# Kernel32.dll errors



## axis_d (Jul 10, 2003)

Hey everyone..I could use some help. I'm not sure what's wrong but my computer frequently comes up with Kernel32.dll errors. In one instance its when i'm using Adobe After effects, a graphics editing program, everytime I click on a certain tool in the toolbar...an error pops up that says "After FX has caused an error in Kernel32.dll" and i click "ok" and then it closes. 
Sometimes it happens in hotmail too, I'll click certain links like to compose a message, or check my mail..and a few times a day a Kernel32.dll error pops up and it closes. Any idea on how i could fix this? thanks for the help everyone.


----------



## spaceman_333 (Nov 23, 2001)

Howdy axis_d,

Maybe this will help:

http://www.generation.net/~hleboeuf/errkrn32.htm

Hope so---

Spaceman


----------



## SexyTech (Mar 27, 2002)

Hi There!

If this is Win98,
Try running the System File Checker to see if something is corrupt.

START | Run - "SFC" (without quotes)
if it finds anything corrupted, restore it and test the system.


Good Luck!

ST


----------



## axis_d (Jul 10, 2003)

thanks for the replies...actually its Windows ME can i do the same with that..? I must've forgotten to speicfy.


----------



## SexyTech (Mar 27, 2002)

Axis...

Sorry ut Microsoft in their Infanite wisdom removed SFC from WinME.


----------



## axis_d (Jul 10, 2003)

oh ok....shucks! heh, Are Kernel.dll errors rare or something? i posted this question on a couple sites and no one really has any answers. I dont know what to do. ( I still gotta try some of the stuff from that other link that spacemen posted) But yeah..any specific help would be appreciated much!


----------



## Rollin' Rog (Dec 9, 2000)

Most kernel32.dll errors are caused by software conflicts rather than damaged Windows files. These conflicts are often the result of so-called spy and adwares that are present without the users full knowledge. Other times there are just too many thing running, even of a legitimate nature.

We can have a look and make suggestions if you post a copy of the HijackThis ScanLog.

http://www.tomcoyote.org/hjt/


----------



## axis_d (Jul 10, 2003)

alright..i'll do that..thanks i'll do that when i get home tonight keep an eye out for my post, I wont be home for a few hours. Thanks for helping out though.


----------



## axis_d (Jul 10, 2003)

alright...here's a list of the files from hijackthis, hope they help..and once again, I appreciate the help. thanks

ogfile of HijackThis v1.95.0
Scan saved at 11:05:23 AM, on 7/10/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\SOLUTION CENTER\SERVICE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\TOTEM SHARED\UNINSTALL0001\UPD.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.wish7.com/search/frame.py%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.wish7.com/search/frame.py
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
O1 - Hosts: 66.40.16.234 auto.search.msn.com
O1 - Hosts: 65.120.116.172 mini.aimster.com
O1 - Hosts: 65.120.116.173 lite.aimster.com
O1 - Hosts: 65.120.116.174 www.aimster.com
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_88.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [BearShare] C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://usa-download.nocreditcard.com/download/newdial-erp/2936/dialer.exe
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://skillsoft.webex.com/client/latest/webex_674/ieatgpc.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab


----------



## Rollin' Rog (Dec 9, 2000)

Ok, you do indeed have quite a bit of advertising, spy and junk ware there.

Step 1, is to install and UPDATE Spybot following directions here:

http://tomcoyote.org/SPYBOT/

Step 2, is to check and remove these items with HijackThis, closing IE first.

O1 - Hosts: 66.40.16.234 auto.search.msn.com
O1 - Hosts: 65.120.116.172 mini.aimster.com
O1 - Hosts: 65.120.116.173 lite.aimster.com
O1 - Hosts: 65.120.116.174 www.aimster.com

Also, if these two entries do not represent desired search pages, check and remove (fix) them also:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.wish7.com/search/frame.py%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.wish7.com/search/frame.py

Step 3, after Spybot has been installed and Updated, go to Add/Remove programs and remove New.net and reboot.

Step 4, run Spybot, you may be prompted to run it a second time. Have it 'fix' all it pre selects including the domain hijacks from new.net if those are still there after add/remove

Step 5, post another Scanlog from HijackThis


----------



## axis_d (Jul 10, 2003)

Man..i'm lucky you're on here to help..alright..I'll do that and try to repost another scan log by tonight or tomorrow. I might have to get to bed pretty quick for work tomorrow.


----------



## Rollin' Rog (Dec 9, 2000)

Okedoke, it's best to work on these when you can see straight


----------



## NiteHawk (Mar 9, 2003)

> _Originally posted by SexyTech:_
> *Axis...
> 
> Sorry ut Microsoft in their Infanite wisdom removed SFC from WinME. *


Microsofts philosophy in a nutshell:
If it works extremely well, discontinue it!
If it works reasonably well, complicate it!
If it barely works at all, leave it alone!


