KERNEL.32dll

[Leo24]

Please be informed that after performance enhancement of my Latitude E5540 (Win 7 Pro) by one of your tools (PC Speed up) recently in Oct 2024, the following announcement pops up:

AD Notification Manager.exe
Entry Point Not Found
The Procedure Entry Point 
GePackage Family Name
Could Not Be Located in
the Dynamic Link Library
KERNEL.32dll

[Larry Guy]

oh no! They're going for the kernel

[Wesly.Zhang]

Hello,

What kind of question are you trying to respond to? I don't understand the meaning of your post.

KERNEL.32dll, this file is not a system file, the system file should be kernel32.dll. Usually it is a library file at the core of  system (Windows NT BASE API Client). Its functions lie in the registry manipulation API, file manipulation API, window manipulation API, etc.

Regards.

[Leo24]

Mea culpa... "kernel32.dll ... Entry Point Not Found" announcement pops up - following registry optimisation by your tools - recently in Oct 2024. Hence your intervention would be much appreciated...

[Wesly.Zhang]

Hello,

There is no possibility of any error in this file, you need to check whether the file has been illegally modified and whether there is any malicious program activity on your computer.

First, you should check the file has not been modified. Run the following command:

Quote

Get-AuthenticodeSignature -FilePath "C:\WINDOWS\SYSTEM32\kernel32.dll"

The return result should look like this.

Secondly, You need to check if the kernel32.dll is located in "C:\WINDOWS\SYSTEM32“ directory A, because some malicious programs will generate a file with the same name in a different directory. It is a fake "kernel32.dll".

Reply the result here.

Regards.

 

Also, You can send a screenshot of the error here, and let's see which program loads the kernel32.dll error. Maybe you can tell us which program you run when this error appears.

[Leo24]

Sorry I'm not a computer savvy. PowerShell download failed ... for Win 7 Pro. Anyway, it far beyond my competence. 
C:\Windows\System32

kernel32.dll properties:

kernel32.dll

Type of file: Application extension (.dll)
Opens with: Unknown application
Location: C:\Windows\System32
Size: 1.10 MB (1,162,752 bytes)
Size on disk: 1.10 MB (1,163,264 bytes)
‎Created: Wednesday, ‎15 ‎January ‎2020, ‏‎12:29:33
‎Modified: Friday, ‎3 ‎January ‎2020, ‏‎13:33:39
Accessed: ‎Wednesday, ‎15 ‎January ‎2020, ‏‎12:29:33
File description: Windows NT BASE API Client DLL

[Leo24]

"Maybe you can tell us which program you run when this error appears"

•Please be informed that during download pdf articles, such announcement ..."kernel32.dll ... Entry Point Not Found"... popped up twice on two separate occasions. Also such announcement popped up, while using Pdf Creator, within an attempt to "print" the selected article.

Moreover, Acrobat Reader DC version 22.3.20314.0 used to freeze for ~ 10 seconds after file opening. So, it was uninstalled and replaced with the earlier AdbeRdr11010. 

 

"whether there is any malicious program activity on your computer"

•In fact, Internet drop-outs persisted for some time! Ten minutes after starting Internet session and then variously. As I was about to finish and while checking Wireless Network Connection Status, often interruption occurred.

• "You can send a screenshot of the error here"

Sadly, I failed to figure it out on my Latitude E5540 (Win 7 Pro), while using Fn + Print Scr keys. Possibly, due to the planned obsolescence by Dell. Consequently, some keyboard keys didn't work, yet the numeric pad numbers functioned OK.

[Wesly.Zhang]

Hello, @Leo24

OK, I got it. Could you send kernel32.dll to https://opentip.kaspersky.com/ and tell us Whether the file is clean or in any state.

Regards.

