Over 1 million tech questions and answers.

Problem with rootkit win32k.sys

Q: Problem with rootkit win32k.sys

I seem to be having this problem with a rootkit. The rootkit in question is actually a file that AVG claims is "hidden". avast!, SUPERAntispyware and malwarebytes do not seem to detect it. I have tried formatting the disc using the TOSHIBA recovery disc I created. the rootkit is still there.

Attatched is the AVG scan log.

However I don't understand how I got it. I have COMODO Free Firewall, AVG Free, avast! Free, SUPERAntispyware Free, Malwarebytes Anti Malware and IObit Malware Fighter Free.

Thanks in advance

stupot65

RELEVANCY SCORE 200
Preferred Solution: Problem with rootkit win32k.sys

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Problem with rootkit win32k.sys

Quote: Originally Posted by stupot65


I seem to be having this problem with a rootkit. The rootkit in question is actually a file that AVG claims is "hidden". avast!, SUPERAntispyware and malwarebytes do not seem to detect it. I have tried formatting the disc using the TOSHIBA recovery disc I created. the rootkit is still there.

Attatched is the AVG scan log.

However I don't understand how I got it. I have COMODO Free Firewall, AVG Free, avast! Free, SUPERAntispyware Free, Malwarebytes Anti Malware and IObit Malware Fighter Free.

Thanks in advance

stupot65


Keep and run 1 A/V only ( even A/Vs which are not running real time can cause conflicts)
Run either a HIPPS or a BB, but not both for the same reason.
You can have a few on demand only malware scanners, but not active.
Surf from a SUA account only.
Sandboxie is your friend.
I think that file is a part of windows ( not bad )

Read other 7 answers
RELEVANCY SCORE 56.8

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========Lets confirm the diagnosis.Please do this...Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to you... Read more

A:win32k.sys Rootkit

Thank you T for taking time out of your weekend to help me! It's ok if it takes a while to get a response as I am just grateful my computer works enough to be here in the first place. Other than following the advice here, this computer is officially quarantined from being used at my house!!!

Here is the log from Win32 as requested.

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...

Found mount point : C:\windows\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found moun... Read more

Read other 68 answers
RELEVANCY SCORE 56

To whomever answers this distress call,I believe I have the rootkit described in topic 253639 entry 1405644 Click me! or else one very similar to it. I don't have any doubt about being infected, so I skipped the AII part of the procedure. Of course I will be glad to go back to it if you require, but I am pretty confident you will waive it for me.Win XP HE SP3 Pentium 4 @ 3GHz with 512MB RAM. I don't know what kind of RAM it is, though. The machine is an eMachines T5010 bought about 3 years ago. It came with the OS preinstalled with a restore "disk" ( D: ) residing in an NTFS partition on the same hard drive as C:. Did not get any actual CD's, floppies, or anything else to restore from that is external.////////////////Just to give you a general idea of the state of my system here are some things that DON'T work or that I can't get to, or that I no longer have permission for:explorer - unavailable start-up taskbar - unavailable start-up taskbar - unavailable systray (therefore) - unavailable drag/drop - unavailable Write to CD - unavailable cmd - unavailable search - unavailable run - unavailable control panel - unavailableNow for the good news...Administrator tools are OK command.com works System configuration utility works Many exe's in \sys32\ and \WINDOWS\ worka, b, c, and d.exe are at least part of the rootkitI can use sysconfig to access windows firewall and stuff like SYSTEM.INI, WIN.INI, BOOT.INI, and a few of the control panel aps. I... Read more

A:Probable Win32k.sys Rootkit

Sorry for the delay. Do you still desire help?
Kind regards,
~t

Read other 62 answers
RELEVANCY SCORE 56

Alright i was told to post a srenglog after here from this post http://www.bleepingcomputer.com/forums/t/255814/help/its like a win32k rootkit my log is in the attachements. Thanks for helpingEDIT: I think this is the rootkit I have

A:Nasty rootkit need help win32k

Please save this file to your Desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Read other 23 answers
RELEVANCY SCORE 54.8

Anyother Info I'm missing can be found HereDDS and other scanning are disabled but here is the root kit repeal log and a log generated by Win32kdiag.exeI'll paste the following and send as attachment just in case. (To avoid confusion) ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/09/01 08:11Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: 1394BUS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYSAddress: 0xF84D5000 Size: 57344 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xF8466000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2260992 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xF7EC3000 Size: 138496 File Visible: - Signed: -Status: -Name: atapi.sysImage Path: atapi.sysAddress: 0xF83F8000 Size: 96512 File Visible: - Signed: -Status: -Name: ATMFD.DLLImage Path: C:\WINDOWS\System32\ATMFD.DLLAddress: 0xBFFA0000 Size: 286720 File Visible: - Signed: -Status: -Name: avgrkx86.sysImage Path: avgrkx86.sysAddress: 0xF89BD000 Size: 5888 File Visible: - Signed: -Status: -Name: avgtdix.sysImage Path: C:\WINDOWS\System32\Drivers\avgtdix.sysAddress: 0xF7F0D000 Size: 101888 File Visible: - Signed: -Status: -Name: Beep.SYSImage Path: C:\WINDOWS\System32\Drivers\Beep.SYSAddress: 0xF8... Read more

A:Infected with Active Rootkit- Win32k.sys 1 and 2 No Signed

Hello Ninjuhboyblu,Sorry for the delay. We have many logs backed up. We will need to take this cleanup in phases. You are not clean until I tell you so - even if it appears that everything is running fine!Let's begin....==========Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r==========Step 2Please do this: Click on the Start button, then click on Run... In the empty "Open:" box provided, type cmd and press EnterThis will launch a Command Prompt window (looks like DOS). Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y
In the Command Prompt window, paste the copied text by right-clicking and selecting Paste. Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE[: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful. Exit the Command Prompt window.==========Step 3 Warning to others reading this thread!... Read more

Read other 67 answers
RELEVANCY SCORE 54.4

Using a Windows 7 computer.
 