----------



## axis_d (Jul 10, 2003)

ok..I'm back. Man there was TONS of stuff in my computer I didn't know about when i ran the Search and Destroy software. Well..here's my hijackthis scan log after following your steps:

Logfile of HijackThis v1.95.0
Scan saved at 6:40:32 AM, on 7/11/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\SOLUTION CENTER\SERVICE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\TD_0001.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BearShare] C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://skillsoft.webex.com/client/latest/webex_674/ieatgpc.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab


----------



## Rollin' Rog (Dec 9, 2000)

Ok, well it looks like the illegitimate stuff has been wiped.

Now the question is whether you want to optimize the startups for efficiency and minimum possibilty of conflicts.

To do that, my recommendations would be to run *msconfig* and uncheck many or all of the following items to prevent them from "automatically" running at startup.

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [BearShare] C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE /m

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe

Bear in mind these are suggestions. If you want to know why these items are "user choice" optional startups, find the "exe" for each on this site and read what it has to say:

http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

You will find your system starts faster and runs smoother with the majority of these disabled. When needed they can be started from the Programs menu. Unchecking them in msconfig does not remove anything; it simply keeps them from loading in the background at boot up. Msconfig is the Windows System Configuration Utility. It is different from HijackThis.

Have you gotten any kernel32.dll errors since the Spybot cleaning?

Also, for what it's worth, Bearshare and other file sharing utilities are the main portals for geting "malware" -- be they spy, adware or in some cases viruses (of which you didn't have any, fortunately)


----------



## axis_d (Jul 10, 2003)

well you were definitly right about my computer running smother and faster. Thanks rollin Rog! Unfortunately, I opened the program that was causing the Kernel32.dll error, and it still does it. 
the program is Adobe After Effects, and It happens only when i use a particular plug in. I open the plug in, and work with it fine, but when I click on one of the items in the tool bar it will either, freeze up..where I can just cnrl/alt/delete and end task. Or I recieve the message "after FX has caused an error in kernel32.dll" where I have no choice but to close. I dont know if that helps....but thats specifically where and when it happens, every single time. I read somewhere that a Kernel32.dll error might be caused by a bad memory module? Do you think this is true? Well..thanks again for the tips..if you have any other ideas let me know.


----------



## Rollin' Rog (Dec 9, 2000)

No I think this is a very specific software problem with Adobe rather than one with your system configuration at this point.

I don't know if you've removed and reinstalled the program successfully at this point, but that is certainly something I would do.

Adobe does have support forums, one of which is for After Effects. I did see a post for a kernel32 error with the zaxworks plugin there, but no responses. There are also some hits in the Knowledge base support, but probably not very specific to your error.

You might have a look anyway and perhaps try to see if any patches or other articles are availble concerning the program.

http://www.adobe.com/support/forums/main.html

http://www.adobe.com/support/products/aftereffects.html

http://www.adobeforums.com/cgi-bin/[email protected]@.ee6b2fe


----------



## axis_d (Jul 10, 2003)

well its good to know that it may not be a system probelm. (although After effects IS expensive software :/ ) 
haha yeah..that Kernel32.dll post was me. no responses there..but no, I haven't tried reinstalling it. I'll try that later on today. We'll see what happens with it.


----------



## axis_d (Jul 10, 2003)

I didn't get a chance over the weekend to try re-installing anything. But out of curiosity, how often is it recommended that I run that scan and destroy software? Should I check out the hijackthis registry often too?


----------



## Rollin' Rog (Dec 9, 2000)

It depends on your other activity. If you install programs frequently, I would run a scan after every install, particularly if the programs were obtained through file sharing. Otherwise, for most folks I'd say once a week.

Normal internet browsing does not lead to much except "tracking" cookies which are no real problem.


----------



## knismo (Jul 11, 2003)

Two tiny suggestion that I think many people over look when adding/installing software: 
Make sure all other programs are shut down (can use "Ctrl" + "Alt" + "Delete" then "End Task") or many use (Selective Startup) to keep programs from loading/running.

When Un-installing:
Make sure EVERY PART of the targeted program is running/loaded when Windows starts. Then proceed w/the un-install. (Add/Remove -or- Un-install.exe from program itself) 
Sometimes the (un-install.exe) doesn't do a very good job...


----------



## axis_d (Jul 10, 2003)

Hello, well sorry I've been gone for so long..i've been busy with work, ( and car trouble) anyway.. I tried uninstalling and reinstalling Adobe After Effects, but the problem still happens. Everytime I click a certain button, it freezes up, and sometimes I can just Ctrl/Alt/del/ - End task, and sometimes the Kernel32.dll error pops up and forces me to close. Are Kernel32.dll errors rare? It seems that not many peopel know how to fix it. Should I take my computer in somewhere? Thanks in advance for the help, and any advice is appreciated.
I dont know if this helps any, but my computer has also been freezing up quite often lately, even when I'm not in the program. I have to restart it all the time.


