Over 1 million tech questions and answers.

Problem with rootkit win32k.sys

Q: Problem with rootkit win32k.sys

I seem to be having this problem with a rootkit. The rootkit in question is actually a file that AVG claims is "hidden". avast!, SUPERAntispyware and malwarebytes do not seem to detect it. I have tried formatting the disc using the TOSHIBA recovery disc I created. the rootkit is still there.

Attatched is the AVG scan log.

However I don't understand how I got it. I have COMODO Free Firewall, AVG Free, avast! Free, SUPERAntispyware Free, Malwarebytes Anti Malware and IObit Malware Fighter Free.

Thanks in advance


Preferred Solution: Problem with rootkit win32k.sys

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Problem with rootkit win32k.sys

Quote: Originally Posted by stupot65

I seem to be having this problem with a rootkit. The rootkit in question is actually a file that AVG claims is "hidden". avast!, SUPERAntispyware and malwarebytes do not seem to detect it. I have tried formatting the disc using the TOSHIBA recovery disc I created. the rootkit is still there.

Attatched is the AVG scan log.

However I don't understand how I got it. I have COMODO Free Firewall, AVG Free, avast! Free, SUPERAntispyware Free, Malwarebytes Anti Malware and IObit Malware Fighter Free.

Thanks in advance


Keep and run 1 A/V only ( even A/Vs which are not running real time can cause conflicts)
Run either a HIPPS or a BB, but not both for the same reason.
You can have a few on demand only malware scanners, but not active.
Surf from a SUA account only.
Sandboxie is your friend.
I think that file is a part of windows ( not bad )

Read other 7 answers

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========Lets confirm the diagnosis.Please do this...Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to you... Read more

A:win32k.sys Rootkit

Thank you T for taking time out of your weekend to help me! It's ok if it takes a while to get a response as I am just grateful my computer works enough to be here in the first place. Other than following the advice here, this computer is officially quarantined from being used at my house!!!

Here is the log from Win32 as requested.

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...

Found mount point : C:\windows\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found moun... Read more

Read other 68 answers

Alright i was told to post a srenglog after here from this post http://www.bleepingcomputer.com/forums/t/255814/help/its like a win32k rootkit my log is in the attachements. Thanks for helpingEDIT: I think this is the rootkit I have

A:Nasty rootkit need help win32k

Please save this file to your Desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Read other 23 answers

To whomever answers this distress call,I believe I have the rootkit described in topic 253639 entry 1405644 Click me! or else one very similar to it. I don't have any doubt about being infected, so I skipped the AII part of the procedure. Of course I will be glad to go back to it if you require, but I am pretty confident you will waive it for me.Win XP HE SP3 Pentium 4 @ 3GHz with 512MB RAM. I don't know what kind of RAM it is, though. The machine is an eMachines T5010 bought about 3 years ago. It came with the OS preinstalled with a restore "disk" ( D: ) residing in an NTFS partition on the same hard drive as C:. Did not get any actual CD's, floppies, or anything else to restore from that is external.////////////////Just to give you a general idea of the state of my system here are some things that DON'T work or that I can't get to, or that I no longer have permission for:explorer - unavailable start-up taskbar - unavailable start-up taskbar - unavailable systray (therefore) - unavailable drag/drop - unavailable Write to CD - unavailable cmd - unavailable search - unavailable run - unavailable control panel - unavailableNow for the good news...Administrator tools are OK command.com works System configuration utility works Many exe's in \sys32\ and \WINDOWS\ worka, b, c, and d.exe are at least part of the rootkitI can use sysconfig to access windows firewall and stuff like SYSTEM.INI, WIN.INI, BOOT.INI, and a few of the control panel aps. I... Read more

A:Probable Win32k.sys Rootkit

Sorry for the delay. Do you still desire help?
Kind regards,

Read other 62 answers

Anyother Info I'm missing can be found HereDDS and other scanning are disabled but here is the root kit repeal log and a log generated by Win32kdiag.exeI'll paste the following and send as attachment just in case. (To avoid confusion) ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/09/01 08:11Program Version: Version Version: Windows XP SP3==================================================Drivers-------------------Name: 1394BUS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYSAddress: 0xF84D5000 Size: 57344 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xF8466000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2260992 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xF7EC3000 Size: 138496 File Visible: - Signed: -Status: -Name: atapi.sysImage Path: atapi.sysAddress: 0xF83F8000 Size: 96512 File Visible: - Signed: -Status: -Name: ATMFD.DLLImage Path: C:\WINDOWS\System32\ATMFD.DLLAddress: 0xBFFA0000 Size: 286720 File Visible: - Signed: -Status: -Name: avgrkx86.sysImage Path: avgrkx86.sysAddress: 0xF89BD000 Size: 5888 File Visible: - Signed: -Status: -Name: avgtdix.sysImage Path: C:\WINDOWS\System32\Drivers\avgtdix.sysAddress: 0xF7F0D000 Size: 101888 File Visible: - Signed: -Status: -Name: Beep.SYSImage Path: C:\WINDOWS\System32\Drivers\Beep.SYSAddress: 0xF8... Read more

A:Infected with Active Rootkit- Win32k.sys 1 and 2 No Signed

Hello Ninjuhboyblu,Sorry for the delay. We have many logs backed up. We will need to take this cleanup in phases. You are not clean until I tell you so - even if it appears that everything is running fine!Let's begin....==========Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r==========Step 2Please do this: Click on the Start button, then click on Run... In the empty "Open:" box provided, type cmd and press EnterThis will launch a Command Prompt window (looks like DOS). Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y
In the Command Prompt window, paste the copied text by right-clicking and selecting Paste. Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE[: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful. Exit the Command Prompt window.==========Step 3 Warning to others reading this thread!... Read more