About two weeks ago, sometimes I would not be able to access certain websites in my web browser, google chrome, and it says "This webpage is not available." I ran a diagnostic with windows which said that my DNS server is not responding so I tried some things to make sure that it would work. After that didn't work, I ran a virus scan with AVG and Avast. Avast found nothing while AVG found two things. They were:
"";"Inline hook win32k.sys EngSetPointerTag+0x190 -> 0xFFFFF95F8023D132, <unknown>";"Infected"
"";"Inline hook win32k.sys EngFntCacheLookUp+0xFFFFF95F8012A981, <unknown>";"Infected"
So then I downloaded malwarebytes and mbar, started my computer in safe mode while disconnected from the internet, scanned with both of those, avast, and AVG, and deleted everything that they found. I started my computer again and it still had the problem. I then started to search for this problem on the internet and apparently no one can really fix this. Someone even used nuke.bat in the Avenger, and it didn't get rid of it. I am at a complete loss at what to do. Please help.

A:Inline hook win32k.sys (rootkit maybe?), Impossible to Remove?

I ran a virus scan with AVG and Avast
 

 
 
I believe your problem is that you have two antivirus applications running at one time.
 
I suggest that you uninstall both of them.
 
Then run the removal tools and reboot after each.
 
http://www.avast.com/en-us/uninstall-utility
http://www.avg.com/us-en/utilities
 
 
After the reboot then Choose only one of them and re-install it.
 
 
 
Then follow the steps below to make sure that there is not something lurking on your machine.

Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result.
 
 

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns... Read more

Read other 5 answers
RELEVANCY SCORE 54.4

Hi, I have been updating my drivers and doing routine virus checks. When I run  msconfig I check for new and unexplaned startup items, Recently I have a startup item with no name or command listed just location           [                        ][                      ]HLK\SOFTWARE\Microsoft\windows\currentVer...
 
When I uncheck the box for it I get
 
An Access Denied error was returned while attempting to change a service . Tou may need to log using an Administrator account to make the specified changes.
 
This is enough to make me suspicious. I ran your Win32kdiag and got
 
Running from: C:\Documents and Settings\jerry\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\jerry\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Cannot access: C:\WINDOWS\Temp\IswTmp\Logs\ISWSHEX.swl
[1] 2013-06-28 15:56:02 284 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl ()
[1] 2013-06-28 16:27:46 92 C:\WINDOWS\Temp\IswTmp\Logs\ISWSHEX.swl ()
 
Which is not nearly as bad as some scans I read elsewhere, but this item does appear to be " hiding " from scans.
 
I have run my zone alarm virus scan, malwareb... Read more

A:suspected win32k , zeroaccess type of rootkit infection

Hello can you submit that file for a second look??
Please visit the online Jotti Virus Scanner <--link
Browse to the following filepath:
---------put the filepath here -------
Click on the button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.
 
 
You can also use VirusTotal

Read other 14 answers
RELEVANCY SCORE 54.4

 It started with a zip file that has since been deleted. But it sat in a folder(downloads) on my win7 hp laptop for almost two before i opened it and started going through it to make web pages out of it. I had free avg with malwarebytes at the time. I wanted to move away from avg because i wanted to try a free trial of trend micro, did that and TM picked up an exploit and a backdoor. Rebooted, all was well. Didnt realize where they came from so I started working with the same zipfile. After the laptop started getting to slow to allow for regular usage I started delving around and realized the really high latency was from ADS. So after going through  about 5-6 (??lost count) antimalware/spyare prog's trying to unsuccesfully find a rootkit i used sysinternal, gmer and a few others and they all crashed, in safe mode crashes occured also. I used defogger to disable emulation, disabled several services that were persistantly being started from manual/ disable mode (remote reg is always disabled as is a few others like that.) There was also the problem of active UnP activity whereas i always disabled  that. The print spooler, waking up from disable. A few other serious things like that letting me know i had an active infection. So i decided that i wanted an interactive firewall to try and find the culprit. Man a MISTAKE  i uninstalled MSE and disabled windows firewall and installed COMODO and knew immediately i messed up even before it was finished installing. A... Read more

A:backdoor/exploit/win32k/rootkit/bootkit I'm all messed up, please help!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===You are presently running the Farbar Recovery Scan Tool from the folder in bold.C:\Users\owner\DownloadsPlace this fixlist.txt that you will create in the same folder.I feel confident that if you are able to run the fix from your Download folder you will be able to restart the computer in normal mode.Run the fix as suggested below.====Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. start

HKLM\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-25] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL... Read more

Read other 32 answers
RELEVANCY SCORE 53.6

Hello, I believe I'm infected with the subject rootkit/virus/etc and possibly others. I have received blue memory dump screens several times after first trying to run gmer until I changed the name. I've been receiving pop-ups that I never used to get, and when I checked my event viewer, under windows security it's showing a lot of system integrity and other audit failures, suspicious logon events with processes by Advapi to services.exe, and security state changes. I have already reviewed and done some of the stuff in this thread: http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/ because at first it was running noticeably slow.Please see examples:- Anonymous logons to the account domain NT Authority through NtLmSsp- Audit policy changes to many of my c:/windows/system32 files (.dll's, .exe's, and others) and registry through a process named C:\Windows\servicing\TrustedInstaller.exe with a New Security Descriptor listed as: S:ARAI(AU;FA;KA;;;WD) OR S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD). I searched this security descriptor on the internet and it seems foreign it nature.- Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume2\Users\Konita\AppData\Local\Temp\fwryqkoc.sys- Code integrity determined that the image hash of a file is not valid. ... Read more

A:Infected With win32k.sys Rootkit & Possibly Other Leftover Infection Traces

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 34 answers
RELEVANCY SCORE 53.6

Hello there!
 
I am posting this from an infected machine as I have no more 100% un-compromised ones.
 
I had Windows 7 x64 (not up to date with patches) and AVG Free, Windows Firewall on but not really configured with care - henceforth referred to as Desktop. I ran some shady software and although in it's packed form it was detected as virus-free, when I fired it up AVG detected an executable "sniffer_gpu.exe" as infected. It didn't know with what, and it prompted me to restart. Since that restart, it's been infected and it has infected all other computers in the house. Even those that only connected to the net without any previously infected machines running at the same time! So from the outside somehow?!
 
My Internet goes like this: The ISP assigns Dynamic IP, you connect through PPPOE. It goes into an old wired router that's always on and then by cables to all the PCs in the house: The Desktop, 2 laptops + 1 netbook occasionally.
 
Initial symptoms on Desktop: 
Antivirus log of the infection event gone. No scans ever revealed anything
Wireshark revealed suspicious traffic. Initially the capture lit up like a Christmas tree, then it mellowed. The IPs turn out to be mostly home users, from around the globe: Russia (I know, stereotype), Ecuador, Italy, some proxies.

