BSOD system exception error

[Slick Fork]

Hi there,

I just recovered from a BSOD, I was hoping someone could look at the dump file and give me some clues? I have attached the Minidump file in zipped format.

Thanks

 

[catilley1092]

Welcome to the forum, Slick Fork! Is there any other way that you can attach the file, like as a thumbnail or screenshot? I've been burned by zip files in the past, and don't care to download a file from an unknown source to my computer to open it. This way, everyone can easily see the file, and may possibly notice what's up.

 

[clifford_cooley]

Cat you need a special program to even view a minidump file. Unless you know what you are reading within the special program, it would be useless in even looking to download the minidumps.

It looks as if I need to study these minidumps, so that I can respond to posters. This forum has only had one guy that would read them and he has long been gone.

Maybe you and I can work together in learning to read them.

 

[Slick Fork]

Hi,
It won't let me upload in anything other than a zip or image and I don't have the program to read the file let alone convert it to anything more friendly.

 

[clifford_cooley]

This is all I know to tell you until I learn more about it myself. I think I will start by reading your minidump file. I will let you know what I find out.

This step-by-step article describes how to examine a small memory dump file. You can use this file to determine why your computer has stopped responding.

How to read the small memory dump files that Windows creates for debugging

 

[catilley1092]

No, I don't need a program to read a file, my point was that on a couple of occasions, I've been struck with viruses by opening zip files. That's why I don't download them. Has the virus protection improved that much in the last couple of years?

 

[clifford_cooley]

It's not the zip file that you should be worried about. It's the files within that are clean or infected. You should be safe looking at the file listings of the zip and if you are still worried about the contents then remove it. Explorer will let you browse the zip as if it was a folder without unzipping the file.

I don't think you will find a virus within a minidump file. Executable files and a few others would worry me so I do understand what you are talking about.

It might be worth a look to see just how many file types are susceptible targets for viruses. In other words how many different file types would you most likely find a virus in.

 

[Ian]

Hi Slick Fork, we've now got a debugging section for posts like this one, so I've moved it to the new section. I don't know if you still need your minidump file read, but if you do, I'm sure TorrentG will be able to take a look .

 

[TorrentG]

The error seen here is a 0x3b error, which is a system service exception. In Microsoft's words:

"This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code. "

So from that, we know it's related to video somehow. That somehow is very usally related to the antivirus app currently installed. The memory corruption involved here could possibly also be caused by other faulty drivers.

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff96000137fb9, fffff88008547fd0, 0}

Probably caused by : win32k.sys ( win32k+c7fb9 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff96000137fb9, Address of the instruction which caused the bugcheck
Arg3: fffff88008547fd0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
win32k+c7fb9
fffff960`00137fb9 498b0c24        mov     rcx,qword ptr [r12]

CONTEXT:  fffff88008547fd0 -- (.cxr 0xfffff88008547fd0)
rax=fffff900c3033b40 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8006b47550 rsi=fffff900c3033b40 rdi=fffff900c3033b40
rip=fffff96000137fb9 rsp=fffff880085489a0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000004c00000
r11=fffffa8006b47550 r12=0000000000200000 r13=fffff9600034ac00
r14=0000000000000000 r15=fffff900c3033b40
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
win32k+0xc7fb9:
fffff960`00137fb9 498b0c24        mov     rcx,qword ptr [r12] ds:002b:00000000`00200000=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  iexplore.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff96000137fb9

STACK_TEXT:  
fffff880`085489a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k+0xc7fb9


FOLLOWUP_IP: 
win32k+c7fb9
fffff960`00137fb9 498b0c24        mov     rcx,qword ptr [r12]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k+c7fb9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc5e1

STACK_COMMAND:  .cxr 0xfffff88008547fd0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_win32k+c7fb9

BUCKET_ID:  X64_0x3B_win32k+c7fb9

Followup: MachineOwner
---------

What I 'd have to say for this case is to uninstall the Kaspersky with the removal tool found here:

AV Uninstallers - Windows 7 Forums

Then install free MSE as a replacement.

Your Saitek gaming controller (possibly flight?) driver needs to be updated:

SaiH053C SaiH053C.sys Tue May 01 07:44:18 2007

http://saitek.com/uk/down/drivers.php

These EasyTune drivers must be updated:

etdrv    etdrv.sys    Thu Mar 19 22:59:06 2009
GVTDrv64 GVTDrv64.sys Tue Sep 05 03:10:02 2006

Please visit your motherboard manufacturer's website to obtain the latest EasyTune software and install.

If you follow the above direction, your machine should be well off. If for some strange reason bsod still happen, then two things we are going to need to look at are

PxHlpa64 PxHlpa64.sys Fri Feb 02 16:24:22 2007

and your CReative drivers....well, simply put, because they're from Creative and they tend to cause troubles.

Good luck and please keep us updated on things. Please post a new crash dump if necessary.

 

[Nibiru2012]

Welcome to the forum, Slick Fork! Is there any other way that you can attach the file, like as a thumbnail or screenshot? I've been burned by zip files in the past, and don't care to download a file from an unknown source to my computer to open it. This way, everyone can easily see the file, and may possibly notice what's up.

You can download a zip or RAR file, just don't open it. Use your AV program to scan it prior to opening it if you're unsure about it.

Many AV programs will catch a bad file even during the download process.