----------



## NiteHawk (Mar 9, 2003)

Are you running any kind of AntiVirus software? If so, are the definations up to date?

Here are two free online virus scanners

Panda Active Scan is an online free virus checker
http://www.pandasoftware.com/active...guage=2&Country=63&Partner=1&Ref=EN-PR-AS-107

Trend Micro Housecall is an online free virus checker
http://housecall.antivirus.com/pc_housecall/


----------



## Rollin' Rog (Dec 9, 2000)

Give us another post of your current HijackThis Scanlog.

Kernel32.dll errors are not rare at all but have many different causes. In your case I think this may just be a very specific software bug.

Freezing can be caused by both hardware and software problems. On the hardware side, overheating is one common cause.

Some freezes can be caused by bad display drivers or by depletion of system resources, the latter is especially likely if you have been running a lot of resource intensive programs and do not reboot occasionally. Many do not release memory and other resources properly even when closed.


----------



## axis_d (Jul 10, 2003)

well..this may or may not help: I was just getting ready to run hijackthis so I could send a scan log, and while I was in the middle of ending some of my programs, the screen flicked off, gave me this error code with a blue background: 

Error OE: 018F : BFF9B3D4


----------



## Gary300 (Jul 4, 2003)

goto start, find, find folders/files and type in:

*.pwl

and delete all of the found results


----------



## NiteHawk (Mar 9, 2003)

Did I miss something?? Why are we deleting his passwords file??


----------



## Gary300 (Jul 4, 2003)

If you frequently receive Invalid Page Fault in Kernel32.dll Errors, from different drivers (Explorer, Guide.exe, Msgsrv32, Commgr32, Mprexe and others), it is possible that your password list file is damaged. Try re-creating your password list file:

In Windows Explorer select your \Windows folder 
Press F3. This will bring up the Find: All Files window 
In the Named: box type *.pwl 
Click Find Now 
When a list of found files is displayed, delete them all 
Close the Find window and restart Windows 
Note: you will lose any passwords you have stored, so make sure that you have the passwords written down so you can re-enter them when needed

If you receive an error MSIMN caused an invalid page fault in module KERNEL32.dll, chances are that your computer is infected with the Happy99 worm. For more information on this worm and it's removal see http://www.infinisource.com/cleaner.html.


----------



## axis_d (Jul 10, 2003)

I do get those kinds of errors alot..so yeah, maybe...is that what the 018F error code means? i've gotten those a few times. Now Am i searching specifically for "*.pwl: including the asterisk, or without it? i dont wanna delete the wrong things, cuz i searched it, and nothing come up, but I searched it withotu the asterisk, and a few things showed up. thanks for the help!


----------



## Gary300 (Jul 4, 2003)

Start, Find - Files or folders,
Search within your C drive- *.pwl

Delete all of the items found.


----------



## Gary300 (Jul 4, 2003)

Oh! and please before you do that...Write down all of your passwords. So you don't forget any of them.


----------



## axis_d (Jul 10, 2003)

Ok, so I should NOT delete the files that come up under just " .pwl" without an asterisk right??


----------



## Gary300 (Jul 4, 2003)

Yes..just type *.pwl

and delete all results.


----------



## axis_d (Jul 10, 2003)

what "passwords" are these deleting anyway? I dont know of any passwords I have on my computer..


----------



## Gary300 (Jul 4, 2003)

Passwords to: (Example)

Tech Support Guy
Yahoo! Mail 
Yahoo! Chat
Yahoo! Messenger
Hotmail
MSN Messenger

I was receiving the same Kernell32.DLL errors you were.

http://www.windows-help.net/windows98/troub-341.shtml

I went there and it fixed all of my problems.

Any web site you have to log in to.


----------



## Notech7 (Aug 20, 2003)

I have read the message from Rollin'Rog to axis d regarding KERNEL32.DLL errors. I have the same problem:Stimon causing errors with KERNEL32.DLL, IExplore - KERL 386.EXE...
I did go on to tomcoyote.org and tried to use adobe 5 but a virus in my computer system will not allow me to access the information. Please advise...
Thank you


----------



## Anguis (Aug 23, 2003)

I have the same problem, and I am also on Windows Me, with 504 mb ram and an AMD Athlon processor....I jst cant fiure out the solution, or really what is wrong...here is the results from he hijacker log:

Logfile of HijackThis v1.96.1
Scan saved at 12:00:09 PM, on 8/23/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.systemaxpc.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mw-proxy:80
F1 - win.ini: run=c:\windows\winstart.bat
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tour] C:\WINDOWS\wincool.exe /30m
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.systemaxpc.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37856.3125578704
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = X17303find-quick.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 199.45.32.37,199.45.32.38


----------



## Anguis (Aug 23, 2003)

Please, can anyone help?


----------

