BSOD STOP 03B Win32k.sys - Can't post requested files

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by Ninethe, Jul 16, 2015.

  1. Ninethe

    Ninethe Well-Known Member

    Joined:
    Nov 17, 2012
    Messages:
    51
    Likes Received:
    1
    First thing Wednesday, both of my two 64-bit Windows 7 SP1 desktop systems immediately suffered STOP 03B (00000000C0000005,...) Win32k.sys BSOD crashes.

    Neither machine had the latest Tuesday Windows updates.

    One of the two was always left running, but for some unknown reason it had rebooted itself. I find it extremely suspicious that both systems suffered exactly the same BSOD at exactly the same time...

    I profoundly apologize, but I simply cannot upload/post the files requested by the "How to ask for help with a BSOD problem" thread, since neither system will boot at all.
    Why not?

    Because both systems have WinMagic's SecureDoc security system installed, which makes normal system access and system troubleshooting impossible because everything is either encrypted or otherwise secured. I can, however, boot from a special WinMagic Recovery usb drive and temporarily decrypt and otherwise "un-secure" all disks. Thus, I can access all files and copy them out on a USB stick, but booting -- even safe booting -- is entirely impossible.


    I'm awaiting tech support from WinMagic, but in the meantime, could someone please advise me how I would repair the BSOD as if I was not using SecureDoc? That way, when I finally get support from WinMagic, I can try to go ahead and follow your instructions.

    Although I cannot provide a minidump nor the other files requested in the "How to ask for help with a BSOD problem" thread, I've uploaded three files:

    [1]: A zipped dump file from C:\Windows\Minidump (which doesn't look like a minidump to me, but I could be wrong)

    [2]: A BlueScreenView display for the main BSOD

    [3]: A BlueScreenView display for the secondary problem


    Guide me, if you can?


    Hardware:

    System 1: ASUS Z97-A / Intel Core i7-4790K Devil’s Canyon Quad-Core 4.0GHz / 16 GB RAM / 64-bit Win 7 SP1-U


    System 2: ASUS Z87-A / Intel Core i7-4770K 3.50 GHz / 16GB RAM / 64-bit Win 7 SP1-U
     

    Attached Files:

    #1 Ninethe, Jul 16, 2015
    Last edited: Jul 16, 2015
  2. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,809
    Likes Received:
    1,563
    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 3B, {c0000005, fffff960000ee1d0, fffff8800a4f4df0, 0}
    
    Probably caused by : win32k.sys ( win32k!HMValidateHandleNoSecure+10 )
    
    Followup: MachineOwner
    
    Hi,
    this can be a rather vague bugcheck to get and determining the cause can take some time to evaluate. What I can tell you is that it can be memory related and indeed the c0000005 you see in the brackets above means data held in the memory couldn't be read because either the data or the memory is/was corrupt. This could mean that either you have a bad driver, system service and/or faulty RAM.

    Checking through your drivers I found this:

    BTHidMgr.sys Mon Mar 05 12:17:15 2007: Bluetooth HID Manager driver (IVT BlueSolei) May not be compatible with Win7
    I tried to find an update for this driver but was unsuccessful. If the issue's continue you may want to remove this driver just as a test. If you don't use it any more then just remove anyway..

    ElbyCDFL.sys Thu Dec 14 21:22:27 2006: ElbyCDIO Filter Driver please either update or remove:
    http://www.slysoft.com/en/clonecd.html

    I notice you have numerous applications installed. Anyone of which could be part of the issue. If the issue continues consider each one in turn and if need be uninstall to test.

    Rt64win7.sys Wed Dec 26 17:17:50 2012: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet driver please update
    http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false

    BiosVersion = 1602
    BiosReleaseDate = 10/29/2013
    SystemManufacturer = ASUS
    BaseBoardProduct = Z87-A
    Current Bios stands at 2103. Many of the missed Bios updates are for increased functionality and stability. Please ensure I have the correct page for your system:
    https://www.asus.com/Motherboards/Z87A/HelpDesk_Download/

    If the bsod continues then you'll need to test your RAM. Windows does have a memory testing app but it can miss errors and the best app for the job is Memtest86.
    If you open the link below you'll see you can run Memtest86 in two ways. You can either burn it to disk or install it onto a USB drive it's entirely up to you. You'll then need to enter the bios to change the boot order so you can boot from either the Disk or USB stick you have Memtest86 on.
    You must test for at least 12 hours unless it becomes obvious there is a problem straight away (you'll see errors outlined in red.
    http://www.memtest.org/

    Ok so I've basically listed what you should consider updating first. Often debugging can be an ongoing process so please come back to me once you get to this point.
    Post any new dump files.
     