Read other 67 answers

Using a Windows 7 computer.
About two weeks ago, sometimes I would not be able to access certain websites in my web browser, google chrome, and it says "This webpage is not available." I ran a diagnostic with windows which said that my DNS server is not responding so I tried some things to make sure that it would work. After that didn't work, I ran a virus scan with AVG and Avast. Avast found nothing while AVG found two things. They were:
"";"Inline hook win32k.sys EngSetPointerTag+0x190 -> 0xFFFFF95F8023D132, <unknown>";"Infected"
"";"Inline hook win32k.sys EngFntCacheLookUp+0xFFFFF95F8012A981, <unknown>";"Infected"
So then I downloaded malwarebytes and mbar, started my computer in safe mode while disconnected from the internet, scanned with both of those, avast, and AVG, and deleted everything that they found. I started my computer again and it still had the problem. I then started to search for this problem on the internet and apparently no one can really fix this. Someone even used nuke.bat in the Avenger, and it didn't get rid of it. I am at a complete loss at what to do. Please help.

A:Inline hook win32k.sys (rootkit maybe?), Impossible to Remove?

I ran a virus scan with AVG and Avast

I believe your problem is that you have two antivirus applications running at one time.
I suggest that you uninstall both of them.
Then run the removal tools and reboot after each.
After the reboot then Choose only one of them and re-install it.
Then follow the steps below to make sure that there is not something lurking on your machine.

Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result.

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns... Read more

Read other 5 answers

Hi, I have been updating my drivers and doing routine virus checks. When I run  msconfig I check for new and unexplaned startup items, Recently I have a startup item with no name or command listed just location           [                        ][                      ]HLK\SOFTWARE\Microsoft\windows\currentVer...
When I uncheck the box for it I get
An Access Denied error was returned while attempting to change a service . Tou may need to log using an Administrator account to make the specified changes.
This is enough to make me suspicious. I ran your Win32kdiag and got
Running from: C:\Documents and Settings\jerry\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\jerry\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Cannot access: C:\WINDOWS\Temp\IswTmp\Logs\ISWSHEX.swl
[1] 2013-06-28 15:56:02 284 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl ()
[1] 2013-06-28 16:27:46 92 C:\WINDOWS\Temp\IswTmp\Logs\ISWSHEX.swl ()
Which is not nearly as bad as some scans I read elsewhere, but this item does appear to be " hiding " from scans.
I have run my zone alarm virus scan, malwareb... Read more

A:suspected win32k , zeroaccess type of rootkit infection

Hello can you submit that file for a second look??
Please visit the online Jotti Virus Scanner <--link
Browse to the following filepath:
---------put the filepath here -------
Click on the button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.
You can also use VirusTotal

Read other 14 answers

 It started with a zip file that has since been deleted. But it sat in a folder(downloads) on my win7 hp laptop for almost two before i opened it and started going through it to make web pages out of it. I had free avg with malwarebytes at the time. I wanted to move away from avg because i wanted to try a free trial of trend micro, did that and TM picked up an exploit and a backdoor. Rebooted, all was well. Didnt realize where they came from so I started working with the same zipfile. After the laptop started getting to slow to allow for regular usage I started delving around and realized the really high latency was from ADS. So after going through  about 5-6 (??lost count) antimalware/spyare prog's trying to unsuccesfully find a rootkit i used sysinternal, gmer and a few others and they all crashed, in safe mode crashes occured also. I used defogger to disable emulation, disabled several services that were persistantly being started from manual/ disable mode (remote reg is always disabled as is a few others like that.) There was also the problem of active UnP activity whereas i always disabled  that. The print spooler, waking up from disable. A few other serious things like that letting me know i had an active infection. So i decided that i wanted an interactive firewall to try and find the culprit. Man a MISTAKE  i uninstalled MSE and disabled windows firewall and installed COMODO and knew immediately i messed up even before it was finished installing. A... Read more

A:backdoor/exploit/win32k/rootkit/bootkit I'm all messed up, please help!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===You are presently running the Farbar Recovery Scan Tool from the folder in bold.C:\Users\owner\DownloadsPlace this fixlist.txt that you will create in the same folder.I feel confident that if you are able to run the fix from your Download folder you will be able to restart the computer in normal mode.Run the fix as suggested below.====Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. start

HKLM\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-25] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL... Read more

Read other 32 answers

Hello, I believe I'm infected with the subject rootkit/virus/etc and possibly others. I have received blue memory dump screens several times after first trying to run gmer until I changed the name. I've been receiving pop-ups that I never used to get, and when I checked my event viewer, under windows security it's showing a lot of system integrity and other audit failures, suspicious logon events with processes by Advapi to services.exe, and security state changes. I have already reviewed and done some of the stuff in this thread: http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/ because at first it was running noticeably slow.Please see examples:- Anonymous logons to the account domain NT Authority through NtLmSsp- Audit policy changes to many of my c:/windows/system32 files (.dll's, .exe's, and others) and registry through a process named C:\Windows\servicing\TrustedInstaller.exe with a New Security Descriptor listed as: S:ARAI(AU;FA;KA;;;WD) OR S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD). I searched this security descriptor on the internet and it seems foreign it nature.- Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume2\Users\Konita\AppData\Local\Temp\fwryqkoc.sys- Code integrity determined that the image hash of a file is not valid. ... Read more

A:Infected With win32k.sys Rootkit & Possibly Other Leftover Infection Traces

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 34 answers

Hello there!
I am posting this from an infected machine as I have no more 100% un-compromised ones.
I had Windows 7 x64 (not up to date with patches) and AVG Free, Windows Firewall on but not really configured with care - henceforth referred to as Desktop. I ran some shady software and although in it's packed form it was detected as virus-free, when I fired it up AVG detected an executable "sniffer_gpu.exe" as infected. It didn't know with what, and it prompted me to restart. Since that restart, it's been infected and it has infected all other computers in the house. Even those that only connected to the net without any previously infected machines running at the same time! So from the outside somehow?!
My Internet goes like this: The ISP assigns Dynamic IP, you connect through PPPOE. It goes into an old wired router that's always on and then by cables to all the PCs in the house: The Desktop, 2 laptops + 1 netbook occasionally.
Initial symptoms on Desktop: 
Antivirus log of the infection event gone. No scans ever revealed anything
Wireshark revealed suspicious traffic. Initially the capture lit up like a Christmas tree, then it mellowed. The IPs turn out to be mostly home users, from around the globe: Russia (I know, stereotype), Ecuador, Italy, some proxies.