93-39-6-42.ip73.fastwebnet.it, 40.48.11.37.dynamic.jazztel.es, host-2-60-220-94.pppoe.omsknet.ru, 37-146-226-142.broadband.corbina.ru, 163.242.205.77.rev.sfr.net,... Read more

A:Seriously sneaky rootkit infection. Hooks in win32k.sys, ntdll.dll, wow64cpu.dll

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save to your d... Read more

Read other 6 answers
RELEVANCY SCORE 48.4

Hello. Good Day to all. Permission to post. I just search for my problem and i didn't find any answers yet.

I'm receiving a BSOD several times i keep getting BSOD mostly when browsing with google chrome.

What i did so far :

-I just installed whocrashed and found an error (you can see it in the bottom).

-Reformat my PC (still no luck)

-Run memtest in 12 hrs and didn't find any error

-Update my video driver and fix 1 BSOD problem while playing games!

UPDATE: I just attached the sf diagnostic result.

My PC Specs :

-AMD FX-8320
-GIGABYTE 990 FXA-UD3
-8 GB 2x4 GSKILLS RIP JAW RAM
-ASUS DIRECT CU HD 7850 1GB 256BIT
-1 TB HDD WESTERN DIGITAL
-SEASONIC PSU 520W
-AEROCOOL STRIKE X ADVANCE WITH 3 FANS

*Please help me fix the BSOD it's really annoying my PC is one month old and i'm keep getting this

Thanks in advance!
Here's some result of Whocrashed :
[ALREADY FIX]

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Sat 1/18/2014 6:29:05 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\011714-17971-01.dmp
This was probably caused by the following module: cdd.dll (cdd+0x6CF9)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF96000676CF9, 0xFFFFF88008AA0110, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\cdd.dll
product: Microsoft? Windows? Operating System
company: Microsoft Corporation
description: Canonical Display Driver
Bug check description: This indicates that an exception happened while executing ... Read more

A:Randomly BSOD on my new PC - win32k.sys (win32k+0xC4283)

Bump. I just attach the sf diagnostic result thanks.

Read other 3 answers
RELEVANCY SCORE 46.8

Application Wow.exe locked the primary surface 2 time(s).


Quote:




- System

- Provider

[ Name] Win32k

- EventID 245

[ Qualifiers] 16384

Level 4

Task 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2010-07-14T18:25:08.281125200Z

EventRecordID 41040

Channel System

Computer Owner-PC

Security


- EventData


Wow.exe
2
000000000300280000000000F5000040000000000000000000000000000000000000000000000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 00000000 00280003 00000000 400000F5
0008: 00000000 00000000 00000000 00000000
0010: 00000000 00000000


In Bytes

0000: 00 00 00 00 03 00 28 00 ......(.
0008: 00 00 00 00 F5 00 00 40 [email protected]
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........







What exactly is this error an indicator of? I've been getting this, and when it happens, the screen freezes for about 1-2 seconds. It is completely irregular, and sometimes I can go 30-40 mins without it happening, just to have it happen twice in 5 mins.

A:Event ID 245, Source: Win32k (Win32k)

Have you tried uninstalling WoW and then installing a fresh copy?

Read other 10 answers
RELEVANCY SCORE 45.6

I'm having a lot of BSOD's recently. I ran the blue screen view app & here is the screenshot of it. 

 
What is the problem? 

A:Win32k.sys BSOD Problem. Please help.

Anyone? 

Read other 3 answers
RELEVANCY SCORE 45.6

heres the file from TSF_XP_Support http://www.mediafire.com/download/xdn0b05sgsbbaao/Sys_XP_Support.zip
 
and installed programs using minitools
=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.159 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4... Read more

A:Problem with BSOD win32k

Good morning .
 
Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis

Read other 10 answers
RELEVANCY SCORE 45.6

I just received a BSOD with error code 0x0000007A for the file win32k.sys. I was just surfing thenet when this happened. I have attached the minidump file.

Any help is appreciated
 

A:win32k.sys BSOD Problem.

Read other 6 answers
RELEVANCY SCORE 44.8

I got BSOD when I install windows, , thinking it might be a ram problem I ran memtest for 5 hours and it doesn't shows any sign of error. Made a hdd utility chk no problem found as well.

So i kept on reinstalling all the drivers I got, the computer shows BSOD when it is in very heavy usage. Recently I ran 3Dmark05 on my computer it shows BSOD as well but without any minidump.

Also I am using a logitech MX 500 mouse with the latest driver installed when I turn the wheel it crashes also, this makes me wondering is there problem with my USB port.

this is my computer configuration
I'm dual booting linux and windows as welll
athlon xp 2600+
motherboard: a7v266-e (FSB 266)
ram:2x samsung ddr333 512MB
graphics card: x800gto agp
hdd: hitachi 7k250 120G (installed windows)
IBM deskstar (installed linux)
SPI 350W

below is my minidump, 1st is the latest
 

A:BSOD by win32k.sys & ati2cqag.dll ram problem ?

Hi,

Your windows is crashed with various bugcheck code. I believe that it is hardware error. Probably it is faulty memory such as memory modules, Level 2 (L2) SRAM cache, or video adapter RAM.

Suggestion
1. Some faulty can pass memtest. Try reseat the ram. Downclock the ram
2. Downclock the CPU
3. Faulty m/b or video card
4. Make sure your PSU has adequate power to support all the peripheral including USB device.
5. Upgrade BIOS

Your debug report
Mini011806-07.dmp BugCheck 1000007F, {8, 80042000, 0, 0}

Mini011906-01.dmp BugCheck D1, {a41ffcc, 2, 0, f732cd5b}
Probably caused by : USBPORT.SYS ( USBPORT!USBPORT_DmaEndpointActive+f9 )

Mini011906-02.dmp BugCheck 10000050, {e3870490, 0, bf8076b5, 0}
Probably caused by : kmixer.sys ( kmixer+29d98 )

Mini011906-03.dmp BugCheck 100000D1, {8726ecb0, 2, 1, f712507c}
Probably caused by : wg311nd5.sys ( wg311nd5+2907c )

Mini011906-04.dmp BugCheck 1000008E, {c0000005, bfa3c737, ebe9b8c8, 0}
Probably caused by : ati2cqag.dll ( ati2cqag+26737 )

Mini012006-01.dmp BugCheck 1000000A, {0, 2, 0, 804dc25d}
Probably caused by : win32k.sys ( win32k!xxxStarterQueueTerminateProcessAndWait+45 )

Mini012106-01.dmp BugCheck 1000008E, {c0000005, bf814c00, eb9ca520, 0}
Probably caused by : win32k.sys ( win32k!pCreateXlate+b )

Mini012106-02.dmp BugCheck 1000008E, {c000001d, bf813bef, ebc7b608, 0}
Probably caused by : hardware ( win32k!GreBatchTextOut+26a )

Mini012106-03.dmp BugCheck 1000008E, {c0000005, bf801a0b, ... Read more

Read other 4 answers
RELEVANCY SCORE 44.8

I am having an issue with my home desktop. It has Windows XP Professional sp2 or sp3 loaded (I can't remember exactly). The computer will not load properly. When it boots up, it automatically goes to the Windows Advanced Startup mode screen and displays the following message:

"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this.

