# [Resolved] stack fault in kernel32.dll



## riverat (Jan 18, 2003)

Every time I use some of the desk top shortcuts I get an illegal operation error message.Then the computer locks up and i have to turn it off manually. I've read some of the past post and have tried some of the fixes, but nothing seems to help.
Please help.


Thanks




IEXPLORE caused a stack fault in module KERNEL32.DLL at 017f:bff7429f.
Registers:
EAX=81773654 CS=017f EIP=bff7429f EFLGS=00000287
EBX=0054ff10 SS=0187 ESP=00552044 EBP=0000803c
ECX=c16d66c0 DS=0187 ESI=0077aa30 FS=4aef
EDX=00017ce4 ES=0187 EDI=0000ffff GS=0000
Bytes at CS:EIP:
eb 95 8b 54 24 04 50 e8 04 00 00 00 58 c2 04 00 
Stack dump:
bff71547 00000000 6801618f 00000504 00552074 680161a1 00000504 ffffffeb 00000000 00000006 00000000 6801618f 00552094 680161e1 00000504 0000040a


----------



## Rollin' Rog (Dec 9, 2000)

Welcome to TSG, riverrat.

These types of errors are almost always caused by program conflicts. One I've seen specifically that causes the "stack fault" error in kernel32.dll is the presence of scanner software being loaded through the win.ini file. You can check for this, by going to Start>Run and entering *win.ini* so that it opens in Notepad.

Do you see this line:

load=C:\TBridge\Flatbed.exe

We can also have a more thorough look at what is running (always a good idea) if you get the StartupList application from the site below. Download, unzip and run it. Then copy/paste the results to a reply.

http://www.lurkhere.com/~nicefiles/


----------



## riverat (Jan 18, 2003)

Thanks Rollin,

Here is the win.ini file, I will post the startup list as soon as I can get it copied.

[windows]
load=
Run=
NullPort=None
UninstallPath=C:\
device=HP DeskJet 840C Series,hpf9xdr0,LPT1:


----------



## Rollin' Rog (Dec 9, 2000)

Didn't really need all of win.ini (and I've edited out the extraneous material) but it's not the problem, the run= and load= lines are empty.

It's easy to post the Startuplist, after running it, just click Edit>Select All>Edit>Copy and then right click on a reply window here and select "paste".


----------



## riverat (Jan 18, 2003)

Sorry this took so long. Had to work then find a missing dll file to get it to run. I'm SO glad you guys are here.

I have run spybot, and it says nothing found

StartupList report, 1/18/03, 2:25:23 PM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
PowerReg Scheduler.exe
Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
InCD = C:\Program Files\ahead\InCD\InCD.exe
NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
LoadQM = loadqm.exe
MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

SchedulingAgent = mstask.exe
winmodem = WINMODEM.101\wmexe.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 18/1/2003, 7:56:22)

[rename]
NUL=C:\~MSSETUP.T\~msstfqf.t\acmsetup.exe
NUL=C:\~MSSETUP.T\~msstfqf.t\acmsetup.hlp
NUL=C:\~MSSETUP.T\~msstfqf.t\mssetup.dll
NUL=C:\~MSSETUP.T\~msstfqf.t\pub4stp.dll
NUL=C:\~MSSETUP.T\~msstfqf.t\pub4.stf
NUL=C:\~MSSETUP.T\~msstfqf.t\pub4.inf
NUL=C:\~MSSETUP.T\~msstfqf.t\_MSSETUP._Q_

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

PATH C:\98CD\TOOLS\RESKIT\HELP;%PATH%
SET BLASTER=A220 I11 D1 T4 
if exist C:\WININST0.400\SuWarn.Bat call C:\WININST0.400\SuWarn.Bat
if exist C:\WININST0.400\SuWarn.Bat del C:\WININST0.400\SuWarn.Bat

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-ScanDisk.job
Maintenance-Defragment programs.job
Maintenance-Disk cleanup.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R945/V31Controls/x86/w98/en/actsetup.cab

--------------------------------------------------
End of report, 4,417 bytes
Report generated in 0.376 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
.