93-39-6-42.ip73.fastwebnet.it,, host-2-60-220-94.pppoe.omsknet.ru, 37-146-226-142.broadband.corbina.ru,,... Read more

A:Seriously sneaky rootkit infection. Hooks in win32k.sys, ntdll.dll, wow64cpu.dll

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save to your d... Read more

Read other 6 answers

Hello. Good Day to all. Permission to post. I just search for my problem and i didn't find any answers yet.

I'm receiving a BSOD several times i keep getting BSOD mostly when browsing with google chrome.

What i did so far :

-I just installed whocrashed and found an error (you can see it in the bottom).

-Reformat my PC (still no luck)

-Run memtest in 12 hrs and didn't find any error

-Update my video driver and fix 1 BSOD problem while playing games!

UPDATE: I just attached the sf diagnostic result.

My PC Specs :

-AMD FX-8320

*Please help me fix the BSOD it's really annoying my PC is one month old and i'm keep getting this

Thanks in advance!
Here's some result of Whocrashed :

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Sat 1/18/2014 6:29:05 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\011714-17971-01.dmp
This was probably caused by the following module: cdd.dll (cdd+0x6CF9)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF96000676CF9, 0xFFFFF88008AA0110, 0x0)
file path: C:\Windows\system32\cdd.dll
product: Microsoft? Windows? Operating System
company: Microsoft Corporation
description: Canonical Display Driver
Bug check description: This indicates that an exception happened while executing ... Read more

A:Randomly BSOD on my new PC - win32k.sys (win32k+0xC4283)

Bump. I just attach the sf diagnostic result thanks.

Read other 3 answers

Application Wow.exe locked the primary surface 2 time(s).


- System

- Provider

[ Name] Win32k

- EventID 245

[ Qualifiers] 16384

Level 4

Task 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2010-07-14T18:25:08.281125200Z

EventRecordID 41040

Channel System

Computer Owner-PC


- EventData



Binary data:

In Words

0000: 00000000 00280003 00000000 400000F5
0008: 00000000 00000000 00000000 00000000
0010: 00000000 00000000

In Bytes

0000: 00 00 00 00 03 00 28 00 ......(.
0008: 00 00 00 00 F5 00 00 40 [email protected]
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

What exactly is this error an indicator of? I've been getting this, and when it happens, the screen freezes for about 1-2 seconds. It is completely irregular, and sometimes I can go 30-40 mins without it happening, just to have it happen twice in 5 mins.

A:Event ID 245, Source: Win32k (Win32k)

Have you tried uninstalling WoW and then installing a fresh copy?

Read other 10 answers

heres the file from TSF_XP_Support http://www.mediafire.com/download/xdn0b05sgsbbaao/Sys_XP_Support.zip
and installed programs using minitools
=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: - Adobe Systems, Inc.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4... Read more

A:Problem with BSOD win32k

Good morning .
Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.

Read other 10 answers

I just received a BSOD with error code 0x0000007A for the file win32k.sys. I was just surfing thenet when this happened. I have attached the minidump file.

Any help is appreciated

A:win32k.sys BSOD Problem.

Read other 6 answers

I'm having a lot of BSOD's recently. I ran the blue screen view app & here is the screenshot of it. 

What is the problem? 

A:Win32k.sys BSOD Problem. Please help.


Read other 3 answers

I am having an issue with my home desktop. It has Windows XP Professional sp2 or sp3 loaded (I can't remember exactly). The computer will not load properly. When it boots up, it automatically goes to the Windows Advanced Startup mode screen and displays the following message:

"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this.

If your computer stopped responding, restarted unexpectedly, or was automatically shut down to protect your files and folders, choose Last Known Good Configuration to revert to the most recent settings that worked.

If a previous startup attempt was interrupted due to a power failure or because the Power or Reset button was pressed, or if you aren't sure what caused the problem, choose Start Windows Normally"

I tried to load Windows in each of the options but when I do so, the Windows load screen will come up followed by a blue error screen and then the PC will reboot. The blue error screen says the following:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: win32k.sys


If this is the first time you've seen this stop error screen, restart you computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask you... Read more

A:Windows XP Pro will not boot - win32k.sys problem


As you can see, STOP 50 errors are difficult to troubleshoot.

I tend to associate this type of error message with malware, but that's just my personal quirk...it's not documentad by anything .

System manufacturer and model?


Read other 36 answers

I got BSOD when I install windows, , thinking it might be a ram problem I ran memtest for 5 hours and it doesn't shows any sign of error. Made a hdd utility chk no problem found as well.

So i kept on reinstalling all the drivers I got, the computer shows BSOD when it is in very heavy usage. Recently I ran 3Dmark05 on my computer it shows BSOD as well but without any minidump.