If your computer stopped responding, restarted unexpectedly, or was automatically shut down to protect your files and folders, choose Last Known Good Configuration to revert to the most recent settings that worked.

If a previous startup attempt was interrupted due to a power failure or because the Power or Reset button was pressed, or if you aren't sure what caused the problem, choose Start Windows Normally"

I tried to load Windows in each of the options but when I do so, the Windows load screen will come up followed by a blue error screen and then the PC will reboot. The blue error screen says the following:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: win32k.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this stop error screen, restart you computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask you... Read more

A:Windows XP Pro will not boot - win32k.sys problem

http://technet.microsoft.com/en-us/library/cc939017.aspx

As you can see, STOP 50 errors are difficult to troubleshoot.

I tend to associate this type of error message with malware, but that's just my personal quirk...it's not documentad by anything .

System manufacturer and model?

Louis

Read other 36 answers
RELEVANCY SCORE 44

Have Windows 10 AU UPDATE. When i am clicking close system ( turn off pc ) , system closing fine, pc closing fine. But after that when i boot to Windows 10 it boots fine but event log register livekernelevent: win32k.sys.There was not bluescreen i dont saw a bluescreen. So question. It is related to my hardware or system?

LivekernelEvent - win32k.sys - it is related to hardware issue?

But why i dont saw a bluescreen and windows only report this.

Memtest86 no errors. Games are not crashing.No Bsods,no freezing etc.

Windows 10 ,newest Anniversary update.

PC:6700k stock

Asus Z170-P

Corsair 750

16GB DDR4 Kingston

Gtx 1080 Ti Fe

Maybe a BUG? because it does not display any BSODs or works strange.

A:I have hardware problem? LivekernelEvent - win32k.sys log,when closing system.

win32k.sys = graphics subsystem.

Where are the links for the other topics about this?

Read other 2 answers
RELEVANCY SCORE 44

Have Windows 10 AU UPDATE. When i am clicking close system ( turn off pc ) , system closing fine, pc closing fine. But after that when i boot to Windows 10 it boots fine but event log register livekernelevent: win32k.sys.There was not bluescreen i dont saw a bluescreen. So question. It is related to my hardware or system?

LivekernelEvent - win32k.sys - it is related to hardware issue?

But why i dont saw a bluescreen and windows only report this.

Memtest86 no errors. Games are not crashing.No Bsods,no freezing etc.

Windows 10 ,newest Anniversary update.

PC:6700k stock

Asus Z170-P

Corsair 750

16GB DDR4 Kingston

Gtx 1080 Ti Fe

Maybe a BUG? because it does not display any BSODs or works strange.

A:I have hardware problem? LivekernelEvent - win32k.sys log,when closing system.

win32k.sys = graphics subsystem.

Where are the links for the other topics about this?

Read other 5 answers
RELEVANCY SCORE 44

Hello everyone, if you do not mind, i go straight to the point

As the title says i have a serious issue with BSoDs and freezing. First i'll go into detail about bluescreens

These ones happen whenever i play any games with my computer. They're mostly random, and i have not seen any kind of pattern or spesific times when they happen. Computer doesn't overheat (i've checked the temperatures when in game using RealTemp) and any kind of lag is not present. I got completely new GPU from warranty yet these problems still exist.

Now about freezing problem. This issue is new and came along with the new graphics card. Like the BSoDs, these also happen completely random times. Sometimes whole computer simply freezes, sometimes i am able to move mouse around after few seconds. Other things include sudden screen shut down and recovery, along with a notice "Windows Kernel driver 320.somehing has stopped working and recovered". I don't remember correctly. There is an occasion when my computer freezes for few seconds and then works almost properly. The cursor, you see, is all screwed up. I've added photos of the cursor (although they are pretty bad)

Strange thing is that BSoDs only happens in games, and freezing only happens in normal use

Any suggestions and help is welcome

A:dxgmms1.sys, ntoskrnl.exe and win32k.sys BSOD and freezing problem

eliminaattori welcome to SevenForums

Have you tried to upgrade the Graphics Driver ?

Read other 9 answers
RELEVANCY SCORE 42.4

I've already run malwarebytes, combofix, Spybot.

The winfiles and Pe-files attachments are from rootkitty running on ubcd4win, although they could possibly have been modified by the rootkit before uploading, as I uploaded them from the infected machine.

Here's dds.txt,
DDS (Ver_09-07-30.01) - NTFSx86
Run by Winxp at 9:13:45.14 on Sun 08/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.182 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\avgas\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C... Read more

A:Rootkit, Vundo.h, Rootkit.agent, Rootkit.Rustock, Rootkit.Dropper, Slenugga, FakeAlert, WinWebSec, etc....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 39.6

AVG had been detecting several threats and there were numerous browser redirects in Firefox for a while (not sure about IE, because I don't like using it). Afterwards, AVG had been disabled for a few days and there were still numerous browser redirects in Firefox, which lead me to download Avira, and a complete system scan from it in Safe Mode resulted in detections of the Zero Access Rootkit (tdx.sys). After removing everything that Avira detected (a couple of the other files detected were Seaport.exe, Avira's own scheduler file, SupServ.exe, and other files detected as FakeRean. I cannot really remember everything else.) I found that I could no longer connect to the internet because of tdx.sys having been removed. I shut the laptop down and hit the F8 key and used System Restore to restore to an earlier point. AVG was still disabled although I remember AVG being functional at that point, but I could connect to the internet now. I have not seen any more browser redirects. I have logs for DDS and GMER below.


