Windows 7 BSOD error

[elric7]

Dear all my PC is running Windows 7. I keep on getting the following BSOD (captured by a program I ran):

On Thu 16/06/2016 16:58:33 GMT your computer crashed
crash dump file: C:\Windows\Minidump\061616-28392-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0x9C52)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF96000069C52, 0xFFFFF880046DC230, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.

I do not recall downloading any dodgy software, updating drivers and have run an antivirus, spyware and malware programs as well as memory check, system file checker and chkdsk but nothing works.
How do I fix this?

 

[johnbl]

I would start cmd.exe as an admin, then run
sfc.exe /scannow
this will attempt to fix corrupted files by the hidden backup copy. Malware often just modifies the hidden copy so it might not work.
windows 8.x and above made a better command that lets you get a clean file from the microsoft update servers but on windows 7 you might have to use a CD image to do the repair.

then reboot and run the command again. Sometimes malware will be running and will undo the fixes right after you apply them
I would also do a malwarebytes scan, mostly because win32k.sys is a target for malware attacks.

now since you had the error code 0xC0000005 which means a bad memory address was used by a driver, you will want to run memtest86 to confirm your memory in your system is working as expected. if it passes then you have to figure out what software service was calling the driver, most of the time it will just be listed as svhost.exe which is a generic name so it is hard to pinpoint which one is causing the problem.

Also, 0xC0000005 is often caused by overheating/power and overclocking so check the fans and make sure they are spinning, remove any bios and software overclocking drivers.

 

[elric7]

Cheers mate. Will give that a shot and come back.

 

[elric7]

I did the sfc.exe scan and then downloaded malware bytes. It came up with 3 malware and many PUPs!! I then used spybot, which came up with a few more malware and PUPS!!! A memtest came up all fine. I restarted and my pc booted up w/o a bsod!! cheers for your help mate. Hope it works from now on. Have a nice weekend.

 

[elric7]

It's started again and now it will only let me reboot to safe mode :-(

 

[johnbl]

the same bugcheck with error code 0xC0000005 can happen if another driver is corrupting system memory or if you have a overclocking driver install and the overclock messes up the voltages.

I can look at the memory dump from c:\windows\minidump directory if you put them on a server like microsoft one drive, share teh files and post a link.

 

[elric7]

the same bugcheck with error code 0xC0000005 can happen if another driver is corrupting system memory or if you have a overclocking driver install and the overclock messes up the voltages.

I can look at the memory dump from c:\windows\minidump directory if you put them on a server like microsoft one drive, share teh files and post a link.

 

[johnbl]

- you will want to go into bios and reset it to defaults.
- you will want to download and run memtest86 on its own boot media to confirm your memory settings are correct.
(this is independent of windows)

malware is pretty rude and can make many hidden system changes to prevent its removal
sometimes they will have two programs running, if one is removed the other installs it back a few seconds later.
I have seen them disable backups, delete restore points, modify the system hidden backup files and just make a mess of things. With windows 7 you have to make repairs with the windows 7 CD but most people would not have a current copy so it is pretty hard. With windows 8.x and above microsoft added a option to the dism.exe command
dism.exe /online /cleanup-image /restorehealth
this option will go to microsoft update servers and get a clean copy of your corrupted windows files.
I expect it was added just to help with malware problems.

Most people on windows 7 give up and just reinstall and update the system again. Just because it takes much less time than figuring out all of the changes malware made.

the same bugcheck with error code 0xC0000005 can happen if another driver is corrupting system memory or if you have a overclocking driver install and the overclock messes up the voltages.

I can look at the memory dump from c:\windows\minidump directory if you put them on a server like microsoft one drive, share teh files and post a link.

 

[elric7]

Hiya John cheers for you help but I have a few qu's:
My PC has been slightly overclocked for years and this issue only started around a month ago. As for the minidump folder, unfortunately I have since run cccleaner and removed all info incl that.
I went into BIOS and the only info mentioning bios is advanced bios options. When I click on that I am only allowed to reset to optimum settings, should I do that? When you say "download and run memtest86 on its own boot media to confirm your memory settings are correct", do you mean I should download it to say a flashdrive and then boot from the drive?
Finally do you think this will help...Windows6.1-KB980932-x64?

cheers
Naz

 

[johnbl]

-that windows update fix came out in 2010, I assume you have windows 7 sp1 and updates
so it would not be related.
-yes, you cna run memtest86 from a bootable thumb drive or CD . it is independent of winodows so you will know that your problem is not a windows driver.

when you see a error 0xC0000005 it means that the data in memory is wrong, it could be bios setting, and memory timings or physical memory problems. Memtest86 will test for those cases.

it can also be bugs in drivers for windows, or the start of a failing component, like a drive that is starting to produce errors.
it is harder to find the various driver bugs that corrupt data in memory, for most people you want to clear any overclocking in bios and in software. Then confirm the memory timings again. updating or resetting the BIOS to defaults will also force the BIOS to rescan for hardware changes and reassign hardware resources. It then passes a database to windows that windows then uses to continue to configure devices.

if the hardware tests pass, you then want to update all of the motherboard device drivers for your machine, reboot and run tests on your drive. I would start with crystaldiskinfo.exe just to read the SMART data and see if the drive is reporting errors.


as to overclocking, it is just not a good idea to debug systems that are not running at a standard clock rate.
As a system ages, the electronics voltage regulators can start to fluctuate, data from the drive can be corrupted as it is read from the drive thru the SATA controler, to its final location in memory, even then it has to get to the CPU thru it cache controller. if the voltage drops down a little, bit patterns change and become incorrect memory addresses.

even if the hardware works correctly, you still can face the condition where 3rd party device drivers overwrite beyond their owned memory blocks and destroy data belonging to other drivers. Because of all the malware/rootkits/ and viruses. Certain windows data structures are checked for modification it a change is detected windows will just shut the system down.

there are certain user mode drivers that tend to do this often (design problems in certain versions of razer drivers for example)


often the actual minidump will list a driver with a known defect/bugs
but with a kernel dump or full memory dump you might be able to provide more than a educated guess.
with a driver corrupting memory you often have to run verifier to turn on extra driver checking to pinpoint a driver that is overwriting another drivers memory.

also, there are a lot of motherboard that provide extra utilities that have bad drivers, try not to install these unless you really need something. Mostly, old USB speed up programs, and USB charger programs have a lot of bugs.

Hiya John cheers for you help but I have a few qu's:
My PC has been slightly overclocked for years and this issue only started around a month ago. As for the minidump folder, unfortunately I have since run cccleaner and removed all info incl that.
I went into BIOS and the only info mentioning bios is advanced bios options. When I click on that I am only allowed to reset to optimum settings, should I do that? When you say "download and run memtest86 on its own boot media to confirm your memory settings are correct", do you mean I should download it to say a flashdrive and then boot from the drive?
Finally do you think this will help...Windows6.1-KB980932-x64?

cheers
Naz