Also I am using a logitech MX 500 mouse with the latest driver installed when I turn the wheel it crashes also, this makes me wondering is there problem with my USB port.

this is my computer configuration
I'm dual booting linux and windows as welll
athlon xp 2600+
motherboard: a7v266-e (FSB 266)
ram:2x samsung ddr333 512MB
graphics card: x800gto agp
hdd: hitachi 7k250 120G (installed windows)
IBM deskstar (installed linux)
SPI 350W

below is my minidump, 1st is the latest

A:BSOD by win32k.sys & ati2cqag.dll ram problem ?


Your windows is crashed with various bugcheck code. I believe that it is hardware error. Probably it is faulty memory such as memory modules, Level 2 (L2) SRAM cache, or video adapter RAM.

1. Some faulty can pass memtest. Try reseat the ram. Downclock the ram
2. Downclock the CPU
3. Faulty m/b or video card
4. Make sure your PSU has adequate power to support all the peripheral including USB device.
5. Upgrade BIOS

Your debug report
Mini011806-07.dmp BugCheck 1000007F, {8, 80042000, 0, 0}

Mini011906-01.dmp BugCheck D1, {a41ffcc, 2, 0, f732cd5b}
Probably caused by : USBPORT.SYS ( USBPORT!USBPORT_DmaEndpointActive+f9 )

Mini011906-02.dmp BugCheck 10000050, {e3870490, 0, bf8076b5, 0}
Probably caused by : kmixer.sys ( kmixer+29d98 )

Mini011906-03.dmp BugCheck 100000D1, {8726ecb0, 2, 1, f712507c}
Probably caused by : wg311nd5.sys ( wg311nd5+2907c )

Mini011906-04.dmp BugCheck 1000008E, {c0000005, bfa3c737, ebe9b8c8, 0}
Probably caused by : ati2cqag.dll ( ati2cqag+26737 )

Mini012006-01.dmp BugCheck 1000000A, {0, 2, 0, 804dc25d}
Probably caused by : win32k.sys ( win32k!xxxStarterQueueTerminateProcessAndWait+45 )

Mini012106-01.dmp BugCheck 1000008E, {c0000005, bf814c00, eb9ca520, 0}
Probably caused by : win32k.sys ( win32k!pCreateXlate+b )

Mini012106-02.dmp BugCheck 1000008E, {c000001d, bf813bef, ebc7b608, 0}
Probably caused by : hardware ( win32k!GreBatchTextOut+26a )

Mini012106-03.dmp BugCheck 1000008E, {c0000005, bf801a0b, ... Read more

Read other 4 answers

Have Windows 10 AU UPDATE. When i am clicking close system ( turn off pc ) , system closing fine, pc closing fine. But after that when i boot to Windows 10 it boots fine but event log register livekernelevent: win32k.sys.There was not bluescreen i dont saw a bluescreen. So question. It is related to my hardware or system?

LivekernelEvent - win32k.sys - it is related to hardware issue?

But why i dont saw a bluescreen and windows only report this.

Memtest86 no errors. Games are not crashing.No Bsods,no freezing etc.

Windows 10 ,newest Anniversary update.

PC:6700k stock

Asus Z170-P

Corsair 750

16GB DDR4 Kingston

Gtx 1080 Ti Fe

Maybe a BUG? because it does not display any BSODs or works strange.

A:I have hardware problem? LivekernelEvent - win32k.sys log,when closing system.

win32k.sys = graphics subsystem.

Where are the links for the other topics about this?

Read other 2 answers

Hello everyone, if you do not mind, i go straight to the point

As the title says i have a serious issue with BSoDs and freezing. First i'll go into detail about bluescreens

These ones happen whenever i play any games with my computer. They're mostly random, and i have not seen any kind of pattern or spesific times when they happen. Computer doesn't overheat (i've checked the temperatures when in game using RealTemp) and any kind of lag is not present. I got completely new GPU from warranty yet these problems still exist.

Now about freezing problem. This issue is new and came along with the new graphics card. Like the BSoDs, these also happen completely random times. Sometimes whole computer simply freezes, sometimes i am able to move mouse around after few seconds. Other things include sudden screen shut down and recovery, along with a notice "Windows Kernel driver 320.somehing has stopped working and recovered". I don't remember correctly. There is an occasion when my computer freezes for few seconds and then works almost properly. The cursor, you see, is all screwed up. I've added photos of the cursor (although they are pretty bad)

Strange thing is that BSoDs only happens in games, and freezing only happens in normal use

Any suggestions and help is welcome

A:dxgmms1.sys, ntoskrnl.exe and win32k.sys BSOD and freezing problem

eliminaattori welcome to SevenForums

Have you tried to upgrade the Graphics Driver ?

Read other 9 answers

Have Windows 10 AU UPDATE. When i am clicking close system ( turn off pc ) , system closing fine, pc closing fine. But after that when i boot to Windows 10 it boots fine but event log register livekernelevent: win32k.sys.There was not bluescreen i dont saw a bluescreen. So question. It is related to my hardware or system?

LivekernelEvent - win32k.sys - it is related to hardware issue?

But why i dont saw a bluescreen and windows only report this.

Memtest86 no errors. Games are not crashing.No Bsods,no freezing etc.

Windows 10 ,newest Anniversary update.

PC:6700k stock

Asus Z170-P

Corsair 750

16GB DDR4 Kingston

Gtx 1080 Ti Fe

Maybe a BUG? because it does not display any BSODs or works strange.

A:I have hardware problem? LivekernelEvent - win32k.sys log,when closing system.

win32k.sys = graphics subsystem.

Where are the links for the other topics about this?

Read other 5 answers

I've already run malwarebytes, combofix, Spybot.

The winfiles and Pe-files attachments are from rootkitty running on ubcd4win, although they could possibly have been modified by the rootkit before uploading, as I uploaded them from the infected machine.

