\GRA.exe
O4 - HKLM\..\Run: [PtUDFApp] C:\WINDOWS\SYSTEM\PtUDFApp.exe /T
O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE & SOUND\FBMOUNT.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GatorStubSetup.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Adaptec\GoBack\GBMenu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/1,0,3,8/it/AccesMembre.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37871.3381597222
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Ok, sit tight, you have a bit of a mix there, and I'm not sure what order things should be done in.

Let me find one of my buddies to help :)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
first

Run CWshredder from
http://www.spywareinfo.com/~merijn/cwschronicles.html
and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection

then reboot &
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &
download AdAware 6
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it.

then post a new hijackthis log to check what is left
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Thanks Derek, I didn't see you online and beckoned someone else, but you got here first :)
 

lroshau

Thread Starter
Joined
Nov 13, 2003
Messages
76
(y)
Well I hope I got all this done right.
Thanks to both you guys (Derek & Candy)
Here's the new log

Logfile of HijackThis v1.97.6
Scan saved at 12:55:59 PM, on 11/15/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\IVASION\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBMENU.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [WrDialer] C:\WINDOWS\WrDialer.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [GRA] C:\cabs\grainstall\GRA.exe
O4 - HKLM\..\Run: [PtUDFApp] C:\WINDOWS\SYSTEM\PtUDFApp.exe /T
O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE & SOUND\FBMOUNT.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Adaptec\GoBack\GBMenu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/it/AccesMembre.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37871.3381597222
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Just this one item that should be fixed

it's a dialler that you don't want

run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0...AccesMembre.cab
 

lroshau

Thread Starter
Joined
Nov 13, 2003
Messages
76
:) (y)
Hello Derek,
I got that last dailer deleted and I have surfed the net for a few minutes and it seems like my computer is back to it's old self.
You guys are GREAT!!!.
I have been working with Gateway for 3 days trying to find a fix and they wanted me to reinstall windows not to mention all the other tasks they had me go thru.
You and Candy are the BEST.

P.S. I have a nephew in North Dakota who's name is Derek,
I haven't seen or heard from him in a long time..........You wouldn't
be him would you??

Thanks Again

Lenny
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I'm a good few thousand miles away from North Dakota

What Many Gateway & other company support techs know, you could write on the back of a postage stamp in 12" high block letters :D


As you gather I haven't got a great reard for the "techs" who's answer is to format & reinstall everytime
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Originally posted by dvk01:
What Many Gateway & other company support techs know, you could write on the back of a postage stamp in 12" high block letters :D
:p :p

I think format c: is their starting point, then they work backwards from there :eek:
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top