Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP - first BSOD in long time


  • Please log in to reply
13 replies to this topic

#1 Error409

Error409

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 March 2018 - 02:26 PM

Hi,

As of this writing, there is only one Minidump file in C:\WINDOWS\Minidump\

I'm relatively new to this forum. 

My guess is the crash likely was caused by several causes, but apparently by Win32k.sys 

I had no alternative other than to use the software - 'Blue Screen View' from Bleeping Computer. 

 

 

I don't know what exactly is most useful to provide on this post with this software.

There's several options in the lower pane mode under 'menu'.

It appears this software has limitations as compared to Sysnative 

uploading driver data in text format to the forum doesn't appear as an option   

 

 

I've attached a screenshot of Blue Screen, the dumpcheck output from the portable software.   

I can't really see a way to upload the minidump drivers with Blue Screen View.

 

I'll wait to hear a direction on what might help with providing more information than this. 

I apologize for the lack of useful information

 

Thanks

 

[UPDATE] I read the directions on this forum before posting the information. They appear to be written for using Sysnative which does not support XP.

I had my system cleaned from malware on a different forum just last week. Here is the link to that post on Bleeping Computer.          

Attached Files


Edited by Error409, 09 March 2018 - 02:44 PM.


BC AdBot (Login to Remove)

 


#2 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:06:19 AM

Posted 09 March 2018 - 02:46 PM

 

As of this writing, there is only one Minidump file in C:\WINDOWS\Minidump\

Zip it up (use .zip!) and attach it in your next reply.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#3 Error409

Error409
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 March 2018 - 03:30 PM

I attached the Blue Screen View zip file 

Attached Files



#4 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:06:19 AM

Posted 09 March 2018 - 04:15 PM

Not that. The minidump in the folder I quoted.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#5 Error409

Error409
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 March 2018 - 04:36 PM

sorry.
So I need to attach a copy of the .dmp file from that path and attach that as a zip file. correct?

#6 Error409

Error409
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 March 2018 - 04:53 PM

I'm assuming this is the file asked for:

 

Attached Files



#7 Error409

Error409
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 March 2018 - 06:26 PM

Pardon me for asking but I was wondering if I should've posted the minidmp file after using maybe the program Windbg.

When I was asked to post it at first, I thought I was supposed to use Blue Screen View.

Just wondering now because I haven't heard any response back yet since my last two posts.


Edited by Error409, 09 March 2018 - 06:27 PM.


#8 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:06:19 AM

Posted 09 March 2018 - 06:59 PM

No, you did everything right.