Here's dds.txt,
DDS (Ver_09-07-30.01) - NTFSx86
Run by Winxp at 9:13:45.14 on Sun 08/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.182 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\avgas\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C... Read more

A:Rootkit, Vundo.h, Rootkit.agent, Rootkit.Rustock, Rootkit.Dropper, Slenugga, FakeAlert, WinWebSec, etc....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers

AVG had been detecting several threats and there were numerous browser redirects in Firefox for a while (not sure about IE, because I don't like using it). Afterwards, AVG had been disabled for a few days and there were still numerous browser redirects in Firefox, which lead me to download Avira, and a complete system scan from it in Safe Mode resulted in detections of the Zero Access Rootkit (tdx.sys). After removing everything that Avira detected (a couple of the other files detected were Seaport.exe, Avira's own scheduler file, SupServ.exe, and other files detected as FakeRean. I cannot really remember everything else.) I found that I could no longer connect to the internet because of tdx.sys having been removed. I shut the laptop down and hit the F8 key and used System Restore to restore to an earlier point. AVG was still disabled although I remember AVG being functional at that point, but I could connect to the internet now. I have not seen any more browser redirects. I have logs for DDS and GMER below.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Brian at 12:33:15 on 2011-09-04
Microsoft Windows 7 Professional 6.1.7601.1.950.852.1033.18.2039.932 [GMT -6:00]
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1AC... Read more

A:TDSS Rootkit or some other rootkit problem

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. P2P - I see you have P2P software (Vuze) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller. Read more

Read other 30 answers

Dear Security Team

When I run a scan with Adaware Total Security it finds this virus:

Object: win32k.sys
Path: C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_bb06957bf8c00536
Status: File deleted. Restart required.
Virus: Win32.Trojan.Agent

I have not been able to quarantine or delete the object. Is it serious? and how do I remove it? thank you very much for your help. I should have the windows 7 installation dvd

Please find dds to follow:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.17267 BrowserJavaVersion: 10.25.2
Run by Jake at 17:02:24 on 2013-08-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3071.1718 [GMT 10:00]
AV: Ad-Aware Total Security *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Total Security *Enabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
FW: Ad-Aware Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
============== Running Processes ================
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0... Read more


Hello, j.spite

This seems like it could be a false positive.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:



Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Please go to: VirusTotalOn the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.


Next, click the Open button.
Then click the "Scan It! " button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Read other 5 answers

Been having this problem for some time now. Thought I would come on here and see if anyone can help me with this older desktop computer.

Dell Dimension 4600
Windows XP Home
Pentium 4 CPU 2.40 Ghz
Memory 2.00 GB

BSOD comes up every day :
Problem has been detected and Windows has been shut down to prevent damage to your computer.
Stop 0x00000050, (0XE38C901C, 0X00000000, 0XBF84CA7C, 0X00000001,
Win 32K.sys - Address BF84CA7C base at
BF800000, Date Stamp 52F43E77
Beginning dump of physical memory to disk
I have to shut the computer down and restart and after awhile I get the BSOD again. Any help would be greatly appreciated.


Read other 6 answers

hi to all

im using vista home basic, i got BSOD during boot. minidump is attached. please can any one tell me what could be the problem.



no one there to help out..

Read other 1 answers

Following this advice I'm now posting here. I can't run the DDS program. It opens, sits there for a split second, then closes. Or it sits there for a few seconds, then closes. So all I have is the rootrepeal log and the win32kdiag log. I will attach them in the interest of space. I can paste it here if you want though... is there a "cut" type deal here? Where I can paste it expandable style? Anyway the two logs are attached. I had the windows antivirus pro thing that seemed to be brand new (ad-aware even asked me to send them one of the files that was "suspicious") I fought off a lot of it but it is still stealing my Google searches. What am I supposed to do, use Bing? I don't think so.See attachments.

A:win32k.sys:1 and win32k.sys:2

Hello and welcome to the BleepingComputer.com! I will be helping you today. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please give me some time to analyse your logs, I will be back shortly.

Read other 14 answers

I bought a new system
Tech Support Guy System Info Utility version
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2012 Mb
Graphics Card: Intel(R) G41 Express Chipset, 1024 Mb
Hard Drives: C: Total - 39997 MB, Free - 32645 MB; D: Total - 436931 MB, Free - 408527 MB;
Motherboard: Gigabyte Technology Co., Ltd., G41MT-ES2L, x.x,
Antivirus: Norton Internet Security, Updated: Yes, On-Demand Scanner: Enabled
and I have a problem i.e it shows a error report win32k.sys when i open a game......apart from this it works fine............any game like FIFA08,GTA san andreasetc........(a blue screen with stop bla bla bla appears wat to do)plz plz help me .........................



Please do not start more than one thread for the same issue.

Closing duplicate.

Read other 1 answers

I recently built a PC for my friend, but he kept getting crashes on windows vista, so upgraded to windows 7.

I installed the latest gfx card drivers, but none for the mobo (win7 doesnt need them?)

Anyway, so far he has had to bluescreens, which both point at win32k.sys, but other than knowing that, I dont know what to do.

Could anyone extract more info from the dumps that may help?

Thanks in advance


Also, his monitor is blurry on any resoloutions.
He's using a sharp aquos (tv and monitor), but the only 2 resoloutions it seems to support is 800x600 and 1024x768. Both of these are blurry, and text is really hard to read. The thing is, the res SHOULD be right, and the refresh rate is also set right...

We tried it with my 22" monitor, and it ran flawlessly, which makes us think its the actual monitor. Could this be contributing to the bluescreens?

Read other 8 answers

I got 2 BSOD errors 0x0000000a (0x00000020, 0x00000002, 0x00000001, 0x804ea07b) and 0x10000050 (0xffffff88, 0x00000000, 0xbf8229c9, 0x00000000. One of them said the faulty driver was win32k.sys. Does anyone know how to fix it?


what did you previously install? driver, database, any language options etc...? will it boot to safe mode? have you tried a system restore from a known good point if the options available?

Read other 7 answers

I accidentally (on purpose ) renamed my win32k.sys file and now....my computer won't start

I don't have my original xp installation discs so I can't reinstall it so....is there any other way to get this file back? I did go to the microsoft site and I did buy this file (a zip download) but I haven't got it yet. Will it be easy to reinstall? Probably not, knowing my luck..... but, is there hope??

I'm slowly losing the will to live so, some positive feedback would be appreciated! Thank you.

Read other answers

hi to all

im using vista home basic, i got BSOD at booting, please can anyone help me what is causing this. minidump is attached.

please help me


Your error is 0x8E and these are almost always caused by hardware issues. Because it cited win32k.sys which is a core Windows driver that is even further indication of a hardware problem.


1. Run MemTest on your RAM www.memtest.org for a minimum of 7 passes. Any errors and you have corrupted memory that must be replaced.

2. Run a full harddrive diagnostics on your harddrive. Your harddrive manufacturer will have a free utility that you can download and run.

* Your crash may be due to other issues but with only one minidump we don't have much else to go on.

Read other 3 answers


For apparently no reason a blue screen appeared saying that there is a problem with the computer related to win32k.sys, and that it might be due to hardware problems or to new software installation. If it was the first time (as it was) just try to restart the computer.

Since it was I just restarted it and apparently it is working well. I haven't installed anything lately so how could I see what is the problem with the computer?

thanks in advance


I was going to tell you that you are out of luck as microsoft had a support article that recognzied the problem but had no solution. Now, apparently they have a hotfix


Read other 2 answers

Hello all. One of my co-workers tried to boot up their comp. yesterday morning and got a blue screen with an error message. It read:

stop: 0X0000008E (0XC0000005, 0XBF803EC6, 0XF86E6C94, 0X00000000)

WIN32K.sys Address BF803EC6 base at BF800000, Datestamp 45F013F6

WTH does this mean? From some other threads I've read on this site, it seems like I have a hardware prob., but I'm not able to get passed this screen. I've gone into the settings to check the drives, but I dont see and error message on any of them.
She has a DIM5100 P4 CPU 2.80GHz 2.79GHz, 512MB and is running MS XP Pro 2002 SP2.

Like I said, i cant get passed the blue screen, so I'm not sure if i need a technician to come in or what other options i may have. TIA for any help whatsoever!



I've been getting a blue screen of death as well...

I just installed a Pentium D 915 on my board as well as a second G of RAM...

Then the problems began...

I first flashed my BIOS to make sure it was compatible with my new PROC.Then, during the windows xp installation, I was getting an SXS.dll error and setup would not complete... after stripping my Rig down... it only worked when I left My kingston ram in as long as my generic 1G stick wasn't installed...

So the rig was working fine at that point... XP installed, I got all my software and hardware drivers to intall and I was in LALA land...


All of a sudden I keep getting a Blue Screen of Death giving me either or message...
I got this one before I uninstalled my video drivers...


When I uninstalled my video drivers I started getting this one...


Another weird thing is that everytime I download x1600 drivers and install them... my card then becomes an x1650...

Could this have anything to do with my problems?

Cheers and thanks in advance...


Read other 1 answers

OK- I am not extremely computer savvy... I may have destroyed the computer beyond repair, but my files are not backed up and all of the videos of my son when he was a baby are on there and only there. So, HELP!!!! I had a bad virus that started as pop ups for fake virus protection- I can't even remember what it said. I gave it to my brother in law to fix and it took him a month to tell me I needed to backup my files cause he was going to dump the whole thing. Last night after plugging in the USB and having it fill up without even getting through a 1/4 of our pictures, I decided to try to get rid of the virus myself. I ran malwarebytes which found some items and told me to shut down to complete. I did, got the blue screen- started in safe mode w/ networking (got a pop up that said malwarebytes could not be located). After some more searching, I downloaded Hitman that was made for the DNS virus- I know whatever it is on my computer is really bad. The local connection icon was completely removed. Ethernet driver gone and microsoft system tools like firewall and security all gone. Here is a what hitman said before it told me to reboot to complete the deletion of the virus (s). Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.graftor.13001 (engine A), backdoor.maxplus, trojan-dropper.win32.sirefeflIK... and 57 items in tempfiles..... HELP PLEASE!

A:. Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.g...

Copy this tool to the infected PC FSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

Read other 1 answers

Hi there,

I'm a Video editor who is now constantly being interrupted by BSOD's with the following codes:
0x0000008E (0xC0000005, 0xBF8E5F91, 0xB580D868, 0x00000000)

I've run the latest memtest for about 14 hours (didn't realise it kept going until you stop it) and it didn't find any faults.

Another point is that it always happens whilst I'm editing, I use the computer for a lot of other demanding tasks, effects creation etc and sometimes games and it never happens during those.
There seem to be a lot of 08E errors around and I don't know if theyre all the same or what so I thought I'd better get some direct advice.

Any help would be greatly appreciated


Paul Hawkridge

Mesh Elite, XP MCE
Asus P5N-E SLI Motherboard
Core2Duo E6700 @ 2.66GHZ
Nvidia Geforce 7950GT 512mb
4x1GB Ram @ 533mhz
Creative X-Fi

A:BSOD - Win32k.sys

Read other 7 answers

I just had a very random BSOD while just using the computer for browsing the web. It was related to win32k.sys. I have attached the dump files to this post. Any help would be much appreciated.

EDIT: I'm running Windows 7 Home Premium 64bit with SP1 and have an i5 760 processor and a GT240 graphics card.

