Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

kernels32.exe error


  • Please log in to reply

#1
blind_squirrel

blind_squirrel

    New Member

  • Member
  • Pip
  • 5 posts
Hi GTG,

I am hoping that you can help me clean up at the end of a long journey. One of my systems, running windows 98, was recently infected with the SpySheriff trojan. Following some of the other posts in here I have gotten to the point where the SpySheriff trojan is no longer causing problems but I am still having residule issues which I believe are from the original (SpySheriff) problem. When I boot up the infected system I am getting an error message " Can not find C:\windows\System\Kernels32.exe or one of it's components. Make sure path and filename are correct and that all required libraries are available" From what I can tell the kernels32.exe is a nasty file and we don't want to find it or its "path and filename"....So far I have run:
Cleanup!
CWShredder
DelDomains
SmitFraud
Ad-Aware
Hijack This

Obviously I have missed something and the only thing that jumps out at me is one line in the HJT log
"O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\ kernels32.exe"
But since I am not an expert I thought I would post the log here and check with somebody that is more experienced before I go deleting any (more) files.
so here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 12:30:23 PM, on 7/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\EPSON\INK MONITOR\INKMONITOR.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\SAVAGENT\SAVAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\EBRR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walkerscientific.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER002.DLL
O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {3A4E6FF3-BF59-446E-9DC8-731BCE2F349A} - C:\WINDOWS\SYSTEM\msupdate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Olive System] C:\WINDOWS\SYSTEM\suchost.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [SAVAgent] C:\Program Files\SAVAgent\SAVAgent.exe -POLL=3600
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Auto Update] C:\WINDOWS\svchost.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] c:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] c:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - file://\\Walker-3\vphome\CLT-INST\WEBINST\webinst.cab

Any help would be greatly appreciated
One Blind Squirrel....
  • 0

Advertisements


#2
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
You have more in that log than just your bolded line.

I'd post another HijackThis log in the Malware forum so that a trained tech can get to you. It could take forever for you to get help here.

So, post it in Malware and they'll help you take care of it.

Good luck.
  • 0

#3
blind_squirrel

blind_squirrel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks Guse,
I have moved the note over to the malware site :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP