BSOD STOP 03B Win32k.sys - Can't post requested files

Ninethe

Senior Member
First thing Wednesday, both of my two 64-bit Windows 7 SP1 desktop systems immediately suffered STOP 03B (00000000C0000005,...) Win32k.sys BSOD crashes.

Neither machine had the latest Tuesday Windows updates.

One of the two was always left running, but for some unknown reason it had rebooted itself. I find it extremely suspicious that both systems suffered exactly the same BSOD at exactly the same time...

I profoundly apologize, but I simply cannot upload/post the files requested by the "How to ask for help with a BSOD problem" thread, since neither system will boot at all.
Why not?

Because both systems have WinMagic's SecureDoc security system installed, which makes normal system access and system troubleshooting impossible because everything is either encrypted or otherwise secured. I can, however, boot from a special WinMagic Recovery usb drive and temporarily decrypt and otherwise "un-secure" all disks. Thus, I can access all files and copy them out on a USB stick, but booting -- even safe booting -- is entirely impossible.


I'm awaiting tech support from WinMagic, but in the meantime, could someone please advise me how I would repair the BSOD as if I was not using SecureDoc? That way, when I finally get support from WinMagic, I can try to go ahead and follow your instructions.

Although I cannot provide a minidump nor the other files requested in the "How to ask for help with a BSOD problem" thread, I've uploaded three files:

[1]: A zipped dump file from C:\Windows\Minidump (which doesn't look like a minidump to me, but I could be wrong)

[2]: A BlueScreenView display for the main BSOD

[3]: A BlueScreenView display for the secondary problem


Guide me, if you can?


Hardware:

System 1: ASUS Z97-A / Intel Core i7-4790K Devil’s Canyon Quad-Core 4.0GHz / 16 GB RAM / 64-bit Win 7 SP1-U


System 2: ASUS Z87-A / Intel Core i7-4770K 3.50 GHz / 16GB RAM / 64-bit Win 7 SP1-U
 


Attachments

Last edited:

kemical

Windows Forum Admin
Staff member
Premium Supporter
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960000ee1d0, fffff8800a4f4df0, 0}

Probably caused by : win32k.sys ( win32k!HMValidateHandleNoSecure+10 )

Followup: MachineOwner
Hi,
this can be a rather vague bugcheck to get and determining the cause can take some time to evaluate. What I can tell you is that it can be memory related and indeed the c0000005 you see in the brackets above means data held in the memory couldn't be read because either the data or the memory is/was corrupt. This could mean that either you have a bad driver, system service and/or faulty RAM.

Checking through your drivers I found this:

BTHidMgr.sys Mon Mar 05 12:17:15 2007: Bluetooth HID Manager driver (IVT BlueSolei) May not be compatible with Win7
I tried to find an update for this driver but was unsuccessful. If the issue's continue you may want to remove this driver just as a test. If you don't use it any more then just remove anyway..

ElbyCDFL.sys Thu Dec 14 21:22:27 2006: ElbyCDIO Filter Driver please either update or remove:
http://www.slysoft.com/en/clonecd.html

I notice you have numerous applications installed. Anyone of which could be part of the issue. If the issue continues consider each one in turn and if need be uninstall to test.

Rt64win7.sys Wed Dec 26 17:17:50 2012: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet driver please update
http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false

BiosVersion = 1602
BiosReleaseDate = 10/29/2013
SystemManufacturer = ASUS
BaseBoardProduct = Z87-A
Current Bios stands at 2103. Many of the missed Bios updates are for increased functionality and stability. Please ensure I have the correct page for your system:
https://www.asus.com/Motherboards/Z87A/HelpDesk_Download/

If the bsod continues then you'll need to test your RAM. Windows does have a memory testing app but it can miss errors and the best app for the job is Memtest86.
If you open the link below you'll see you can run Memtest86 in two ways. You can either burn it to disk or install it onto a USB drive it's entirely up to you. You'll then need to enter the bios to change the boot order so you can boot from either the Disk or USB stick you have Memtest86 on.
You must test for at least 12 hours unless it becomes obvious there is a problem straight away (you'll see errors outlined in red.
http://www.memtest.org/

Ok so I've basically listed what you should consider updating first. Often debugging can be an ongoing process so please come back to me once you get to this point.
Post any new dump files.
 