A:Win32k.sys BSOD

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Mike\Documents\Kingston\BSODDmpFiles\Bankai\Windows_NT6_BSOD_jcgriff2\021812-14508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03055000 PsLoadedModuleList = 0xfffff800`0329a670
Debug session time: Fri Feb 17 14:41:05.842 2012 (GMT-7)
System Uptime: 0 days 1:36:05.216
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* *
* Bugcheck Analysis *
* *

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fff... Read more

Read other 1 answers

Hey all, been getting at least 2 BSOD's a day, started a few days ago, heres my crash dump.

Loading Dump File [C:\Users\Exceptions\Desktop\020711-17674-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c0d000 PsLoadedModuleList = 0xfffff800`02e4ae50
Debug session time: Mon Feb 7 16:51:43.184 2011 (UTC - 6:00)
System Uptime: 0 days 2:25:39.511
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* *
* Bugcheck Analysis *
* *

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41284, fffff70440015001, 426da, fffff70001080000}

Probably caused by : win32k.sys ( win32k!SURFACE::bDeleteSurface+3a2 )

Followup: MachineOwner

0: kd> !analyze -v
* *
* Bugcheck Analysis *
* *
**********... Read more

A:BSOD from win32k.sys

Heres yesterdays crash:

Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c02000 PsLoadedModuleList = 0xfffff800`02e3fe50
Debug session time: Sun Feb 6 19:11:18.366 2011 (UTC - 6:00)
System Uptime: 0 days 10:19:23.067
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* *
* Bugcheck Analysis *
* *

Use !analyze -v to get detailed debugging information.

BugCheck 4E, {99, 1a9f8e, 2, 1a9e9a}

Probably caused by : memory_corruption ( nt!MiBadShareCount+4c )

Followup: MachineOwner

2: kd> !analyze -v
* *
* Bugcheck Analysis *
* *

Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 00000000001a9f8e, page frame number
Arg3: 0000000000000002, current page state
Arg4: 00000000001a9e9a, 0

Debugging ... Read more

Read other 2 answers

I have just reinstalled XP 3 times now to rectify BSODs which display either:

IRQL_EQUAL_OR_NOT_EQUAL (well something like that)
and blank ones

the first two sometimes display win32k.sys

then after rebooting and sending the report to M$, firefox opens and says it's something to do with a driver.

These BSODs happened after I bought a Sidewinder X3 mouse if that helps



A:BSOD win32k.sys

Read other 11 answers


I am having alots of problem with bsod of this.

This was likely caused by the following module: win32k.sys
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF960000664C9, 0xFFFFF88007B54F60, 0x0)
file path: C:\Windows\system32\win32k.sys
product: Microsoft? Windows? Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
The crash took place in a standard Microsoft module. Likely the culprit is another driver on your system which cannot be identified.

the spec of my pc are.

Intel core2quad qx8200 @ 3.00 ghz
8 gb ram


Read other answers

Had this crash some 10 minutes ago which was tightly followed by another crash minutes later.

Computer specs:
Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.110622-1506) Full Retail
System Manufacturer: Gigabyte Technology Co., Ltd.
System Model: EP43-DS3L
BIOS: Award Modular BIOS v6.00PG
Processor: Intel(R) Core(TM)2 Quad CPU Q9650 @ 3.00GHz (4 CPUs), ~3.0GHz
Memory: 4096MB RAM
Card name: NVIDIA GeForce GTX 560 Ti
Driver Version:

None of my components are overclocked in any way.

First crash is 22370-01. Just before the crash I was watching a movie on my main screen and was opening a new tab in firefox. A while earlier my graphic drivers had crashed and reset. I was running BOINC manager which tends to take up a lot of CPU although I've capped it at 50% and a couple of hours earlier I had updated Itunes which wanted to restart to afterwards.

Second crash, 21028-01 was maybe three to five minutes after I had rebooted from the first crash. I was watching another a different movie whilst browsing the web for information on my BSOD.

I'm using Windows Media Player Classic for my movies with the CCCP codec pack although it would be weird if that started to cause problems now since I've used it for a really long time without any problems.

I might also mention that I've had my graphic drivers crash and reset previously but never before a BSOD.

If there's any other information that is nee... Read more

A:BSOD win32k.sys

We would prefer that you follow the http://www.sevenforums.com/crashes-d...tructions.html so we can have as much information as possible about your system and possible causes of the crashes. I will analyze your .dmp files now, but please try to follow those instructions when you respond.


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\white0devil\012012-22370-01\012012-22370-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03265000 PsLoadedModuleList = 0xfffff800`034aa670
Debug session time: Fri Jan 20 06:26:35.266 2012 (UTC - 7:00)
System Uptime: 0 days 6:00:16.640
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* *
* ... Read more

Read other 1 answers

Hello, I am a novice when it comes to computers, but know enough to be dangerous. With that said, for the past several weeks I have been getting BSOD's when using my laptop and they seem associated with the win32k.sys driver. Attached are the DMP files of the two most recent crashes.

Dump File : 091515-28719-01.dmp
Crash Time : 9/15/2015 1:41:44 PM
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x8e139750
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+d1b5e
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : win32k.sys+d1b5e
Stack Address 1 : win32k.sys+981a9
Stack Address 2 : win32k.sys+9515f
Stack Address 3 : win32k.sys+85e36
Computer Name :
Full Path : C:\windows\Minidump\091515-28719-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 131,072
Dump File Time : 9/15/2015 1:42:57 PM

Dump File : 091615-39187-01.dmp
Crash Time : 9/16/2015 11:53:26 AM
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x807c9750
Parameter 3 : 0x00000000... Read more

A:BSOD - win32k.sys

Someone else can address your blue screen issues and dump files, but I do have a question for you.


Why are you running Windows 7 Professional SP1 32-bit in your computer with 8 GB of RAM?

