BSOD system exception error


Joined
May 7, 2010
Messages
2
Reaction score
0
Hi there,

I just recovered from a BSOD, I was hoping someone could look at the dump file and give me some clues? I have attached the Minidump file in zipped format.

Thanks
 

Attachments

Ad

Advertisements

catilley1092

Win 7/Linux Mint Lover
Joined
Nov 13, 2009
Messages
3,507
Reaction score
563
Welcome to the forum, Slick Fork! Is there any other way that you can attach the file, like as a thumbnail or screenshot? I've been burned by zip files in the past, and don't care to download a file from an unknown source to my computer to open it. This way, everyone can easily see the file, and may possibly notice what's up.:)
 
Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
Cat you need a special program to even view a minidump file. Unless you know what you are reading within the special program, it would be useless in even looking to download the minidumps.

It looks as if I need to study these minidumps, so that I can respond to posters. This forum has only had one guy that would read them and he has long been gone.

Maybe you and I can work together in learning to read them. :)
 
Joined
May 7, 2010
Messages
2
Reaction score
0
Hi,
It won't let me upload in anything other than a zip or image and I don't have the program to read the file let alone convert it to anything more friendly.
 

catilley1092

Win 7/Linux Mint Lover
Joined
Nov 13, 2009
Messages
3,507
Reaction score
563
No, I don't need a program to read a file, my point was that on a couple of occasions, I've been struck with viruses by opening zip files. That's why I don't download them. Has the virus protection improved that much in the last couple of years?
 
Ad

Advertisements

Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
It's not the zip file that you should be worried about. It's the files within that are clean or infected. You should be safe looking at the file listings of the zip and if you are still worried about the contents then remove it. Explorer will let you browse the zip as if it was a folder without unzipping the file.

I don't think you will find a virus within a minidump file. Executable files and a few others would worry me so I do understand what you are talking about.

It might be worth a look to see just how many file types are susceptible targets for viruses. In other words how many different file types would you most likely find a virus in.
 

Ian

Administrator
Joined
Oct 17, 2008
Messages
3,482
Reaction score
632
Hi Slick Fork, we've now got a debugging section for posts like this one, so I've moved it to the new section. I don't know if you still need your minidump file read, but if you do, I'm sure TorrentG will be able to take a look :).
 
Joined
Nov 30, 2009
Messages
1,752
Reaction score
396
The error seen here is a 0x3b error, which is a system service exception. In Microsoft's words:

"This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code. "

So from that, we know it's related to video somehow. That somehow is very usally related to the antivirus app currently installed. The memory corruption involved here could possibly also be caused by other faulty drivers.

Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff96000137fb9, fffff88008547fd0, 0}

Probably caused by : win32k.sys ( win32k+c7fb9 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff96000137fb9, Address of the instruction which caused the bugcheck
Arg3: fffff88008547fd0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
win32k+c7fb9
fffff960`00137fb9 498b0c24        mov     rcx,qword ptr [r12]

CONTEXT:  fffff88008547fd0 -- (.cxr 0xfffff88008547fd0)
rax=fffff900c3033b40 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8006b47550 rsi=fffff900c3033b40 rdi=fffff900c3033b40
rip=fffff96000137fb9 rsp=fffff880085489a0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000004c00000
r11=fffffa8006b47550 r12=0000000000200000 r13=fffff9600034ac00
r14=0000000000000000 r15=fffff900c3033b40
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
win32k+0xc7fb9:
fffff960`00137fb9 498b0c24        mov     rcx,qword ptr [r12] ds:002b:00000000`00200000=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  iexplore.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff96000137fb9

STACK_TEXT:  
fffff880`085489a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k+0xc7fb9


FOLLOWUP_IP: 
win32k+c7fb9
fffff960`00137fb9 498b0c24        mov     rcx,qword ptr [r12]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k+c7fb9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc5e1

STACK_COMMAND:  .cxr 0xfffff88008547fd0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_win32k+c7fb9

BUCKET_ID:  X64_0x3B_win32k+c7fb9

Followup: MachineOwner
---------
What I 'd have to say for this case is to uninstall the Kaspersky with the removal tool found here:

AV Uninstallers - Windows 7 Forums

Then install free MSE as a replacement.

Your Saitek gaming controller (possibly flight?) driver needs to be updated:

Code:
SaiH053C SaiH053C.sys Tue May 01 07:44:18 2007
http://saitek.com/uk/down/drivers.php

These EasyTune drivers must be updated:
Code:
etdrv    etdrv.sys    Thu Mar 19 22:59:06 2009
GVTDrv64 GVTDrv64.sys Tue Sep 05 03:10:02 2006
Please visit your motherboard manufacturer's website to obtain the latest EasyTune software and install.

If you follow the above direction, your machine should be well off. If for some strange reason bsod still happen, then two things we are going to need to look at are

PxHlpa64 PxHlpa64.sys Fri Feb 02 16:24:22 2007

and your CReative drivers....well, simply put, because they're from Creative and they tend to cause troubles.

Good luck and please keep us updated on things. Please post a new crash dump if necessary.
 
Ad

Advertisements

Nibiru2012

Quick Scotty, beam me up!
Joined
Oct 27, 2009
Messages
4,955
Reaction score
1,302
Welcome to the forum, Slick Fork! Is there any other way that you can attach the file, like as a thumbnail or screenshot? I've been burned by zip files in the past, and don't care to download a file from an unknown source to my computer to open it. This way, everyone can easily see the file, and may possibly notice what's up.:)
You can download a zip or RAR file, just don't open it. Use your AV program to scan it prior to opening it if you're unsure about it.

Many AV programs will catch a bad file even during the download process.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top