Ninethe

Senior Member
Dear kemical,

You are a god! I am incredibly grateful for your very helpful reply!

First thing I'm going to do is follow your advice and run MemTest+, especially since I can use the MemTest boot CD which I think will let me avoid the SecureDoc situation.

But don't you think a RAM problem is extremely unlikely, given that TWO different computers crashed with the exact same BSOD at the exact same time?

Anyway, it's a thing to do while I spend the many hours necessary to "un-secure" my system.


Thanks enormously!




Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960000ee1d0, fffff8800a4f4df0, 0}

Probably caused by : win32k.sys ( win32k!HMValidateHandleNoSecure+10 )

Followup: MachineOwner
Hi,
this can be a rather vague bugcheck to get and determining the cause can take some time to evaluate. What I can tell you is that it can be memory related and indeed the c0000005 you see in the brackets above means data held in the memory couldn't be read because either the data or the memory is/was corrupt. This could mean that either you have a bad driver, system service and/or faulty RAM.

Checking through your drivers I found this:

BTHidMgr.sys Mon Mar 05 12:17:15 2007: Bluetooth HID Manager driver (IVT BlueSolei) May not be compatible with Win7
I tried to find an update for this driver but was unsuccessful. If the issue's continue you may want to remove this driver just as a test. If you don't use it any more then just remove anyway..

ElbyCDFL.sys Thu Dec 14 21:22:27 2006: ElbyCDIO Filter Driver please either update or remove:
http://www.slysoft.com/en/clonecd.html

I notice you have numerous applications installed. Anyone of which could be part of the issue. If the issue continues consider each one in turn and if need be uninstall to test.

Rt64win7.sys Wed Dec 26 17:17:50 2012: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet driver please update
http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false

BiosVersion = 1602
BiosReleaseDate = 10/29/2013
SystemManufacturer = ASUS
BaseBoardProduct = Z87-A
Current Bios stands at 2103. Many of the missed Bios updates are for increased functionality and stability. Please ensure I have the correct page for your system:
https://www.asus.com/Motherboards/Z87A/HelpDesk_Download/

If the bsod continues then you'll need to test your RAM. Windows does have a memory testing app but it can miss errors and the best app for the job is Memtest86.
If you open the link below you'll see you can run Memtest86 in two ways. You can either burn it to disk or install it onto a USB drive it's entirely up to you. You'll then need to enter the bios to change the boot order so you can boot from either the Disk or USB stick you have Memtest86 on.
You must test for at least 12 hours unless it becomes obvious there is a problem straight away (you'll see errors outlined in red.
http://www.memtest.org/

Ok so I've basically listed what you should consider updating first. Often debugging can be an ongoing process so please come back to me once you get to this point.
Post any new dump files.
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
Hi Ninethe,
in answer to your question, yes it is unlikely and I really just included that 'option' in case you try everything but yet the bsod continues.
Good luck and do post back if need be.
 


Ninethe

Senior Member
Okay, I've uploaded the files collected by the W7F Diagnostic Tool to provide additional info.

I was able to do this after successfully de-activating the WinMagic security system on ONE of the two computers with the same BSOD problem. That means that I can boot into Safe Mode on that computer, which allows me to troubleshoot the BSOD normally.

BTW, I ran MemTest86+ for about 16 hours on both computers, and no error was found...
 


Attachments

kemical

Windows Forum Admin
Staff member
Premium Supporter
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960001329ec, fffff880096be020, 0}

Probably caused by : win32k.sys ( win32k!AllocateW32Process+44 )

Followup: MachineOwner
Hi,
all your dump files are the same and basically point to either a driver or system process although as i said previously there is a small chance that it's RAM.
Looking through your dump file however I noticed that you have several security applications running:

avc3.sys Tue May 12 13:14:53 2015: BitDefender Active Virus Control filter driver
PerfectGuard | Raxco Software

cmderd.sys Fri Jan 30 11:46:12 2015: COMODO Internet Security Eradication Driver
Free Internet Security 2015 | Download New Comodo Internet Security V8

PerfectGuard64.sys Tue Oct 22 10:09:47 2013: PerfectGuard Security
PerfectGuard | Raxco Software

Having this many security applications is most likely the cause of the bsod. Reduce your security applications please. (are the two PerfectGuard apps the same?)
Edit:
I just remembered that you are also running the WinMagic security system too... I've never used it but imagine it's only compounding things with the above?

Also don't forget about this:
Checking through your drivers I found this:

BTHidMgr.sys Mon Mar 05 12:17:15 2007: Bluetooth HID Manager driver (IVT BlueSolei) May not be compatible with Win7
I tried to find an update for this driver but was unsuccessful. If the issue's continue you may want to remove this driver just as a test. If you don't use it any more then just remove anyway..

ElbyCDFL.sys Thu Dec 14 21:22:27 2006: ElbyCDIO Filter Driver please either update or remove:
SlySoft CloneCD | clone cd, backup cd, cd copy, copy music cd, copy navigation cd

I notice you have numerous applications installed. Anyone of which could be part of the issue. If the issue continues consider each one in turn and if need be uninstall to test.

Rt64win7.sys Wed Dec 26 17:17:50 2012: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet driver please update
http://www.realtek.com.tw/downloads...d=5&Level=5&Conn=4&DownTypeID=3&GetDown=false

BiosVersion = 1602
BiosReleaseDate = 10/29/2013
SystemManufacturer = ASUS
BaseBoardProduct = Z87-A
Current Bios stands at 2103. Many of the missed Bios updates are for increased functionality and stability. Please ensure I have the correct page for your system:
Z87-A - Support
 


Last edited:

Ninethe

Senior Member
Hi, again, friend kemical!

I was very lucky with one machine, since once I disabled the WinMagic security system I was able to Safe Boot, after which I performed a system restore from two days before the BSOD started, and now everything boots normally with no problems!

(However, for some very strange reason I was unable to disable/de-activate the WinMagic SecureDoc system on the second machine, so I need more tech support from WinMagic before I can continue troubleshooting it).

But for general info purposes, allow me to address some of the potential issues you so helpfully brought to my attention...

(1): I'm going to try to uninstall "BTHidMgr.sys" - Bluetooth HID Manager driver (IVT BlueSolei) , since it didn't work correctly anyway. But the only way I know to uninstall a driver is to use Comodo Program Manager, which is the only uninstall utility that has a Driver Uninstall feature. If you know of a better method, please let me know.

(2): I'll try to update "Rt64win7.sys" - Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet driver, but Raxco PerfectUpdater (which is the only driver update tool I trust) says that that driver doesn't need updating.

(3): "ElbyCDFL.sys" - ElbyCDIO Filter Driver -- This company has stated that there will not be any updates to this, and I think I need it, so I'll leave it alone.


As for all the security software you listed, allow me to explain why I need them and why I don't think there's a conflict...

(1): "avc3.sys" - BitDefender Active Virus Control filter driver -- This is installed by my antivirus app, and my research revealed that it's the best available for me for 2015.

(2): "cmderd.sys" - COMODO Internet Security Eradication Driver -- This is installed by my Firewall, which I trust and has some essential features I need that no other firewall I've examined provides. This doesn't have any antivirus or other antimalware capabilities, so there's no conflict with BitDefender or anything else.

(3): "PerfectGuard64.sys" - PerfectGuard Security -- This is the best anti-keylogger, anti-screencap, anti-camera, etc tool on the market. It does not conflict with either BitDefender or Comodo Firewall since it's performing a very different task.

(4): WinMagic SecureDoc -- This system makes it impossible for any person or agency to boot the machines I've installed it on without a complex private password and secure key file. And even if anyone stole my computer or my disk drives, they would remain completely inaccessible without that same password and security key.

Note also that all of these have been installed and were running together perfectly for more than 6 months without any indication of any conflict or BSODs.

And one system is once again working perfectly with everything you've called out as a possible concern.


In any case, I once again wish to thank you ENORMOUSLY for your kind and useful assistance!!



Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960001329ec, fffff880096be020, 0}

Probably caused by : win32k.sys ( win32k!AllocateW32Process+44 )

Followup: MachineOwner
Hi,
all your dump files are the same and basically point to either a driver or system process although as i said previously there is a small chance that it's RAM.
Looking through your dump file however I noticed that you have several security applications running:

avc3.sys Tue May 12 13:14:53 2015: BitDefender Active Virus Control filter driver
PerfectGuard | Raxco Software

cmderd.sys Fri Jan 30 11:46:12 2015: COMODO Internet Security Eradication Driver
Free Internet Security 2015 | Download New Comodo Internet Security V8

PerfectGuard64.sys Tue Oct 22 10:09:47 2013: PerfectGuard Security
PerfectGuard | Raxco Software

Having this many security applications is most likely the cause of the bsod. Reduce your security applications please. (are the two PerfectGuard apps the same?)
Edit:
I just remembered that you are also running the WinMagic security system too... I've never used it but imagine it's only compounding things with the above?

Also don't forget about this:
 


Ninethe

Senior Member
NEW INFO

Well, I allowed Windows Update to install 17 pending updates, but after booting again, I got the same BSOD as in my OP!

(Afterwards, I performed another System Restore so that I could boot without the BSOD again).

This proves unequivocally that one or more Windows Updates caused the BSOD, but none of those updates were from the group of Tuesday, July 14 (the most recent update dump), because I had not installed any from that Tuesday dump. But on the other hand, the systems were working fine on Monday and Tuesday, and I don't recall installing any Windows Updates since the June Tuesday dump.

I ran Windows Update and I looked at all the Installed Updates, but there's obviously something wrong since it doesn't show nearly enough updates, and specifically it doesn't show any updates at all since June.

I suppose I'll have to install all the pending updates one by one and check for the BSOD so that I can figure out which update is responsible.

I'll update this thread as more info comes in....
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
Hi Ninethe,
thank you for posting the above information. I do know that recently this update below had been causing issues:
KB3022345
Can you check to see if it's installed?
 


Ninethe

Senior Member
Hello again, oh wise kemical!

As promised, I tried applying the 18 pending Windows Updates one by one and have definitely found the problem: KB3070102
https://support.microsoft.com/en-us/kb/3070102
https://support.microsoft.com/en-us/kb/3070102

Microsoft Security Bulletin MS15-073 - Important

When I then googled it, I found several others who have had the exact same BSOD described in my OP, and they blame KB3070102 for it. That update definitely modifies Win32k.sys, which is what caused the BSOD.

Microsoft, of course, denies everything and blames it on user drivers, the list of which is ridiculously long, so I don't believe them. I believe the implementation of update KB3070102 was sloppy and that the update has one or more bugs.

Hi Ninethe,
thank you for posting the above information. I do know that recently this update below had been causing issues:
KB3022345
Can you check to see if it's installed?
Thanks for the tip-off! Yes, it is installed, but I have no idea which version was installed. I'm going to uninstall it for safety's sake...

Once again, you have my gratitude!
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
Much thanks for the information as this is always extremely handy for others who may be having similar issues (not to mention my records too).
If we can help in anyway please post back but in any case hope all goes well.. :)
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top