    Ninethe likes this.
  3. Ninethe

    Ninethe Well-Known Member

    Joined:
    Nov 17, 2012
    Messages:
    51
    Likes Received:
    1
    Dear kemical,

    You are a god! I am incredibly grateful for your very helpful reply!

    First thing I'm going to do is follow your advice and run MemTest+, especially since I can use the MemTest boot CD which I think will let me avoid the SecureDoc situation.

    But don't you think a RAM problem is extremely unlikely, given that TWO different computers crashed with the exact same BSOD at the exact same time?

    Anyway, it's a thing to do while I spend the many hours necessary to "un-secure" my system.


    Thanks enormously!




     
  4. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,809
    Likes Received:
    1,563
    Hi Ninethe,
    in answer to your question, yes it is unlikely and I really just included that 'option' in case you try everything but yet the bsod continues.
    Good luck and do post back if need be.
     
  5. Ninethe

    Ninethe Well-Known Member

    Joined:
    Nov 17, 2012
    Messages:
    51
    Likes Received:
    1
    Okay, I've uploaded the files collected by the W7F Diagnostic Tool to provide additional info.

    I was able to do this after successfully de-activating the WinMagic security system on ONE of the two computers with the same BSOD problem. That means that I can boot into Safe Mode on that computer, which allows me to troubleshoot the BSOD normally.

    BTW, I ran MemTest86+ for about 16 hours on both computers, and no error was found...
     

    Attached Files:

  6. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,809
    Likes Received:
    1,563
    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 3B, {c0000005, fffff960001329ec, fffff880096be020, 0}
    
    Probably caused by : win32k.sys ( win32k!AllocateW32Process+44 )
    
    Followup: MachineOwner
    
    Hi,
    all your dump files are the same and basically point to either a driver or system process although as i said previously there is a small chance that it's RAM.
    Looking through your dump file however I noticed that you have several security applications running:

    avc3.sys Tue May 12 13:14:53 2015: BitDefender Active Virus Control filter driver
    PerfectGuard | Raxco Software

    cmderd.sys Fri Jan 30 11:46:12 2015: COMODO Internet Security Eradication Driver
    Free Internet Security 2015 | Download New Comodo Internet Security V8

    PerfectGuard64.sys Tue Oct 22 10:09:47 2013: PerfectGuard Security
    PerfectGuard | Raxco Software

    Having this many security applications is most likely the cause of the bsod. Reduce your security applications please. (are the two PerfectGuard apps the same?)
    Edit:
    I just remembered that you are also running the WinMagic security system too... I've never used it but imagine it's only compounding things with the above?

    Also don't forget about this:
     
    #6 kemical, Jul 20, 2015
    Last edited: Jul 20, 2015
    Ninethe likes this.
  7. Ninethe

    Ninethe Well-Known Member

    Joined:
    Nov 17, 2012
    Messages:
    51
    Likes Received:
    1
    Hi, again, friend kemical!

    I was very lucky with one machine, since once I disabled the WinMagic security system I was able to Safe Boot, after which I performed a system restore from two days before the BSOD started, and now everything boots normally with no problems!

    (However, for some very strange reason I was unable to disable/de-activate the WinMagic SecureDoc system on the second machine, so I need more tech support from WinMagic before I can continue troubleshooting it).

    But for general info purposes, allow me to address some of the potential issues you so helpfully brought to my attention...

    (1): I'm going to try to uninstall "BTHidMgr.sys" - Bluetooth HID Manager driver (IVT BlueSolei) , since it didn't work correctly anyway. But the only way I know to uninstall a driver is to use Comodo Program Manager, which is the only uninstall utility that has a Driver Uninstall feature. If you know of a better method, please let me know.

