Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skype BSOD SYSTEM_SERVICE_EXCEPTION ks.sys


  • Please log in to reply
19 replies to this topic

#1 ShadowofElements

ShadowofElements

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 18 June 2014 - 10:06 PM

Yesterday, midway through a skype call, skype suddenly stopped working, so I tried to reopen it. My computer screen then went black to be followed by a blue screen with SYSTEM_SERVICE_EXCEPTION at the top and ks.sys down below. I have read numerous posts about this with no set solution, so here is a link to the dump file:
https://drive.google.com/file/d/0B8IfJMTnm6ShcmtjUGJ5SD...

I uninstalled Skype, and I tried to reinstall it. The blue screen came up mid-way the install. I also updated the drivers that I could, but the Logitech SetPoint Driver installer did not function. This still happens, even after the updates.

 

If anyone has a solution, it would be greatly appreciated.

 

Edit: after a recent crash, I decided to post an up-to-date dump file. Here it is:

https://drive.google.com/file/d/0B8IfJMTnm6ShS0tBWC1TNGFsZEU/edit?usp=sharing


Edited by ShadowofElements, 18 June 2014 - 10:24 PM.


BC AdBot (Login to Remove)

 


#2 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 19 June 2014 - 09:23 AM

Hi

 

The bloatware "IOBit Malware Figher" is causing issues for you.

fffff880`0683bad8  fffff880`06daf295Unable to load image \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for regfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for regfilter.sys
 regfilter+0x2295

Please uninstall all IOBit junks completely from the system and reboot the machine. Then try re-installing "Skype".



#3 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 19 June 2014 - 05:52 PM

I uninstalled everything associated with IOBit, and the crash still occurred. Here is the new mini-dump file:

https://drive.google.com/file/d/0B8IfJMTnm6ShQVFLR0RDaDgtblE/edit?usp=sharing



#4 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 20 June 2014 - 12:15 AM

Hi

 

Yes, IOBit seems to be uninstalled correctly but there seems to be both Norton and Microsoft Security Essential drivers present on the system. To avoid possible conflicts between two, i would recommend cleaning Norton AV components. Please download and run "Norton removal Tool" and execute it to properly remove the remnants of "Norton".

 

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

 

Also download and install latest version of Intel storage controller driver from the below link.

 

https://downloadcenter.intel.com/confirm.aspx?httpDown=http://downloadmirror.intel.com/23496/eng/SetupRST.exe&lang=eng&Dwnldid=23496&ProductID=2101&ProductFamily=Software+Products&ProductLine=Chipset+Software&ProductProduct=Intel%C2%AE+Rapid+Storage+Technology+(Intel%C2%AE+RST)

 

If the BSOD continues, run "Skype" setup again to force system to produce another BSOD. More than one crash dump is necessary to find a pattern. Then zip and upload the newest crash dumps with next reply.

 

Also publish a snapshot of your system using "Speccy" as per this guide : 

 

http://www.bleepingcomputer.com/forums/t/323892/publish-a-snapshot-using-speccy/



#5 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 20 June 2014 - 10:31 AM

The BSOD has continued. The latest crash dump is at this link:

https://drive.google.com/file/d/0B8IfJMTnm6ShVDNIbGlNLTNoTlU/edit?usp=sharing

For some reason, my computer stopped generating crash dumps after that last one.

 

Also, here is the snapshot of my system:


#6 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 20 June 2014 - 03:10 PM



 

The BSOD has continued. The latest crash dump is at this link:

https://drive.google.com/file/d/0B8IfJMTnm6ShVDNIbGlNLTNoTlU/edit?usp=sharing

For some reason, my computer stopped generating crash dumps after that last one.

 

Also, here is the snapshot of my system:

 

Hi ShadowOfElements,

 

I have analyzed your latest dump file. Below is a list of 3rd party drivers which I would say find updates for :-

**************************Fri Jun 20 12:49:47.195 2014 (UTC + 5:30)**************************
CM10264.sys                 Thu Oct 30 12:14:04 2008 (490957B4)
intelppm.sys                Tue Jul 14 04:49:25 2009 (4A5BC0FD)
amdxata.sys                 Fri Mar 19 21:48:18 2010 (4BA3A3CA)
clwvd.sys                   Wed Jul 28 06:43:47 2010 (4C4F844B)
iaStor.sys                  Fri May 20 22:22:24 2011 (4DD69C48)
SynTP.sys                   Fri Oct 14 08:04:52 2011 (4E979FCC)
cbfs3.sys                   Mon Apr  9 18:51:46 2012 (4F82E26A)
GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
snp2uvc.sys                 Tue Nov 20 08:31:44 2012 (50AAF298)
ccSetx64.sys                Tue Sep 24 09:28:04 2013 (52410DCC)
dump_iaStorA.sys            Tue Oct 29 02:45:26 2013 (526ED3EE)
iaStorA.sys                 Tue Oct 29 02:45:26 2013 (526ED3EE)
iaStorF.sys                 Tue Oct 29 02:45:28 2013 (526ED3F0)
netr28x.sys                 Mon Nov 25 20:40:54 2013 (5293687E)
TeeDriverx64.sys            Wed Nov 27 23:26:32 2013 (52963250)
RtsPStor.sys                Tue Jan  7 11:51:53 2014 (52CB9D01)
MpFilter.sys                Wed Jan 15 05:25:38 2014 (52D5CE7A)
Smb_driver_Intel.sys        Fri Jan 24 03:29:05 2014 (52E190A9)
Rt64win7.sys                Tue Feb 18 17:08:35 2014 (5303463B)
igdkmd64.sys                Thu Mar 20 21:10:31 2014 (532B0BEF)
RzFilter.sys                Thu Apr  3 21:09:47 2014 (533D80C3)
RzDxgk.sys                  Thu Apr  3 21:09:50 2014 (533D80C6)
RTKVHD64.sys                Wed May 14 15:58:52 2014 (53734564)
RzMaelstromVAD.sys          Fri May 23 16:04:44 2014 (537F2444)
CM10264.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
Since, the BSOD is related to KS.sys, I think the driver named "CM10264.sys"  is the possible cause of your BSOD and is related to your C Media Audio Device. Could you please remove your C Media Audio Device from USB and see if the issue still persists or not? Update this C Media Audio Device Driver. If the issue is still not solved, could you please post back 
 