.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Brian at 12:33:15 on 2011-09-04
Microsoft Windows 7 Professional 6.1.7601.1.950.852.1033.18.2039.932 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1AC... Read more

A:TDSS Rootkit or some other rootkit problem

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. P2P - I see you have P2P software (Vuze) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_lo... Read more

Read other 30 answers
RELEVANCY SCORE 34.8

hi to all

im using vista home basic, i got BSOD at booting, please can anyone help me what is causing this. minidump is attached.

please help me
 

A:Win32k.sys

Your error is 0x8E and these are almost always caused by hardware issues. Because it cited win32k.sys which is a core Windows driver that is even further indication of a hardware problem.

So...

1. Run MemTest on your RAM www.memtest.org for a minimum of 7 passes. Any errors and you have corrupted memory that must be replaced.

2. Run a full harddrive diagnostics on your harddrive. Your harddrive manufacturer will have a free utility that you can download and run.

* Your crash may be due to other issues but with only one minidump we don't have much else to go on.
 

Read other 3 answers
RELEVANCY SCORE 34.8

Been having this problem for some time now. Thought I would come on here and see if anyone can help me with this older desktop computer.

Dell Dimension 4600
Windows XP Home
Pentium 4 CPU 2.40 Ghz
Memory 2.00 GB
HDD 80GB

BSOD comes up every day :
Problem has been detected and Windows has been shut down to prevent damage to your computer.
Page_Fault_In_Nonpaged_Area
Stop 0x00000050, (0XE38C901C, 0X00000000, 0XBF84CA7C, 0X00000001,
Win 32K.sys - Address BF84CA7C base at
BF800000, Date Stamp 52F43E77
Beginning dump of physical memory to disk
I have to shut the computer down and restart and after awhile I get the BSOD again. Any help would be greatly appreciated.
 

A:win32k.sys

Read other 6 answers
RELEVANCY SCORE 34.8

Hi,
I bought a new system
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2012 Mb
Graphics Card: Intel(R) G41 Express Chipset, 1024 Mb
Hard Drives: C: Total - 39997 MB, Free - 32645 MB; D: Total - 436931 MB, Free - 408527 MB;
Motherboard: Gigabyte Technology Co., Ltd., G41MT-ES2L, x.x,
Antivirus: Norton Internet Security, Updated: Yes, On-Demand Scanner: Enabled
and I have a problem i.e it shows a error report win32k.sys when i open a game......apart from this it works fine............any game like FIFA08,GTA san andreasetc........(a blue screen with stop bla bla bla appears wat to do)plz plz help me .........................

THANKS,
 

A:Win32k.sys

Please do not start more than one thread for the same issue.

Closing duplicate.
 

Read other 1 answers
RELEVANCY SCORE 34.8

hi,

For apparently no reason a blue screen appeared saying that there is a problem with the computer related to win32k.sys, and that it might be due to hardware problems or to new software installation. If it was the first time (as it was) just try to restart the computer.

Since it was I just restarted it and apparently it is working well. I haven't installed anything lately so how could I see what is the problem with the computer?

thanks in advance
 

A:win32k.sys

I was going to tell you that you are out of luck as microsoft had a support article that recognzied the problem but had no solution. Now, apparently they have a hotfix

http://support.microsoft.com/kb/816047
 

Read other 2 answers
RELEVANCY SCORE 34.8

hi to all

im using vista home basic, i got BSOD during boot. minidump is attached. please can any one tell me what could be the problem.

regards,

A:win32k.sys

no one there to help out..

Read other 1 answers
RELEVANCY SCORE 34.8

Hi,
I recently built a PC for my friend, but he kept getting crashes on windows vista, so upgraded to windows 7.

I installed the latest gfx card drivers, but none for the mobo (win7 doesnt need them?)


Anyway, so far he has had to bluescreens, which both point at win32k.sys, but other than knowing that, I dont know what to do.


Could anyone extract more info from the dumps that may help?


Thanks in advance
 

A:Win32k.sys

Also, his monitor is blurry on any resoloutions.
He's using a sharp aquos (tv and monitor), but the only 2 resoloutions it seems to support is 800x600 and 1024x768. Both of these are blurry, and text is really hard to read. The thing is, the res SHOULD be right, and the refresh rate is also set right...

We tried it with my 22" monitor, and it ran flawlessly, which makes us think its the actual monitor. Could this be contributing to the bluescreens?
 

Read other 8 answers
RELEVANCY SCORE 34.8

Following this advice I'm now posting here. I can't run the DDS program. It opens, sits there for a split second, then closes. Or it sits there for a few seconds, then closes. So all I have is the rootrepeal log and the win32kdiag log. I will attach them in the interest of space. I can paste it here if you want though... is there a "cut" type deal here? Where I can paste it expandable style? Anyway the two logs are attached. I had the windows antivirus pro thing that seemed to be brand new (ad-aware even asked me to send them one of the files that was "suspicious") I fought off a lot of it but it is still stealing my Google searches. What am I supposed to do, use Bing? I don't think so.See attachments.

A:win32k.sys:1 and win32k.sys:2

Hello and welcome to the BleepingComputer.com! I will be helping you today. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please give me some time to analyse your logs, I will be back shortly.

Read other 14 answers
RELEVANCY SCORE 34.8

I got 2 BSOD errors 0x0000000a (0x00000020, 0x00000002, 0x00000001, 0x804ea07b) and 0x10000050 (0xffffff88, 0x00000000, 0xbf8229c9, 0x00000000. One of them said the faulty driver was win32k.sys. Does anyone know how to fix it?

A:win32k.sys

what did you previously install? driver, database, any language options etc...? will it boot to safe mode? have you tried a system restore from a known good point if the options available?

Read other 7 answers
RELEVANCY SCORE 34.8

Dear Security Team

When I run a scan with Adaware Total Security it finds this virus:

Object: win32k.sys
Path: C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_bb06957bf8c00536
Status: File deleted. Restart required.
Virus: Win32.Trojan.Agent

I have not been able to quarantine or delete the object. Is it serious? and how do I remove it? thank you very much for your help. I should have the windows 7 installation dvd

Please find dds to follow:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.17267 BrowserJavaVersion: 10.25.2
Run by Jake at 17:02:24 on 2013-08-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3071.1718 [GMT 10:00]
.
AV: Ad-Aware Total Security *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Total Security *Enabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
FW: Ad-Aware Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0... Read more

A:win32k.sys

Hello, j.spite

This seems like it could be a false positive.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code:

:filefind
win32k.sys

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Next...
Please go to: VirusTotalOn the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_bb06957bf8c00536\win32k.sys

Next, click the Open button.
Then click the "Scan It! " button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Read other 5 answers
RELEVANCY SCORE 34.8

I accidentally (on purpose ) renamed my win32k.sys file and now....my computer won't start

I don't have my original xp installation discs so I can't reinstall it so....is there any other way to get this file back? I did go to the microsoft site and I did buy this file (a zip download) but I haven't got it yet. Will it be easy to reinstall? Probably not, knowing my luck..... but, is there hope??