    (2): I'll try to update "Rt64win7.sys" - Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet driver, but Raxco PerfectUpdater (which is the only driver update tool I trust) says that that driver doesn't need updating.

    (3): "ElbyCDFL.sys" - ElbyCDIO Filter Driver -- This company has stated that there will not be any updates to this, and I think I need it, so I'll leave it alone.


    As for all the security software you listed, allow me to explain why I need them and why I don't think there's a conflict...

    (1): "avc3.sys" - BitDefender Active Virus Control filter driver -- This is installed by my antivirus app, and my research revealed that it's the best available for me for 2015.

    (2): "cmderd.sys" - COMODO Internet Security Eradication Driver -- This is installed by my Firewall, which I trust and has some essential features I need that no other firewall I've examined provides. This doesn't have any antivirus or other antimalware capabilities, so there's no conflict with BitDefender or anything else.

    (3): "PerfectGuard64.sys" - PerfectGuard Security -- This is the best anti-keylogger, anti-screencap, anti-camera, etc tool on the market. It does not conflict with either BitDefender or Comodo Firewall since it's performing a very different task.

    (4): WinMagic SecureDoc -- This system makes it impossible for any person or agency to boot the machines I've installed it on without a complex private password and secure key file. And even if anyone stole my computer or my disk drives, they would remain completely inaccessible without that same password and security key.

    Note also that all of these have been installed and were running together perfectly for more than 6 months without any indication of any conflict or BSODs.

    And one system is once again working perfectly with everything you've called out as a possible concern.


    In any case, I once again wish to thank you ENORMOUSLY for your kind and useful assistance!!



     
  8. Ninethe

    Ninethe Well-Known Member

    Joined:
    Nov 17, 2012
    Messages:
    51
    Likes Received:
    1
    NEW INFO

    Well, I allowed Windows Update to install 17 pending updates, but after booting again, I got the same BSOD as in my OP!

    (Afterwards, I performed another System Restore so that I could boot without the BSOD again).

    This proves unequivocally that one or more Windows Updates caused the BSOD, but none of those updates were from the group of Tuesday, July 14 (the most recent update dump), because I had not installed any from that Tuesday dump. But on the other hand, the systems were working fine on Monday and Tuesday, and I don't recall installing any Windows Updates since the June Tuesday dump.

    I ran Windows Update and I looked at all the Installed Updates, but there's obviously something wrong since it doesn't show nearly enough updates, and specifically it doesn't show any updates at all since June.

    I suppose I'll have to install all the pending updates one by one and check for the BSOD so that I can figure out which update is responsible.

    I'll update this thread as more info comes in....
     
  9. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,809
    Likes Received:
    1,563
    Hi Ninethe,
    thank you for posting the above information. I do know that recently this update below had been causing issues:
    KB3022345
    Can you check to see if it's installed?
     
  10. Ninethe

    Ninethe Well-Known Member

    Joined:
    Nov 17, 2012
    Messages:
    51
    Likes Received:
    1
    Hello again, oh wise kemical!

    As promised, I tried applying the 18 pending Windows Updates one by one and have definitely found the problem: KB3070102

    https://support.microsoft.com/en-us/kb/3070102

    Microsoft Security Bulletin MS15-073 - Important

    When I then googled it, I found several others who have had the exact same BSOD described in my OP, and they blame KB3070102 for it. That update definitely modifies Win32k.sys, which is what caused the BSOD.

    Microsoft, of course, denies everything and blames it on user drivers, the list of which is ridiculously long, so I don't believe them. I believe the implementation of update KB3070102 was sloppy and that the update has one or more bugs.

    Thanks for the tip-off! Yes, it is installed, but I have no idea which version was installed. I'm going to uninstall it for safety's sake...

    Once again, you have my gratitude!
     
    kemical likes this.
  11. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,809
    Likes Received:
    1,563
    Much thanks for the information as this is always extremely handy for others who may be having similar issues (not to mention my records too).
    If we can help in anyway please post back but in any case hope all goes well.. :)
     

Share This Page

Loading...