kd> !analyze -show 1000008E c0000005 bf8137d2 aa0f908c 0
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8137d2, The address that the exception occurred at
Arg3: aa0f908c, Trap Frame
Arg4: 00000000
kd> u bf8137d2
win32k!ESTROBJ::vInit+0x43:
bf8137d2 f6410410        test    byte ptr [ecx+4],10h
bf8137d6 0f8593feffff    jne     win32k!ESTROBJ::vInit+0x49 (bf81366f)
bf8137dc 8b4d48          mov     ecx,dword ptr [ebp+48h]
bf8137df 8b4508          mov     eax,dword ptr [ebp+8]
bf8137e2 897e08          mov     dword ptr [esi+8],edi
bf8137e5 897e24          mov     dword ptr [esi+24h],edi
bf8137e8 897e28          mov     dword ptr [esi+28h],edi
bf8137eb 897e70          mov     dword ptr [esi+70h],edi
kd> .trap aa0f908c
ErrCode = 00000000
eax=00000000 ebx=aa0f93d0 ecx=00000000 edx=e52be008 esi=aa0f918c edi=00000000
eip=bf8137d2 esp=aa0f9100 ebp=aa0f9114 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
win32k!ESTROBJ::vInit+0x43:
bf8137d2 f6410410        test    byte ptr [ecx+4],10h       ds:0023:00000004=??
kd> !dpx
Start memory scan  : 0xaa0f9100 ($csp)
End memory scan    : 0xaa0fa000 (Kernel Stack Base)
...
0xaa0f9118 : 0xbf812b9b : win32k!GreExtTextOutWLocked+0x666
0xaa0f9180 : 0xbf8bfe4d : win32k!mmxAlphaPerPixelOnly
0xaa0f91f0 : 0xbf81d257 : win32k!SURFREFAPI::SURFREFAPI+0x11f
0xaa0f923c : 0x8054b9af : nt!ExAllocatePoolWithTag+0x27e
0xaa0f9254 : 0xbf801900 : win32k!ValidateHandleSecure+0x55
0xaa0f9258 : 0xbf81d840 : win32k!SURFREFAPI::SURFREFAPI+0x3e4
0xaa0f92c8 : 0xbf8bfe4d : win32k!mmxAlphaPerPixelOnly
0xaa0f92fc : 0xaa0f933c : 0xade0267c : watchdog!WdExitMonitoredSection
0xaa0f9304 : 0x8054b838 : nt!ExFreePoolWithTag+0x676
0xaa0f933c : 0xade0267c : watchdog!WdExitMonitoredSection
0xaa0f9348 : 0xbf8019e6 : win32k!GreReleaseSemaphore+0xa
0xaa0f934c : 0xbf8059c1 : win32k!DEVLOCKBLTOBJ::~DEVLOCKBLTOBJ+0x2a
0xaa0f9358 : 0xbf83cdde : win32k!NtGdiAlphaBlend+0xc42
0xaa0f9390 : 0xbf81e5db : win32k!NtGdiDrawStreamInternal+0x1ff
0xaa0f93bc : 0xbf814036 : win32k!GreBatchTextOut+0x385
0xaa0f947c : 0xbf9674cd : win32k!IntAdd+0x20
0xaa0f9494 : 0xbf905af7 : win32k!RGNOBJ::bOffset+0x92
0xaa0f94a8 : 0xbf80531f : win32k!DC::vUpdate_VisRect+0x47
0xaa0f94cc : 0xbf805c26 : win32k!DC::bCompute+0x23d
0xaa0f94e8 : 0xbf905651 : win32k!HmgLock+0x86
0xaa0f94f4 : 0xaa0f93ec :  Trap @ aa0f94f4
0xaa0f9500 : 0xbf9949ff : win32k!_except_handler3
0xaa0f9510 : 0xbf80c597 : win32k!NtGdiFlushUserBatch+0x11c
0xaa0f9524 : 0x8055a370 : nt!KeServiceDescriptorTableShadow+0x10
0xaa0f9530 : 0xbf809156 : win32k!hbmSelectBitmap+0x2b4
0xaa0f955c : 0xbf808d6d : win32k!NtGdiSelectBitmap+0x12
0xaa0f9570 : 0xbf83d3fa : win32k!BltIcon+0x102
0xaa0f9598 : 0xaa0f95a8 : 0xaa0f95c0 : 0xbf80524b : win32k!DC::erclClip+0x17
0xaa0f95a0 : 0xbf800c30 : win32k!ExAllocateFromPagedLookasideList+0x14
0xaa0f95a8 : 0xaa0f95c0 : 0xbf80524b : win32k!DC::erclClip+0x17
0xaa0f95ac : 0xbf80592a : win32k!AllocateObject+0x23
0xaa0f95b0 : 0xbf80595c : win32k!AllocateObject+0x67
0xaa0f95c0 : 0xbf80524b : win32k!DC::erclClip+0x17
0xaa0f95c4 : 0xbf9adfe8 : win32k!rclEmpty
0xaa0f95e0 : 0xaa0f9624 : 0xaa0f9658 : 0xbf9949ff : win32k!_except_handler3
0xaa0f95e4 : 0xbf80522e : win32k!DC::vReleaseRao+0x25
0xaa0f95e8 : 0xbf9adfe8 : win32k!rclEmpty
0xaa0f95f0 : 0xbf8160ac : win32k!NtGdiIntersectClipRect
0xaa0f95fc : 0xbf8160ac : win32k!NtGdiIntersectClipRect
0xaa0f9610 : 0xaa0f9628 : 0xbf816085 : win32k!GreIntersectClipRect+0xd7
0xaa0f9614 : 0xbf8046a5 : win32k!EXFORMOBJ::bXform+0x14
0xaa0f9624 : 0xaa0f9658 : 0xbf9949ff : win32k!_except_handler3
0xaa0f9628 : 0xbf816085 : win32k!GreIntersectClipRect+0xd7
0xaa0f964c : 0xaa0f9524 : 0x8055a370 : nt!KeServiceDescriptorTableShadow+0x10
0xaa0f9658 : 0xbf9949ff : win32k!_except_handler3