I'm slowly losing the will to live so, some positive feedback would be appreciated! Thank you.

Read other answers
RELEVANCY SCORE 34.8

Hello all. One of my co-workers tried to boot up their comp. yesterday morning and got a blue screen with an error message. It read:

stop: 0X0000008E (0XC0000005, 0XBF803EC6, 0XF86E6C94, 0X00000000)

WIN32K.sys Address BF803EC6 base at BF800000, Datestamp 45F013F6

WTH does this mean? From some other threads I've read on this site, it seems like I have a hardware prob., but I'm not able to get passed this screen. I've gone into the settings to check the drives, but I dont see and error message on any of them.
She has a DIM5100 P4 CPU 2.80GHz 2.79GHz, 512MB and is running MS XP Pro 2002 SP2.

Like I said, i cant get passed the blue screen, so I'm not sure if i need a technician to come in or what other options i may have. TIA for any help whatsoever!
 

A:Win32k.sys

Hi!

I've been getting a blue screen of death as well...

I just installed a Pentium D 915 on my board as well as a second G of RAM...

Then the problems began...

I first flashed my BIOS to make sure it was compatible with my new PROC.Then, during the windows xp installation, I was getting an SXS.dll error and setup would not complete... after stripping my Rig down... it only worked when I left My kingston ram in as long as my generic 1G stick wasn't installed...

So the rig was working fine at that point... XP installed, I got all my software and hardware drivers to intall and I was in LALA land...

Until...

All of a sudden I keep getting a Blue Screen of Death giving me either or message...
I got this one before I uninstalled my video drivers...

"PAGE_FAULT_IN_NON_PAGED_AREA" win32k.sys

When I uninstalled my video drivers I started getting this one...

"IRQL_NOT_LESS_OR_EQUAL"

Another weird thing is that everytime I download x1600 drivers and install them... my card then becomes an x1650...

Could this have anything to do with my problems?

Cheers and thanks in advance...

Mehdi
 

Read other 1 answers
RELEVANCY SCORE 34.4

OK- I am not extremely computer savvy... I may have destroyed the computer beyond repair, but my files are not backed up and all of the videos of my son when he was a baby are on there and only there. So, HELP!!!! I had a bad virus that started as pop ups for fake virus protection- I can't even remember what it said. I gave it to my brother in law to fix and it took him a month to tell me I needed to backup my files cause he was going to dump the whole thing. Last night after plugging in the USB and having it fill up without even getting through a 1/4 of our pictures, I decided to try to get rid of the virus myself. I ran malwarebytes which found some items and told me to shut down to complete. I did, got the blue screen- started in safe mode w/ networking (got a pop up that said malwarebytes could not be located). After some more searching, I downloaded Hitman that was made for the DNS virus- I know whatever it is on my computer is really bad. The local connection icon was completely removed. Ethernet driver gone and microsoft system tools like firewall and security all gone. Here is a what hitman said before it told me to reboot to complete the deletion of the virus (s). Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.graftor.13001 (engine A), backdoor.maxplus, trojan-dropper.win32.sirefeflIK... and 57 items in tempfiles..... HELP PLEASE!

A:. Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.g...

Copy this tool to the infected PC FSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

Read other 1 answers
RELEVANCY SCORE 34.4

Hi all,I'm here for the first time. Just a bit about me: I'm a geneticist by training and teach students and teachers molecular biology. I have been a Windows XP user for a long time, but am not a computer type.I am experiencing multiple crashes and recoveries from serious errors randomly on a:Powerspec B700 Intel Core 2 Quad Q6600 @2.40 GHz running Windows XP Pro SP3 (fully updated).This system is 3 months old. The vendor has terrible support and I would like to know the source of my crashes, as this may help me support the support (or assure me that the problem is not to do with them), or simply fix it! Any help is greatly appreciated.I have done this as suggested by Majorgeeks:Suspicious of Malware, I checked Add/Remove Programs and found nothing that I did not recognize.I updated Java in case it was messed up.I set the system to normal startup through MSconfigI ran CCleaner (default options) on the different user accountsI ran SuperAntiSpywarethenSpybot Search and DestroyandMalwarebytes Anti-Malwarefollowed by MGtools.exeResult: none detected.So, I'm guessing the problem lies in Windows, or is due to my hardware or the bad electrical system in an old building in New York (brownout) City.In any case, I have downloaded the Windows debugger and used it to analyze the minidump from my last happy crash...I hope this is the sort of information that you would need to help me.Thanks to anyone able to help or give advice...The debugger data:Microsoft ® Windows ... Read more

A:XP crash win32k.sys

Unfortunately, this is a very common error message - and the dump file doesn't give much in the way of concrete information.

So, my first question would be to ask what's been done to the computer since you got it? Any new hardware or software installed recently? Any updates or tweaking done to the system recently? Anything else that may have happened that caught your attention?

Have you checked your Event Viewer for error messages around the time (or just before) of the crash? To do this, go to Start...Run...and type in "eventvwr.msc" (without the quotes) and press Enter.

Click on the Application log file and check there, then on the System log file and check there. Double click on any errors that you may find and let us know the text of the error message(s) in your next post.

Read other 9 answers
RELEVANCY SCORE 34.4

I have just reinstalled XP 3 times now to rectify BSODs which display either:

IRQL_EQUAL_OR_NOT_EQUAL (well something like that)
PAGE_FAULT_IN_NON_PAGED_AREA
and blank ones

the first two sometimes display win32k.sys

then after rebooting and sending the report to M$, firefox opens and says it's something to do with a driver.