----------



## steamwiz (Oct 4, 2002)

Adding the line :-

*MinSPs=8*

To the [386enh] section of your SYSTEM.INI file may help

steam


----------



## riverat (Jan 18, 2003)

This is how the system file reads now.
it still gives me the error when I click on desktop icons, my computer, my documents, recycle bin, internet explore. I also get the error messege if I click on a link on a web site

[boot]
system.drv=system.drv
drivers=mmsystem.dll power.drv
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
shell=Explorer.exe
keyboard.drv=keyboard.drv
fonts.fon=vgasys.fon
fixedfon.fon=vgafix.fon
oemfonts.fon=vgaoem.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv
mouse.drv=mouse.drv
*DisplayFallback=0
SCRNSAVE.EXE=C:\WINDOWS\WEBSHOTS.SCR

[keyboard]
subtype=
type=4
keyboard.dll=
oemansi.bin=

[boot.description]
keyboard.typ=Standard 101/102-Key or Microsoft Natural Keyboard
aspect=100,96,96
display.drv=Intel740-854 Win9x PC1.5 3.1.1629-980429
mouse.drv=Standard mouse
system.drv=Standard PC

[386Enh]
ebios=*ebios
device=*vshare
device=*dynapage
device=*vpd
device=*int13
mouse=*vmouse, msmouse.vxd
woafont=dosapp.fon
device=*vcd
device=*enable
keyboard=*vkd
MinSPs=8

[power.drv]

[drivers]
msvideo=gfxnull.drv
wavemapper=*.drv
MSACM.imaadpcm=*.acm
MSACM.msadpcm=*.acm
wave=mmsystem.dll
midi=mmsystem.dll

[iccvid.drv]

[mciseq.drv]

[mci]
cdaudio=mcicda.drv
sequencer=mciseq.drv
waveaudio=mciwave.drv
avivideo=mciavi.drv
MPEGVideo=mciqtz.drv
videodisc=mcipionr.drv
vcr=mcivisca.drv
MPEGVideo2=mciqtz.drv
QTWVideo=C:\WINDOWS\SYSTEM\MCIQTW.DRV

[NonWindowsApp]
TTInitialSizes=4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22

[vcache]

[nwnp32]

[MSNP32]

[display]

[Password Lists]
DALE=C:\WINDOWS\DALE.PWL

[drivers32]
VIDC.IV41=ir41_32.ax
msacm.msg711=msg711.acm
vidc.CVID=iccvid.dll
VIDC.IV31=ir32_32.dll
VIDC.IV32=ir32_32.dll
vidc.MSVC=msvidc32.dll
VIDC.MRLE=msrle32.dll
MSACM.MSNAUDIO=msnaudio.acm
VIDC.IV50=ir50_32.dll
msacm.iac2=C:\WINDOWS\SYSTEM\IAC25_32.AX
msacm.lhacm=lhacm.acm
VIDC.VDOM=vdowave.drv
msacm.msaudio1=msaud32.acm
msacm.sl_anet=sl_anet.acm
msacm.l3acm=l3codeca.acm
vidc.mpg4=mpg4c32.dll
vidc.mp43=mpg4c32.dll
msacm.voxacm160=vct3216.acm
msacm.msg723=msg723.acm
vidc.M263=msh263.drv
vidc.M261=msh261.drv
MSACM.imaadpcm=imaadp32.acm
MSACM.msadpcm=msadp32.acm
MSACM.msgsm610=msgsm32.acm
MSACM.trspch=tssoft32.acm

[TTFontDimenCache]
0 4=2 4
0 5=3 5
0 6=4 6
0 7=4 7
0 8=5 8
0 9=5 9
0 10=6 10
0 11=7 11
0 12=7 12
0 13=8 13
0 14=8 14
0 15=9 15
0 16=10 16
0 18=11 18
0 20=12 20
0 22=13 22


----------



## steamwiz (Oct 4, 2002)

I think you have added the line to the system.ini in C:\drivers\system instead of the one in C:\windows


----------



## Rollin' Rog (Dec 9, 2000)

Well we can't entirely rule out a conflict with the "legit" applications that are installed, but here's one that is not and needs to be removed:

MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H

The best choice for removing this, and perhaps some other hidden stuff is Spybot. Here's a link that will tell you how to install, update and run it. Update before running and accept all the updates except for Language Tools and PGP stuff.

http://tomcoyote.com/SPYBOT/

If the error is repeatable after that, we'll proceed to some "clean-boot" troubleshooting using msconfig.