 
Click on the EXE file, let it run and finish the job. Check your desktop for a new generated zip file and upload it in case the issue is still not fixed.

Edited by blueelvis, 20 June 2014 - 03:12 PM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#7 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 20 June 2014 - 09:03 PM

The issue was sadly not solved. I updated the drivers that I could and removed the C Media Audio Device Driver, but to no effect. Here is the zip file you wanted:

https://drive.google.com/file/d/0B8IfJMTnm6ShOHV6NUdJa1JhNkU/edit?usp=sharing



#8 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 21 June 2014 - 03:01 PM

Hi Shadowofelements,

 

I was able to get the information from the zip file or specifically the DXdiag text file report. Apparently, first of all we must understand what "ks.sys" is used for?

So, according to this Microsoft Article which I found on googling, "ks.sys" is used by Video Capture MiniDrivers from Windows XP and later.

 

So, after knowing this, I opened your DXdiag report to see what Video Recording devices you have, I found that there is presence of "HP HD Webcam [Fixed]" . So, it led me to think that maybe there are drivers for that one as well.

 

On re analyzing your dump file, I found two drivers for your webcam i.e. :- "snp2uvc.sys" dating in the year of 2012 and "clwvd.sys" dating in the year of 2010. I will say that these drivers may be conflicting when you are trying to use Skype to do a call.

 

Please remove these drivers and their related software and see if the issue still persists or not. If the issue is still not solved, I would be glad to help you further ^_^


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#9 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 21 June 2014 - 06:26 PM

I found the cause of the crash! You were right! The driver HP HD Webcam [Fixed] creates the BSOD whenever it is enabled. I didn't manage to find any updates for the driver, so I was wondering if I should uninstall the driver. For now, I have it disabled, but are there any alternative webcam drivers? Thanks for all of your help so far.

 

I am also pretty sure that I uninstalled the drivers associated with clwvd.sys, but I can't get any more dump files to generate.


Edited by ShadowofElements, 21 June 2014 - 09:20 PM.


#10 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 22 June 2014 - 02:28 AM

Hi Shadowofelements,

 

Yups, you have removed the "clwvd.sys", but there is still presence of the "snp2uvc.sys" ( Suyin USB 2.0 Webcam driver) according to your latest driver report. Uninstall this device driver ASAP and see if enabling the HP HD Webcam after the removal of those software still causes any BSOD or not.

 

If it still does not fix your problem, I would ask you to goto Device Manager, find your webcam, right click on it and click on Uninstall Device Driver. After this restart your Windows and it should install a generic driver for your webcam. Let me know how it proceeds.


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#11 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 22 June 2014 - 12:47 PM

I did find the presence of snp2uvc.sys in C:/Windows/System32/drivers but I can't find the driver associated with it in Device Manager. I don't see Suyin USB 2.0 Webcam Driver on the list, so I'm not sure how to remove it.

 

Also, HP HD Webcam seems to be the generic webcam driver after all, so I doubt that it is causing the issues.


Edited by ShadowofElements, 22 June 2014 - 12:48 PM.


#12 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 22 June 2014 - 01:59 PM

I did find the presence of snp2uvc.sys in C:/Windows/System32/drivers but I can't find the driver associated with it in Device Manager. I don't see Suyin USB 2.0 Webcam Driver on the list, so I'm not sure how to remove it. a

 

Also, HP HD Webcam seems to be the generic webcam driver after all, so I doubt that it is causing the issues.

Rename the "snp2uvc.sys" to "snp2uvc.bak" so that in case any problem comes, we can revert it back to the original file. Once you are done, try using your HP HD Webcam to see if the issue still persists or not. As there are no conflicting drivers now. Keep me posted ^_^


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#13 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 22 June 2014 - 06:05 PM

I did as you said, except I moved the .sys file to a safe folder, and the crash stopped occurring. Even though this is good, the HP HD Webcam [Fixed] driver doesn't function without it. I re-installed the driver, and another snp2uvc.sys generated. 

 

I generated a new log collector file:

https://drive.google.com/file/d/0B8IfJMTnm6ShR2dzUHJXb2NjUXc/edit?usp=sharing



#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 22 June 2014 - 11:14 PM

I did as you said, except I moved the .sys file to a safe folder, and the crash stopped occurring. Even though this is good, the HP HD Webcam [Fixed] driver doesn't function without it. I re-installed the driver, and another snp2uvc.sys generated. 

 

I generated a new log collector file:

https://drive.google.com/file/d/0B8IfJMTnm6ShR2dzUHJXb2NjUXc/edit?usp=sharing

In the log file, there is again presence of "clwvd.sys" even though it is in a stopped state. Could you please do a manual search for this driver and rename it as well?

Till then, I ll try to analyze further.


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#15 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 23 June 2014 - 10:32 AM

I searched for clwvd.sys in my windows directory, and nothing came up. I don't know where else it would be.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users