These BSODs happened after I bought a Sidewinder X3 mouse if that helps

Thanks

~Mart_UK
 

A:BSOD win32k.sys

Read other 11 answers
RELEVANCY SCORE 34.4

OS : WIN 8.1

Problem : my windows 8.1 last 2 days show up with the blue screen
KERNEL_DATA_INPAGE_ERROR Win32k.SYS

Test done :
Memory check : passed
SMART check : passed
Long DST : failed
Failure id : qLHU83 - 6J9788 - MFPXOK - 61CU03

Product id : C6K69EA #ABV

my PC specifications :
http://speccy.piriform.com/results/y...4fH3AyThrGH7je

Any help?

A:KERNEL_DATA_INPAGE_ERROR Win32k.SYS

Failure of the Long DST suggests to me that the hard drive is dying.
What test did you use? If it failed the HP test and it's still under warranty, have HP fix it for you.

First, backup your data! If the hard drive is dying you only have a limited amount of time to save your stuff - so the sooner that you do it, the better it is for you.
Second is to make sure that you have the recovery disks/drive for your system. Even though the hard drive is dying, you still may be able to make them on your system.

If it's not under warranty, then you can:
Then, depending on how technically able you are, you can replace the HDD yourself, or you can have a shop do it for you.
Then you can reinstall Windows (or have the shop do it)
Then you can import the data that you saved in the beginning and you'll be up and running again!

Read other 7 answers
RELEVANCY SCORE 34.4

I am helping a friend who has this infection and am at a loss as to how to proceed...Steps taken so far:1) I pulled the hard drive and did an offline virus scan to remove all known viruses2) While offline I corrected registry errors including: many restrictive policies had been added to lock out REGEDIT, file displays, etc... ALL FIXEDOnly thing left to do is to find the darn rootkit & remove!When the machine is booted (even in safe mode) the virus comes in early and does the following:1) adds a registry entry to HKCU/SW/MS/Windows/Run/ LOYUVEJO.DLL (since I already deleted it offline, it fails to load, but it inserts the key for next time, nonetheless!)2) If ANY program is run that does a scan of any type (ex: Windows Defender, AntiMalware, AntiVirus, RootRepeal, Spybot, etc.) the virus KILLS the process, and removes ALL security access from that program preventing it from being run again! It replaces the security with "everyone" but access is still denied!System is running XP HOME (SP3), so I can reset security if booted into safe mode, but it effectively locks out all attempts to cure and remove quite nicely!Since I can pull the drive and view it offline on another system, does anyone have a clue as to where the virus is hiding so I can kill it before it comes in???I am attaching the few logs that I can get from the machine, but it is difficult to run most tools on that box after is booted, since the virus is quite adept at killing any potential threats to itself!The ... Read more

A:win32k.sys:1+2 infection

Well, I did some more reading and found a recent post by Grinler describing how the rootkit loads... http://www.bleepingcomputer.com/forums/t/249117/antispy-protector-2009-rootkit-big-trouble/THANKS!I took the drive offline and replaced the infected file (in this case eventlog.dll) and no more rootkit...Then I was able to run the normal tools to clean up the rest!Been reading at this site for over 5 years now... This was my first post...Just wanted to thank the posters here for the invaluable info provided and to close out the issue...

Read other 2 answers
RELEVANCY SCORE 34.4

Hello Sir,

I have done fresh Install of Windows XP 3-4 months ago on my system and randomly getting Page_Fault_In_Nonpaged_Area Win32K.Sys errors since then. I have read the BSOD posting Instructions given in forum and attached the zip file for review.

Thanks a lot for your help in advance.

Regards
Gagan

A:Page_Fault_In_Nonpaged_Area Win32K.Sys

Hi gagandeep4687,

I am sorry to say this, but the Windows 8 Help Forums is only for those who are using Windows 8 and you are using Windows XP.

Read other 3 answers
RELEVANCY SCORE 34.4

My Dad's desktop has been giving him the blue screen of death recently, last week or so to be specific. No changes have been made to the computer to cause this. I took a screenshot of the most recent bsod and I also have the log from bluescreenview. I would appreciate some help in figuring out the problem. Thanks in advance.[quote]==================================================
Dump File : Mini112312-01.dmp
Crash Time : 11/23/2012 12:17:40 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf8488a2
Parameter 3 : 0xb7b05ae4
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+488a2
File Description : Multi-User Win32 Driver
Product Name : Microsoft? Windows? Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6307 (xpsp_sp3_gdr.121022-1132)
Processor : 32-bit
Crash Address : win32k.sys+488a2
Stack Address 1 : win32k.sys+48976
Stack Address 2 : win32k.sys+e82a2
Stack Address 3 : win32k.sys+e879a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini112312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================[/quote]

A:BSOD Win32k

Hello again, esmn.Let's collect some more information: I'll have a look at it and help you try to resolve the problem. Download the following 2 files and save both to the My Documents folder:BSOD_XP_v1.3_jcgriff2_PROD_.exe - a system file collection application provided by jcgriff2 autoruns.exe - an application provided by Microsoft SysInternals. Go to the My Documents folder and run #1 (BSOD_XP_v1.3_jcgriff2_PROD_.exe). (That will also run #2.)It will take a little time to complete: Please be patient and wait for it to finish.A new folder named TSF_XP_Support will be created in My Documents. Zip up the newly created TSF_XP_Support folder.Right-click on the TSF_XP_Support folder > Send to ... > Compressed (zipped) Folder.
The newly created zip file will be located in the My Documents folder. Please upload the zip file to a file sharing website of your choice and and post a link to it in this thread so that we can access your uploaded zip file.Note: The BC forums will allow a total attachment size of only 512 kb (and what you need to attach will exceed this limit).See the suggestions in the following links for recommendations on file sharing websites:http://lifehacker.com/388284/best-online-file-sharing-serviceshttp://www.hongkiat.com/blog/15-great-free-online-file-sharing-alternatives/http://www.smashingapps.com/2008/08/28/5-best-free-file-hosting-services-to-store-your-files.html

I can recommend : Also suitable is Please Publish a Snapshot using Specc... Read more

Read other 5 answers
RELEVANCY SCORE 34.4

Well, I keep getting this bsod.. I have no idea how to read into these minidump files but I know its win32k.sys that is causing the crash.

Could someone please give me some insight as to what is causing these BSOD's
Frequency is every 2-4 days. I tried to upload the actual .dmp file but it's not letting me.