By the way, if the error has begun just in the last few days (4) you might want to try restoring a previous registry BEFORE installing or running Spybot. To restore a backup registry, click Start>Shutdown>Restart in MS-DOS mode. At the c:\windows> prompt enter:

*scanreg /restore*

use your arrow keys to select a started prior registry from among the first 4 displayed. The last or fifth cannot be used.

( think you've got the right system.ini there, there should only be one in c:\windows and that's what you get if you followed my original instructions)


----------



## riverat (Jan 18, 2003)

this is the only system.ini the "find files" came up with


----------



## Rollin' Rog (Dec 9, 2000)

oops I see you said you ran Spybot, well if you just installed it don't do the scanreg /restore; run it again in Safe Mode and see if it detects download ware, it should. Is this an old or new version of Spybot, and has it been updated recently?

To start in Safe Mode, press and hold the ctrl key to get a startup menu, then select option 3


----------



## riverat (Jan 18, 2003)

I updated spybot yesterday. Just finished runing it and it didn't find the download ware. however i removed the line with hijack this. rebooted and the error still pops up.
how do i do the "clean boot"?
Thanks


----------



## Rollin' Rog (Dec 9, 2000)

Go to Start>run and enter *msconfig*

Under the startup tab try unchecking everything except ScanRegistry, System Tray and Load Power profiles.

Or you can just try clearing the check for "process startup group" on the general page, reboot and test; if no error go back and selectively re check the startups under the Startup tab a few at a time until you isolate the culprit; the ones I mentioned should be problem free.

You might also test by disabling other groups on the general page, but save that for later if you can't find anything under the startup tab.


----------



## riverat (Jan 18, 2003)

Hi Rollin,
I disabled everything exept scanregistry, system tray and load power.
I still get the error. When I do the ctrl+alt+del key the window shows =
Explorer
Systray
Rnaapp

Is this getting weird or what?
Is the computer going to die?


----------



## riverat (Jan 18, 2003)

How many items on the general page can i disable and still have the computer boot up?
Config
autoexec
system.ini
win.ini


----------



## Rollin' Rog (Dec 9, 2000)

Well it's sounding like a corrupt registry entry then. If it's very recent, like I said, you could try a registry restore; if it's longer than 4 days, try restarting in ms-dos mode and enter:

scanreg /fix

bear in mind that if you do a scanreg /restore it will mean reinstalling anything installed since the date chosen -- and you will have to delete that downloadware entry again, because it will replace it.

The system will always boot no matter what you disable there; however you will probably only load VGA drivers if you don't boot system.ini -- although I'm not sure this is always the case.


----------



## Rollin' Rog (Dec 9, 2000)

Actually right now I'd recommend you test the problem in Safe Mode. Reboot and press and hold the ctrl key to get the startup menu. Select Safe Mode and test.

If it occurs there, then in all likelihood it's a registry issue or a corruption of core Windows files.

You can run the System File Checker. Start>Run> SFC to check for corrupt files, but don't replace any without letting us know what it finds.


----------



## riverat (Jan 18, 2003)

Rollin,

I ran the SFC and it found one file corrupt "Setupx.dll"
Should I reboot in safe mode and then start unchecking the "config, autoexec, system.ini and win.ini" one at a time. rebooting in safe mode with each ind file/test?


----------



## riverat (Jan 18, 2003)

sorry, the setupx.dll was in the windows\system file


----------



## Rollin' Rog (Dec 9, 2000)

You can generally ignore that particular SFC find. What you want to do is just reboot in Safe Mode and test the problem, Safe Mode is virtually the same as disabling all those msconfig options at once, and then some. It may be a video driver problem, and Safe Mode will put you in standard VGA mode. If you don't see it in Safe Mode, I have another msconfig test for you.

By the way is it always IExplore that causes the stack fault, even when you are using a shortcut not related to Internet Explorer?

And what did you install or uninstall on the 18th (as indicated in that wininit.bak listing)? Did that mark the onset of the problem?


----------



## riverat (Jan 18, 2003)

Finally I think we're getting somewhere, the errors are gone in safe mode.

the error is always "iexplore caused" even when using the my doc, recyl, my computer, ( the top four icons, to the left) if I click on the error messege (top x on the right) i get another identical messege box and this time the system locks up. nothing works but the pointer moving around on the screen. I can't click on anything.
Since the errors have started i reloaded windows 98se, updated IE to ver.6, uninstalled pub97 and reinstalled it (the last thing i think i installed before the problem).