[Leo24]

Report for hash
99FA7A091427A6AFFCE4A1A497BC27B9C786BBE530225BC74DBF4A47CDECD273
Clean
Overview
Hits    ≈ 10,000
First seen    
15 Jan, 2020
01:30
Last seen    
28 Oct, 2024
17:00
Format    dll x64
Size    1.11 MB (1162752 B)
Signed by    Microsoft Corporation
Packed by    —
MD5    47CD1232810F698C49FA67DA1C7D5CBE
SHA1    2F574EA0CEAA2AC6410CA3D28D194EA913C00005
SHA256    99FA7A091427A6AFFCE4A1A497BC27B9C786BBE530225BC74DBF4A47CDECD273
Categories    
General
Detection names
No data found
Dynamic analysis summary
No data found

[Wesly.Zhang]

1 minute ago, Leo24 said:

Report for hash
99FA7A091427A6AFFCE4A1A497BC27B9C786BBE530225BC74DBF4A47CDECD273
Clean
Overview
Hits    ≈ 10,000
First seen    
15 Jan, 2020
01:30
Last seen    
28 Oct, 2024
17:00
Format    dll x64
Size    1.11 MB (1162752 B)
Signed by    Microsoft Corporation
Packed by    —
MD5    47CD1232810F698C49FA67DA1C7D5CBE
SHA1    2F574EA0CEAA2AC6410CA3D28D194EA913C00005
SHA256    99FA7A091427A6AFFCE4A1A497BC27B9C786BBE530225BC74DBF4A47CDECD273
Categories    
General
Detection names
No data found
Dynamic analysis summary
No data found

Hello, @Leo24

Received, then there is no problem with the file itself, so let's investigate who loaded this file and made the error. We may need to try to find some clues in the Windows logs. We need to get here.

Start by pressing the Win + R keys on your keyboard.

Second, in the pop-up Run window, type: eventvwr.msc and press Enter.

Check the opened System Event Viewer for anything about the kernel32.dll error and see if there is any mention of the process that went wrong.

We are waiting for your reply if you find relevant content.

Regards.

[Leo24]

"Check the opened System Event Viewer for anything about the kernel32.dll error and see if there is any mention of the process that went wrong".

• Application: Warning 02-Nov-24 22:04:13 Source User Profile Service. Event ID 1530. Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL - 
 30 user registry handles leaked from \Registry\User\S-1-5-21-89100263-3580511799-282701167-1000_Classes:
Process 2188 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\avp.exe) has opened key

[Leo24]

Run eventvwr.msc > Event Viewer (Local) > Windows Logs > System

Warning 08-Nov-24 15:26:31 Event 11, Wininit

Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

------------------------------------------------
Internet dropouts persisted for some time

---------------------------------------------------------------------------
Run eventvwr.msc > Event Viewer (Local) > Windows Logs > System

--------------------------------------------------------
Warning 08-Nov-24 15:26:24 Event 27, e1dexpress
Intel(R) Ethernet Connection I218-LM
 Network link is disconnected.

-------------------------------------------------------

Etcetera...

Edited November 12 by Wesly.Zhang
Remove duplicate content

[Wesly.Zhang]

Hi, @Leo24

Can you use this tool to generate a report and upload it here, and then send me an SMS with the web address of the report?

Regards.

[Leo24]

"Press Start to scan your computer"... announcement popped up... after 7:56 minute process ... yet I haven't got a clue as to the "Start" button location...

[Leo24]

• Sadly I am faced with the "Restart" button instead of the "Start" button illustrated at the ... https://support.kaspersky.com/common/diagnostics/3632

[KarDip]

Hello @Leo24

To investigate which process or application loaded this DLL and triggered the error, examining the Windows Event Logs and Process Monitor can be very effective. Here’s a step-by-step guide to help you track down the source of the load error:

Step 1: Check the Windows Event Viewer

The Event Viewer can reveal system or application errors related to DLL loading issues.

1. Open Event Viewer:

   • Press Win + R, type eventvwr, and press Enter.

2. Navigate to System and Application Logs:

   • In the left pane, expand Windows Logs and select System. Look for Error or Warning events that occurred around the same time as the DLL load error.
   • Similarly, check under Application for any error entries related to DLL loading or system issues.

3. Filter Event Logs:

   • You can filter the logs to make it easier to find specific events. Right-click System or Application logs, select Filter Current Log…, and filter by Event level (select "Error" and "Warning") and the time range you suspect.
   • Look for events with ID 1000 (Application Error) or ID 7000 (Service Control Manager). These may indicate specific errors related to failed DLL loads.

4. Analyze the Event Details:

   • Click on any relevant event and review its General and Details tabs. Note any filenames, process names, or paths related to the load error.