0xaa0f9668 : 0x804de7be : nt!KiSystemServiceAccessTeb+0x10
0xaa0f96f0 : 0x804de7f8 : nt!KiSystemServicePostCall
0xaa0f97ac : 0x804e2408 : nt!_except_handler3
0xaa0f97b0 : 0x804e56d0 : nt!KiDebugRegisterContextOffsets+0x24
0xaa0f97c0 : 0xaa0f9850 : 0xbf80f33f : win32k!SfnDWORD+0x125
0xaa0f97c4 : 0xaa0f9850 : 0xbf80f33f : win32k!SfnDWORD+0x125
0xaa0f97c8 : 0xbf800bbd : win32k!EnterCrit+0x21
0xaa0f97d0 : 0xbf80f33f : win32k!SfnDWORD+0x125
0xaa0f9844 : 0xbf9949ff : win32k!_except_handler3
0xaa0f9848 : 0xbf99e760 : win32k!MessageTable+0x548
0xaa0f9850 : 0xbf80f33f : win32k!SfnDWORD+0x125
0xaa0f9854 : 0xbf80f5a5 : win32k!xxxSendMessageToClient+0x176
0xaa0f98fc : 0xaa0f9958 : 0xaa0f998c : 0xbf80f2f0 : win32k!SfnDWORD+0xc7
0xaa0f9900 : 0x80566cc4 : nt!KeUserModeCallback+0x87
0xaa0f9908 : 0x80566cfa : nt!KeUserModeCallback+0xef
0xaa0f9930 : 0x80566cc4 : nt!KeUserModeCallback+0x87
Unable to load image BHDrvx86.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BHDrvx86.sys
*** ERROR: Module load completed but symbols could not be loaded for BHDrvx86.sys
0xaa0f9958 : 0xaa0f998c : 0xbf80f2f0 : win32k!SfnDWORD+0xc7
0xaa0f9968 : 0xbf800bbd : win32k!EnterCrit+0x21
0xaa0f997c : 0x804e2408 : nt!_except_handler3
0xaa0f9980 : 0x804e56d0 : nt!KiDebugRegisterContextOffsets+0x24
0xaa0f998c : 0xbf80f2f0 : win32k!SfnDWORD+0xc7
0xaa0f9a14 : 0xbf9949ff : win32k!_except_handler3
0xaa0f9a18 : 0xbf99e760 : win32k!MessageTable+0x548
0xaa0f9a24 : 0xbf80f5a5 : win32k!xxxSendMessageToClient+0x176
0xaa0f9a58 : 0xaa0f9a6c : 0xbf80f797 : win32k!xxxSendMessageTimeout+0x1a6
0xaa0f9a6c : 0xbf80f797 : win32k!xxxSendMessageTimeout+0x1a6
0xaa0f9ab8 : 0xbf80ef59 : win32k!xxxSendMessage+0x1b
0xaa0f9adc : 0xbf85ed90 : win32k!xxxDeactivate+0xd2
0xaa0f9b1c : 0xbf803462 : win32k!DereferenceW32Thread
0xaa0f9b30 : 0x804e2408 : nt!_except_handler3
0xaa0f9b34 : 0x804e56d0 : nt!KiDebugRegisterContextOffsets+0x24
0xaa0f9b50 : 0xbf85e5b6 : win32k!xxxProcessEventMessage+0x266
0xaa0f9b70 : 0xbf85d6df : win32k!CleanEventMessage
0xaa0f9b74 : 0xbf80240e : win32k!DelQEntry+0x44
0xaa0f9ba4 : 0xbf803462 : win32k!DereferenceW32Thread
0xaa0f9bb0 : 0xbf803462 : win32k!DereferenceW32Thread
0xaa0f9bcc : 0xbf803462 : win32k!DereferenceW32Thread
0xaa0f9bd8 : 0xbf803462 : win32k!DereferenceW32Thread
0xaa0f9c14 : 0xbf83dac6 : win32k!xxxCallHook2+0x25d
0xaa0f9c80 : 0xbf802fba : win32k!xxxSleepThread+0x1b8
0xaa0f9c9c : 0xbf801f19 : win32k!xxxRealInternalGetMessage+0x335
0xaa0f9cc4 : 0xbf80e735 : win32k!NtUserGetMessage
0xaa0f9ccc : 0xaa0f9cf0 : 0xbf80e76b : win32k!NtUserGetMessage+0x36
0xaa0f9cd0 : 0xbf8016e1 : win32k!ValidateHwnd+0xb3
0xaa0f9cf0 : 0xbf80e76b : win32k!NtUserGetMessage+0x36
0xaa0f9d14 : 0xbf80e735 : win32k!NtUserGetMessage
0xaa0f9d40 : 0xbf9949ff : win32k!_except_handler3
0xaa0f9d50 : 0x804de7f8 : nt!KiSystemServicePostCall
0xaa0f9ed4 : 0xbf9949ff : win32k!_except_handler3
0xaa0f9ed8 : 0xbf99e760 : win32k!MessageTable+0x548
0xaa0f9ee0 : 0xbf80f33f : win32k!SfnDWORD+0x125
0xaa0f9ee4 : 0xbf80f5a5 : win32k!xxxSendMessageToClient+0x176
Looks like something went wrong in usermode. I'd consider removing Norton given that its driver is right in the raw stack. But if this is the first BSOD you've had in a while (and since you're on XP), feel free to ignore it. Can you update Norton's definitions?
kd> lm k vm BHDrvx86
Browse full module list
start    end        module name
afbf0000 afd40000   BHDrvx86 T (no symbols)           
    Loaded symbol image file: BHDrvx86.sys
    Image path: BHDrvx86.sys
    Image name: BHDrvx86.sys
    Browse all global symbols  functions  data
    Timestamp:        Mon Feb 05 23:26:39 2018 (5A792E7F)
    CheckSum:         0015ABBB
    ImageSize:        00150000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
 