A 32-bit version of Windows won't make use of more than 3.25 - 3.5 GB, so there's no point in having more than 4 GB in the computer.

In some cases, having more than 4 GB in the computer will cause a 32-bit operating system to make use of less RAM.

That appears to be the case in your computer because your log shows it's making use of only 2.92 GB.


Read other 5 answers

Hello all,

I recently got a call from a user who had a bunch of popups about viruses on her computer. It turned out to be adware that ClamAV identifies as Adware.Fakealert-560, and as Trojan.FakeAV-90. I used ClamAV and AdAware on the machine and that seemed to clean things. I ran HijackThis afterwards and found another suspiscious file still in there, and managed to get rid of that as well. I run MJRegwatcher on the PCs I manage and set it for "Accept all" as I found the users couldn't deal with the false positives it would throw at them when set to Prompt. I wanted to use it for forensic study if needed and after I managed to get rid of everything, there is one entry in the regwatcher log that has me concerned. It is:

** Friday 4/3/2009 4:10:20 PM **
File Details Changed from
c:\winnt\system32\win32k.sys - Size=1,644,432 Date=Sun Sep 14 23:13:42 2008 Attributes=---A-
c:\winnt\system32\win32k.sys - Size=1,644,784 Date=Sun Feb 08 10:16:49 2009 Attributes=---A-

What I can't seem to find on the MS support site is the correct file information for this file. This may have been an automatic update that occurred at this time, I'm not sure. RootkitRevealer does not show any problems regarding this file, just three registry entries that are already discussed in that forum as being false positives.

This entry is immediately followed in the regwatcher log by entries that are obviously related to the fake adware th... Read more

Read other answers

Hi, I've been getting the BSOD very often (I can count on it nearly once or twice a day) and I was wondering what could be causing the problem. The crashes seems to be random; sometimes I'll leave the computer to turn on, and then when I come back there's the BSOD, or sometimes I'll run a game, or open Firefox and the BSOD will pop up.

I haven't added any new hardware for years. The last Software changes that I've had are: Uninstalling Steam and Left4Dead. Uninstalling Mechwarrior 4: Mercenaries. Installing Plants vs Zombies. Installing Doom 3, installing Firefox, installing Trillian. But these BSOD errors have been occuring before any of those changes. I often use Advanced SystemCare's Spyware Removal and Registry Fix. I also use Malwarebytes' Antimalware sometimes. I also use Smart RAM and Smart Defrag. My Firewall/Antivirus is McAfee Security Center. I am currently using DSL (1500 Kbit/s)

I didn't get a picture of the BSOD, but here's some of the message:
0x0000008E (0xC0000005, 0xBF801f36, 0xF771D9B0, 0x00000000)

BF801F36 base at BF800000

These BSOD don't appear in the Event Viewer for some reason, but I do have the minidump (attached).

I'm not entirely sure what specs I need to list, so here's all I could find:

Windows XP Pro SP 3
Intel Pentium 4 2.53GHz

Core Speed: 2532.8 Mhz
Multiplier: x19
Bus Speed: 133.3 Mhz
Rated FSB: 533.2

Motherboard Manufacturer: Micro-Star International Co., LTD
Model: MS-6714
Chipset: Intel i845GE Rev... Read more

A:Several BSODs: Win32k.sys

0x8E sometimes can mean faulty RAM.

Please test your RAM by using memtest86+ (Link available in my signature).

Please only have one stick of RAM in at a time and run at least 5 passes on each stick.

Could you also upload the original .dmp file?



Read other 12 answers

This has happend twice now. when i am converting avi/mpeg to dvd about half way through the conversion i get the BSOD with the message:

"A problem has been detected and windowshas shutdown to prevent damage to your computer"

problem: win32k.sys.

Then it goes on and gives an address string.

I have searched for an answer to this, but the most i can gather is it may be some driver problem for somesort of hardware. does anyone know what this means.

my specs:

P4 celeron D 2.40Ghz (prescott)
WinXP pro
512 Mb ddr400
NVidia GeForce 5200FX
WD 120Gb HDD
Seagate 80Gb HDD
Sony DRU 700A
Lite-On 19P6S DVD-Rom


edit: i had a look at the minidump file, and could not make head nor tail of it, does anyone have a debugger that can read the minidump file (88kb) so i can send it to them so at least i can find out what is cusing the crash.

A:win32k.sys causes shutdown

Damn i thought the problem had dissapeared, but it happened again to-day.This time i got the error code:and its a different one.

Stop: 0x000000D1 (0x00000028,0x00000002,0x00000000,0xF8585000)
CLASSPNP.SYS - Address F8585408 base at F8585000.

This time it happened while i was using DVD Re-builder pro.

The Win32k.sys was updated when i installed SP2

Any help on this will be much appreciated.


Read other 1 answers

This is an ongoing problem this computer's been giving me for some time now. Randomly the system (XP Pro) would blue screenwith a 0x0000050 complaining about ntfs.sys, nv4disp.dll (I think) and mainly win32k.sys.
Norton complains about an 'adware threat' sbcss.exe or something found in Windows folder, can't remove it via norton and was a bit worried about removingit directly.
If anyone can help with either of these problems I'd appreciate it

A:win32k.sys in a BSOD

Read other 13 answers

I'm having an error with my win32k.sys file and I have no clue what it could be..

Here's what the dump file said:

BugCheck D1, {bf97b704, ff, 0, bf97b704}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Unable to load image win32k.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : win32k.sys ( win32k+17b704 )

Any ideas?? Thanks!

A:win32k.sys error (PLEASE help!!)

did a search for........ Unable to verify timestamp for win32k.sys

came up with this...its long with alot of info but it might point you in the right direction..... http://cunas.udea.edu.co/nt/ntfaq_05SEP99.html

Read other 1 answers