Step 2: Use Process Monitor to Track DLL Loads

Process Monitor (from Sysinternals) is invaluable for tracking file activity and pinpointing which process tried to load the DLL.

1. Download and Launch Process Monitor:

   • You can download Process Monitor from the Microsoft Sysinternals site.
   • Run it as an administrator for full access to system events.

2. Set a Filter for the DLL File:

   • In Process Monitor, go to Filter > Filter….
   • Add a filter for Path that contains the name of the DLL (e.g., kernel32.dll). Click Add, then OK to apply the filter.

3. Reproduce the Load Error:

   • Try to reproduce the scenario that triggers the load error if possible. Process Monitor will capture the events related to this DLL.
   • If the load error appears randomly, you can simply let Process Monitor run in the background while observing for the error.

4. Analyze the Process Monitor Logs:

   • Look for entries related to the DLL in question. Check the Process Name and PID (Process ID) to identify which application or service was attempting to load the DLL.
   • Examine the Result and Details columns, especially for any entries marked with Path Not Found, File Not Found, or Access Denied errors.

5. Investigate the Process Details:

   • Once you have identified the process triggering the load error, you can investigate further by:
     • Checking if this process has known issues with dependencies or compatibility on Windows 7.
     • Verifying if updates or reinstallation are available for this application.

Step 3: Review System Startup and Autoruns

If the DLL load error occurs during startup, it may be linked to startup programs or services.

1. Use Autoruns (Sysinternals Tool):
   • Download and run Autoruns.
   • Go to the Everything tab and search for entries related to the DLL or the process name.
   • Disable any non-essential entries that reference the DLL, restart your computer, and see if the error persists.

Summary

These tools—Event Viewer, Process Monitor, and Autoruns—can give you a clearer picture of the process triggering the load error. Let me know if you discover any specifics, and I can help further analyze the findings.

Thank you

[Wesly.Zhang]

Hello, @Leo24

[Wesly.Zhang]

This is because you selected Stop for the previous scan, after stopping, this option will become re-start, please press this re-start until the scan is completed, the report will usually be generated on your desktop, remember to check the Include Windows event logs option when scanning.

PM me to send GSI report.

[Leo24]

"Could you send the zip file to me"?

 Well, I followed your instruction ... dragged and dropped GetSystemInfo Compressed (zipped) Folder 228 KB on 13-Nov-24 at 8:38 ... to no avail, apparently. So now I used 1,500 KB zip file instead... of unacceptable format apparently. So am at loss figure it out... Where and how to accomplish this task.

[Wesly.Zhang]

3 hours ago, Leo24 said:

"Could you send the zip file to me"?

 Well, I followed your instruction ... dragged and dropped GetSystemInfo Compressed (zipped) Folder 228 KB on 13-Nov-24 at 8:38 ... to no avail, apparently. So now I used 1,500 KB zip file instead... of unacceptable format apparently. So am at loss figure it out... Where and how to accomplish this task.

Ah……I mistake. I sent the new PM to you.

[Leo24]

GSI version: 6.2.2.58
File size: 1
Total physical memory: 8291.60 Mb

Report: GSI6 uploaded 2024-11-15 03:06:27

Edited November 15 by Leo24

[Wesly.Zhang]

4 hours ago, Leo24 said:

GSI version: 6.2.2.58
File size: 1
Total physical memory: 8291.60 Mb

Report: GSI6 uploaded 2024-11-15 03:06:27

Hello,

You should PM me the full GSI report url address. I have sent new PM to you.

Regards.

[Leo24]

Done as requested, sorry about...

[Wesly.Zhang]

On 11/16/2024 at 6:51 AM, Leo24 said:

Done as requested, sorry about...

Hi @Leo24

Sorry for delay. Your GSI report has been received and this report looks clean for the computer system. ADNotificationManager.exe is a process of software that belongs to Adobe, and you can see if the Adobe software on your computer is up to date or you can use other PDF viewers, such as foxit reader or pdfgear, etc.

If possible, I would like you to temporarily uninstall Adobe XI and Adobe Refresh Manager, and see if this problem still occurs after these two software uninstallation.

Regards.