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#9 Error409

Error409
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 09 March 2018 - 08:13 PM

 

 

Looks like something went wrong in usermode. I'd consider removing Norton given that its driver is right in the raw stack. But if this is the first BSOD you've had in a while (and since you're on XP), feel free to ignore it. Can you update Norton's definitions?

 

I thought I had to find the standalone Windbg from Windows WDK .

 

Something did happen the day before the crash. I logged in under a limited account and right after (immediately upon logging on) the system froze  (the PS/2 keyboard and USB mouse were disfunctional, but no errors). I shut down for that day.

 

I booted up the next day and logged in under the admin account. Everything appeared alright with fingers crossed until it crashed a few hours after working.

 

At first I thought parameter 1 0xC0000005 was indicating malware that had possibly gotten deeply embedded.

I've not understood competely how Xp has an ability to repair after re-boot.

I'm not certain if that's what you were referring to by saying: "and you're on XP".

Is there a configuration setting in the legacy BIOS that can someway possibly assist XP in the repair before booting in Windows? 

 

I will look (analyze) closer the bugcheck to see where you found the Norton driver in the raw stack.

 

I updated the virus definitions immediately after this thread was first posted.

Did you mean that you recommend uninstalling Norton indefinitely and using some other Anti-Virus program or did you mean something else?    


Edited by Error409, 09 March 2018 - 08:16 PM.


#10 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:06:19 AM

Posted 11 March 2018 - 09:31 PM

If this is the first BSOD you've experienced, all I recommend is updating Norton's virus detection definitions and waiting. If you get a crash again, we'll have to uninstall Norton and replace it temporarily with another antivirus. "You're on XP" is simply a warning that BSODs are pretty common on old machines, especially when XP isn't supported by Microsoft anymore.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#11 HyperHenry

HyperHenry

  • Members
  • 775 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa (but travel)
  • Local time:05:19 AM

Posted 12 March 2018 - 03:30 PM

The owl is always right. :wink:



#12 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:06:19 AM

Posted 12 March 2018 - 05:23 PM

You're too kind!


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#13 Error409

Error409
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 12 March 2018 - 06:18 PM

Thanks for replying back to my question

 

Questions:

(1) Are you planning to close this issue now?

(2) Would you suggest I set Norton virus definitions to auto update ? (versus manual which is what it was set at when XP crashed)  



#14 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:06:19 AM

Posted 12 March 2018 - 09:50 PM

Topics aren't typically locked or closed in the BSOD forum. Yes, I would suggest you set Norton's virus definitions to automatically update. If not, you are more susceptible to malware, which somewhat defeats the purpose of the antivirus?!


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users