|
Author
|
Topic: Kern32 has encountered a problem and needs to close
|
Josh1
Administrator
|
posted February 25, 2005 12:09 AM
 
Billy could you start a new topic, it makes it easier for others to understand, and follow the problem better. Start a new topic and I will take care of the rest, copy and paste your original question into a new topic, thanks. When you start a new topic start it in the cyber safety forum at the bottom of the help desk.I don’t know what these are
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\qpws32.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (might be something for AOL topspeed?) Delete everything below
C:\windows\temp\h55xf2M1.exe-I don’t think this should be on your system, so fix this entry
C:\windows\system32\DxZNhob.exe-fix this entry
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe- ( I think this is weather bug, do you use it?)
C:\WINDOWS\SYSTEM32\hRfrahf.exe-
C:\WINDOWS\System32\jsdddy.exe-
C:\WINDOWS\System32\kbdtmler.exe-
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe-
O4 - HKLM\..\Run: [WDrvr32SSL] qpws32.exe-
O4 - HKLM\..\Run: [h55xf2M1] C:\windows\temp\h55xf2M1.exe-
O4 - HKLM\..\Run: [DxZNhob] C:\windows\system32\DxZNhob.exe-
O4 - HKLM\..\Run: [hRfrahf.exe] c:\windows\system32\hRfrahf.exe-
O4 - HKLM\..\Run: [1caf29093931] C:\WINDOWS\System32\CMDIAL32.exe-
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wryv.exe-
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\cxtpls_loader.exe" /HideUninstall /HideDir /PC="CP.WILD" /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [37mW33O] kbdtmler.exe
O4 - HKLM\..\RunServices: [WDrvr32SSL] qpws32.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Iw56RTi9P] jsdddy.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ommhic32.dll
O21 - SSODL: mtklefa - {F6A9AF32-C0B4-41D3-718B-CC75286FB911} - C:\WINDOWS\System32\uqkd32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
Do you have Adaware, Spybot, or MSantispyware on your computer? I suggest you download it, go to www.download.com search for these products and then download and then run them. Msantispyware, can be found here: http://www.footslog.com/board/Forum18/HTML/000437.html
You also might want to install Service Pack 2
------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com www.compsol.8k.com
For every problem, there is a solution.
IP: Logged |
Billy
Junior Member
|
posted February 24, 2005 05:13 PM
I'm having a similar problem with a computer and the message "Kernel32 has encountered a problem and needs to close" I downloaded hijack this and have pasted the results below. I was hoping someone could help me as well to pick out what should go and what should stay. Thanks.Logfile of HijackThis v1.99.1
Scan saved at 5:00:34 PM, on 2/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\qpws32.exe
C:\windows\temp\h55xf2M1.exe
C:\windows\system32\DxZNhob.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\windows\system32\hRfrahf.exe
C:\WINDOWS\System32\CMDIAL32.exe
C:\WINDOWS\System32\wipv6.exe
C:\WINDOWS\RUNDLL16.EXE
C:\WINDOWS\System32\jsdaemon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\SYSTEM32\hRfrahf.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\jsdddy.exe
C:\WINDOWS\System32\kbdtmler.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tina Royle\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\hdqftbmi.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WDrvr32SSL] qpws32.exe
O4 - HKLM\..\Run: [h55xf2M1] C:\windows\temp\h55xf2M1.exe
O4 - HKLM\..\Run: [DxZNhob] C:\windows\system32\DxZNhob.exe
O4 - HKLM\..\Run: [hRfrahf.exe] c:\windows\system32\hRfrahf.exe
O4 - HKLM\..\Run: [1caf29093931] C:\WINDOWS\System32\CMDIAL32.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wryv.exe
O4 - HKLM\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\RUNDLL16.EXE
O4 - HKLM\..\Run: [Windows Javascript Daemon] jsdaemon.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\cxtpls_loader.exe" /HideUninstall /HideDir /PC="CP.WILD" /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [37mW33O] kbdtmler.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\RunServices: [WDrvr32SSL] qpws32.exe
O4 - HKLM\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O4 - HKLM\..\RunServices: [Windows Javascript Daemon] jsdaemon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WDrvr32SSL] qpws32.exe
O4 - HKCU\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKCU\..\Run: [Iw56RTi9P] jsdddy.exe
O4 - HKCU\..\RunServices: [WDrvr32SSL] qpws32.exe
O4 - HKCU\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ommhic32.dll
O21 - SSODL: mtklefa - {F6A9AF32-C0B4-41D3-718B-CC75286FB911} - C:\WINDOWS\System32\uqkd32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe IP: Logged |
Josh1
Administrator
|
posted September 24, 2004 11:43 PM
I am not aware of spyware effecting hardware, but I have heard that there is a virus, that can install it self into the BIOS, and messing up the BIOS code, and possibly destroying the BIOS chip itself. A repair will not get rid of the spyware and viruses, we need to delete those. Can you go here, www.tomcoyote.org/hjt download Hijack this, and read the introduction and paste your results in the next reply? Hp user's as well as any user on the Internet or an Intranet should do what you said "run active spyware blockers and firewalls as well as ICMP blockers."------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com www.compsol.8k.com
For every problem, there is a solution.
IP: Logged |
katec
Member
|
posted September 24, 2004 08:46 AM
No, actually I repaired. Now I'm formatting for the fifth time. The second time I formatted my system locked up because the CPU decided it didn't want to read the D drive anymore. So I'm installing from my DVD. Yeah that crap is definitely spyware. I haven't researched the latest hijackware but I think some of it is so evil it gets right down to the hardware level. (The industry's way of forcing people to buy new computers every two years. HP users should run active spyware blockers and firewalls as well as ICMP blockers.IP: Logged |
Josh1
Administrator
|
posted September 23, 2004 11:34 PM
You did format right? And so you are saying that when you get back to the desktop, you see alll kind of spyware? First I think you need to get rid of all the spyware. Let me know if you formatted your computer, then reinstalled Windows, or you just reinstalled ontop of the installtion.------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com www.compsol.8k.com
For every problem, there is a solution.
IP: Logged |
katec
Member
|
posted September 23, 2004 09:55 PM
I just reinstalled Windows XP professional. When I got to the part where it read D for delete partition or enter to reinstall over top of the existing partition it would not let me delete it so I installed over top of it. Now I just decided to switch to Verizon DSL to save money from my cable connection. That installation locked up. Now I keep seing "kern32 and roft32 encountered a problem and need to close". When I open my computer I'm seeing all this spyware I can't manually delete. Could it be that it was transfered over when I did the last reinstall? Because it would not let me delete it from my system? I want to know where this evil **** comes from? I don't go to very many sites that are bundled with spyware (never kazaa). I'm wondering if I should not reinstall my system again before trying to set up the DSL.
-KateIP: Logged |
Email This Page to Someone
Footslog's Web Boards