----------



## Rollin' Rog (Dec 9, 2000)

Edit: I just downloaded startuplist 1.51 and I see that he has changed it from version 1.50; it no longer reports certain entries if they are "standard" or normal

>>> go back to msconfig, uncheck all groups on the startup page, click Advanced and put a check in standard VGA 640

Reboot and test the problem as you did in Safe Mode, if it errors still, re-enable everything; if it doesn't, start by rechecking whole groups, one at a time. You will get your normal video back when you uncheck the VGA mode in msconfig > advanced.

*another edit*

If msconfig produces no results, since you have HijackThis (good choice), give us a post of the "Scan" log as well.


----------



## riverat (Jan 18, 2003)

I've re-enabled all the msconfig and have attached the file. I will uncheckall groups and check the vga. I'll get back soon.


----------



## riverat (Jan 18, 2003)

Well....... I unchecked all the groups on the start up page and checked the vga button......started up and still get the errors. However I started up in safe mode with all still unchecked and no errors.

Here is log of Hijack

Logfile of HijackThis v1.91.2
Scan saved at 8:09:01 PM, on 1/18/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.wgem.com/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Yahoo! Checkers (CV3 Class) - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
O16 - DPF: Yahoo! Spades (CV3 Class) - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Backgammon (CV3 Class) - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Pool 2 (CV3 Class) - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Chess (CV3 Class) - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: Yahoo! Dots (CV3 Class) - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Dominoes (CV3 Class) - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Blackjack (CV3 Class) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\MSIELINK.DLL - (no file)


----------



## riverat (Jan 18, 2003)

I just tried Safe mode with all the groups in the startup page checked and running, vga in advanced unchecked , and there are no errors.
Before we started correcting things today, I got errors in safe mode. So..... its a little better


----------



## Rollin' Rog (Dec 9, 2000)

Well I was thinking mouse drivers, but now I see this and it appears to be a remnant of Huntbar: O18 : msiets.dll

http://www.doxdesk.com/parasite/HuntBar.html

It looks like the dll is gone, but possible registry entries remain, see if you can find any of the files or registry entries covered in the above link and remove them

You can run *regedit* and look for those msiets entries and right click on them and delete them. After that, go to Tools > Internet Options > Programs > and click "reset web settings"

and this is something else I'm surprised Spybot did not completely remove.

I believe HijackThis will also delete that particular entry for you, try it.


----------



## riverat (Jan 18, 2003)

I was able to remove the remnants of Huntbar, all the msiets folders. They no longer show up on the Hijack list.
However I still get the errors unless I'm in safe mode.
What are my options at this point?


----------



## Rollin' Rog (Dec 9, 2000)

Try reloading the mouse drivers by removing them through the Device Manager and having Windows redetect them.

And have you done a full system scan with NAV, using the latest definitions?

By the way, here is a good possiblity that just occured to me: if you Right Click on the Desktop and select Active Desktop, is View as Web Page checked? Uncheck it if it is.


----------



## riverat (Jan 18, 2003)

I reloaded the mouse drivers, still get the error. The active desktop is not checked, however sometimes i do get an active desktop recovery window that pops up.
could printer driver conflicts cause ill op. error? I did install mspub several days ago.
I have run the latest nav full scan also. nothing


----------



## riverat (Jan 18, 2003)

*Hay Rollin,* 
I think its fixed!!!!!
I decided to uninstall some of the things my son has put on ie.
I uninstalled yahoo, and was going to uninstall msn messinger, but the screen poped up giving me the choice of uninstall or repair. i clicked on repair, rebooted, and the desktop works fine.
*Thank you for all the time you spent helping me fix this, again thank you.* 
Now if only you could help me grow back all the hair i lost fighting with the computer. 
Riverat


----------



## Rollin' Rog (Dec 9, 2000)

That's great riverat, and you're certainly welcome for the efforts. I just wish I had a clue as to how messenger could do that with all startups disabled and on shortcuts that have no obvious relationship to it or IE. Maybe it was there in one of those "extra tools and menu items" (09), noted in HijackThis.

Anyway you got the Cook's tour of general troubleshooting tips.

I think I've lost more than a few hairs in front of this monitor myself over the years


----------

