Question
293 views

BSOD when waking up from sleep mode on my PC..

Echo Seven asked on
Hi, I am getting a blue screen of death when my PC wake sup from sleep mode.

It gives me the following message :

Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7600.2.0.0.256.48
  Locale ID: 1033

Additional information about the problem:
  BCCode: 3b
  BCP1: 00000000C0000005
  BCP2: FFFFF80002CC9A3C
  BCP3: FFFFF8800741A550
  BCP4: 0000000000000000
  OS Version: 6_1_7600
  Service Pack: 0_0
  Product: 256_1

Files that help describe the problem:
  C:\Windows\Minidump\122113-6193-01.dmp
  C:\Users\Z87 G45 GAMING\AppData\Local\Temp\WER-8533-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

This is the minidump file it generates - Unfortunately, have no clue what to do with it..

REDACTED
1 person had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on

Much better, thank you! Also, thank you again for also removing the link in your OP as I was about to remove it due to that website requiring a download manager from their website which likely installed PUPs.

Onto the dump, it's of the SYSTEM_SERVICE_EXCEPTION (3b) bug check.

This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.

----------------------

If we take a look at the call stack:

6: kd> kb
RetAddr           : Args to Child                                                           : Call Site
fffff800`02cc3de9 : 00000000`0000003b 00000000`c0000005 fffff800`02cc9a3c fffff880`0741a550 : nt!KeBugCheckEx
fffff800`02cc373c : fffff880`0741ace8 fffff880`0741a550 00000000`00000000 fffff800`02cf2820 : nt!KiBugCheckDispatch+0x69
fffff800`02ce9fad : fffff800`02ee703c fffff800`02e0c754 fffff800`02c55000 fffff880`0741ace8 : nt!KiSystemServiceHandler+0x7c
fffff800`02cf1620 : fffff800`02e14118 fffff880`07419e88 fffff880`0741ace8 fffff800`02c55000 : nt!RtlpExecuteHandlerForException+0xd
fffff800`02cfe6cf : fffff880`0741ace8 fffff880`0741a550 fffff880`00000000 fffffa80`0ca7f030 : nt!RtlDispatchException+0x410
fffff800`02cc3ec2 : fffff880`0741ace8 00000000`00000000 fffff880`0741ad90 00000000`bad0b0b0 : nt!KiDispatchException+0x16f
fffff800`02cc2a3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff800`02cc9a3c : fffffa80`0d3af040 fffff880`0741b5e8 fffffa80`0e4514e0 fffff880`00d9912a : nt!KiPageFault+0x23a
fffff880`00da5a5d : fffff880`0741b5e8 fffffa80`0e4514e0 fffffa80`0d3af040 fffff880`00dd9d40 : nt!ObfDereferenceObject+0xbc
fffff880`0741b5e8 : fffffa80`0e4514e0 fffffa80`0d3af040 fffff880`00dd9d40 fffff880`02f64101 : trufos+0xda5d
fffffa80`0e4514e0 : fffffa80`0d3af040 fffff880`00dd9d40 fffff880`02f64101 00000000`00000001 : 0xfffff880`0741b5e8
fffffa80`0d3af040 : fffff880`00dd9d40 fffff880`02f64101 00000000`00000001 fffff880`0741b170 : 0xfffffa80`0e4514e0
fffff880`00dd9d40 : fffff880`02f64101 00000000`00000001 fffff880`0741b170 fffff8a0`0f78f940 : 0xfffffa80`0d3af040
fffff880`02f64101 : 00000000`00000001 fffff880`0741b170 fffff8a0`0f78f940 ffffffff`fff0bdc0 : trufos+0x41d40
00000000`00000001 : fffff880`0741b170 fffff8a0`0f78f940 ffffffff`fff0bdc0 fffff880`0741b330 : 0xfffff880`02f64101
fffff880`0741b170 : fffff8a0`0f78f940 ffffffff`fff0bdc0 fffff880`0741b330 00000000`09100003 : 0x1
fffff8a0`0f78f940 : ffffffff`fff0bdc0 fffff880`0741b330 00000000`09100003 fffffa80`0ca08af0 : 0xfffff880`0741b170
ffffffff`fff0bdc0 : fffff880`0741b330 00000000`09100003 fffffa80`0ca08af0 fffffa80`0ca73060 : 0xfffff8a0`0f78f940
fffff880`0741b330 : 00000000`09100003 fffffa80`0ca08af0 fffffa80`0ca73060 00000000`00000000 : 0xffffffff`fff0bdc0
00000000`09100003 : fffffa80`0ca08af0 fffffa80`0ca73060 00000000`00000000 00000000`00000000 : 0xfffff880`0741b330
fffffa80`0ca08af0 : fffffa80`0ca73060 00000000`00000000 00000000`00000000 00000000`00000000 : 0x9100003
fffffa80`0ca73060 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0ca08af0
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0ca73060


Unable to load image \SystemRoot\system32\DRIVERS\trufos.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for trufos.sys
*** ERROR: Module load completed but symbols could not be loaded for trufos.sys
Probably caused by : trufos.sys ( trufos+da5d )


FAILURE_BUCKET_ID:  X64_0x3B_trufos+da5d

^^ trufos.sys is the Immunet Protect driver, also at times a part of BitDefender. Also - ESTsoft Corp ALYac Security software driver.

With this said, after taking a look at your loaded modules list, I see other various BitDefender drivers are loaded, so I presume of all of those, BitDefender is the AV you have installed. Remove it ASAP!

BitDefender removal - http://www.bitdefender.com/support/how-to-uninstall-bitdefender-333.html

Regards,

Patrick
Debugger/Reverse Engineer.
Be the first person to mark this helpful

Abuse history


progress