XP 64 pro
Microsoft ® Windows Debugger Version 6.7.0005.1
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini120907-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140
Debug session time: Sun Dec 9 22:36:44.640 2007 (GMT-5)
System Uptime: 1 days 9:26:46.553
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
......................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
********************... Read more

A:Win32k.sys Bsod Help

Does this ring any bells? PROCESS_NAME: ???????AAlso, the stack text appears a bit messed up (too many of the same addresses). Did you use the 64 bit version of the debugger to analyze the dump file? Or it could just be my lack of experience with 64 bit dump files Since it refers to win32k.sys - does this belong to a process on the system that's emulating a 32 bit OS? Although I don't know, I wonder if the 64 bit versions use win32k.sys - shouldn't it be win64k.sys? (just guessing on my part - don't have a 64 bit OS to look at)FWIW - this link http://aumha.org/a/stop.php#0x50 states that it's usually a memory problem, although other things (such as drivers) can cause it. I'd try running Memtest86 - http://www.memtest86.com/

Read other 7 answers
RELEVANCY SCORE 34.4

I have been getting a blue screen on a regular basis recently.

I included a screen shot as an attachment.

I have recently juggled between AMD Catalyst drivers. I have used the latest and beta and they are all causing issues.

Is there anything I can do to fix this?

Thanks!

A:System_service_exception (win32k.sys)

Please follow these directions in your post: Blue Screen of Death (BSOD) Posting Instructions

Read other 3 answers
RELEVANCY SCORE 34.4

Hello,

I have quite suddenly been getting frequent BSOD's. It only flashes for a moment but one of the more recent times I did catch the win32k.sys referenced in it. The only thing out of the normal that has started in concurrence with this is Mozilla Firefox is crashing all the time now. Any help would be appreciated. I have attached the requested TSF_Vista_Support Folder but the Performance Monitor would not generate a report for me. After running the tests, it stated Error: An error occured while attempting to generate the report. The wait for the report generation tool to finish has timed out.


Louie

Windows 7 Ultimate x64
System is about 2 years old
OS installed 10/2009
Intel E8400 3.0 ghz (3.6 ghz)
2x nvidia 8800gts 512
1x nvidia gt220
Asus Striker II Formula
Corsair 750 Watt

A:BSOD win32k.sys

Hi -

There were no dump files in the attached zip. Please check \windows\minidump - copy all out to TSF_Vista, zip & attach to next post.

I did look through the other files and see many "Live Kernel Events", which are just 1 step below an actual BSOD. Live Kernel Events + win32k.sys usually are indicative of an issue with video transitioning from user mode (win32k) into kernel code territory.

I also noticed in WERCON the repeated crashing of this app since November 2009 -

Code:
11/1/2009 5:02 PM Application Error Faulting application name: unace32.exe, version: 2.0.1.0,
time stamp: 0x3a76026a&#x000d;&#x000a;Faulting module name: unace32.exe, version: 2.0.1.0,
time stamp: 0x3a76026a&#x000d;&#x000a;Exception code: 0xc0000005&#x000d;&#x000a;Fault offset: 0x00006658&#x000d;&#x000a;Faulting process id: 0xd70&#x000d;&#x000a;Faulting application start time: 0x01ca5b150da4b7a0&#x000d;&#x000a;Faulting application path: C:\Users\David T Lewis\Downloads\!RnE - 2009.11.01 11.56.31 - blhtlg01\blhtlg01\unace32.exe&#x000d;&#x000a;Faulting module path: C:\Users\David T Lewis\Downloads\!RnE - 2009.11.01 11.56.31 - blhtlg01\blhtlg01\unace32.exe&#x000d;&#x000a;Report Id: 4b55e600-c708-11de-88ed-001fc63e3180
The timestamp 0x3a76026a translates to Mon Jan 29 18:53:14 2001

Too old for a 2010 upated Windows 7 x64 system.

Regards. . .

jcgriff2

.

Read other 3 answers
RELEVANCY SCORE 34.4

hey guys so i've been having some issues lately with bsod's, however it seemed with some of the guys help on here we managed to solve it, but alas a new one today, first time seeing this one too win32k.sys? ill upload the dump if anyone could help it would be very much appreciated

A:win32k.sys bsod

Hello and Welcome to SF, let me take a look, will be right back ...
edit:

Update:

Lycosa.sys Fri Jan 18 03:51:42 2008
Razer Tarantula Keyboard
Run Memtest obernight:
RAM - Test with Memtest86+
Attach your latest crash dumps if bsod's happen again.

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\a\Minidump\D M P\110910-26566-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c55000 PsLoadedModuleList = 0xfffff800`02e92e50
Debug session time: Tue Nov 9 09:00:11.936 2010 (UTC - 5:00)
System Uptime: 0 days 6:56:35.279
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* ... Read more

Read other 4 answers
RELEVANCY SCORE 34.4

Hi All,

Just had a BSOD while defragging my windows drive using Defraggler. Possible contributory factor CCleaner used to clean out various temporary files (not registry).

Files are attached.

Subsequent chkdsk and sfc /scannow ran clean.

A:BSOD Win32k.sys

Hello,

This is not the customary BSOD-analyst thing to say, but I suggest you forget about this one. I have seen BSODs occur during Defraggler and other defragmentation programs before, I haven't learned why yet.

The dump doesn't mention anything of significance, other than Defraggler was "on top" at the time of the crash; we knew that already though.

I see some drivers that could use an update, but I'd be surprised if they were the cause of this.

My advice: stick with the Windows defragment tool, and if you get more BSODs, we'll go from there. Trying to troubleshoot this one is more work than I'm sure is worth to you.

...Summary of the dumps:

Code:

Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Debug session time: Sat Mar 26 08:55:00.648 2011 (UTC - 4:00)
System Uptime: 0 days 3:26:50.146
Probably caused by : win32k.sys ( win32k!GreBatchTextOut+35 )
BUGCHECK_STR: 0x1E_80000003
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: Defraggler64.e
FAILURE_BUCKET_ID: X64_0x1E_80000003_win32k!GreBatchTextOut+35
??????????????????????????????????????????????????????????????????????????????????????``

Read other 8 answers
RELEVANCY SCORE 34.4

Hi everybody
I have bought new computer and I have some Blue screens
I want to know if this error is not from the hardware.

OS: Windows XP SP2
CPU: Core2duo 2.33 GHz
Graphic Card: Geforece 8600 GTS (256MB)
Ram: 4GB
Motherboard: Gigabyte GA-P35-DS3L

here is the dump:




Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini112507-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *... Read more

A:BSOD (win32k.sys)

Your debugger dump info is invalid... You have not set the proper symbol path in the debugger
 

Read other 11 answers