bsod system service exception

[hunkymunky2]

Hi my computer keeps crashing and i continually get a bsod with the error saying: SYSTEM_SERVICE_EXCEPTION. I've tried to find solutions online and have tried to update all of my drivers and i have ran a system scan on the Command Prompt (SFC /scannow) to no avail. Would anyone mind helping me out?

I have been continually getting BSOD errors whenever I do anything that involves my graphics card (gaming, watching videos/streams) and would love some help!

 

[TrainableMan]

I merged your posts into one.

Unfortunately HP only supported your desktop through Vista so there may not be current drivers from them. HP Support.

I'm not an expert in BSODs but when I look over your CPU-Z posts I'm curious if your memory is set correctly. I believe your RAM requests your last setting in your BIOS be 24, not 25. So that might be worth trying to see if it is more stable.

It would be a good idea to run Memtest86+ overnight for 6-10 passes and check for memory errors.

Make sure your Critical Windows Updates have been installed and look for driver updates in "Recommended" and make sure those are installed.

The DMPs aren't all specific, in fact they all seem different, but I did see your Nvidia RAID driver mentioned (nvrd64.sys) and maybe you can update that at NVidia.

Another DMP shows atikmdag.sys. Make sure you have the latest video drivers from AMD

 

[Digerati]

Interesting find there, TM - though I have to admit, I don't know what it indicates. I note on that system under the Memory tab, that shot shows Bank Cycle Time (tRC) but on mine (with the same 64-bit version of CPU-Z), it says, Row Refresh Cycle Time (tRFC) and it clearly is a different value than seen on the SPD tab.

Now mine is Intel and that is AMD so memory management is handled differently, I just don't know if that is indicating a problem, or not. I only have Intels here so I cannot compare with another AMD system.

I also note his Core Speed shows 1249.98MHz yet the AMD X4 9850 runs at 2500MHz (2.5GHz). So it "appears" that CPU is running at 1/2 speed. My CPU-Z shows my CPU is running at 3150GHz, which is full speed and correct.

That said, one problem with CPU-Z is it takes a picture of what is happening right now. If the computer is running in some sort of "Eco" mode (common with notebooks), running CPU-Z takes very little horsepower, and even less to display CPU-Z's findings, so it may be reflecting what is really happening - and that may be okay.

@hunkymunky2 - when you right-click on computer and select Properties, what does it show after Processor:?

 

[Core]

The core speed might be due to Cool & Quiet.

I agree with TM that it might be RAM since the dumps are all over the place.

 

[TrainableMan]

Interesting find there, TM - though I have to admit, I don't know what it indicates. I note on that system under the Memory tab, that shot shows Bank Cycle Time (tRC) but on mine (with the same 64-bit version of CPU-Z), it says, Row Refresh Cycle Time (tRFC) and it clearly is a different value than seen on the SPD tab.

Yeah, I wasn't absolutely sure that setting is a problem or not. I just thought they should match what the memory lists as its' defaults but I could be wrong; RAM was always Elmer's thing but he hasn't been around in quite some time. I figured it couldn't hurt to try it.

 

[hunkymunky2]

@Digerati- it shows the AMD phenom 9850 quad-core 2.50GHz

@trainbleman- ill run run memtest and see what happens, ill post the results thanks for the help

 

[Digerati]

Okay, good. It is running full speed then. As for Memtest, you want 0 errors and the longer you let it run (through more passes) the better the test. That said, no software based RAM tester is conclusive. When they report errors, they tend to be correct. But they don't always find RAM that does have problems, so often running with one stick at a time is needed for conclusive testing.

 

[hunkymunky2]

So i let run through the night and until i got home from school, here is what it said:

Wall time- 16:47:08
Cached- 6143M
RsvdMem- 264k
MemMap- e820
Cache- on
ECC- off
Test- Std
Pass- 8
Errors-0
ECC Errs- (blank)

i cut it off in the middle of a test i hope that doesnt skew any results

quick note: i got another BSOD with a new error

 

[TrainableMan]

No RAM errors is a good thing.

Your last DMP there points to your video driver. Update that if possible at AMD and it is usually best to not install the Catalyst Control Center that comes with it; you may need the Catalyst Uninstall Tool to get rid of it.

 

[hunkymunky2]

so there are no ram problems and i just updated the video drivers, is there anything else i should do?

 

[Core]

For shits & giggles, you could run CHKDSK /R.

 

[TrainableMan]

and of course post any new DMPs if you BSOD again.

 

[Digerati]

cut it off in the middle of a test i hope that doesnt skew any results

You completed 8 passes so no, it results are not skewed.

so there are no ram problems and i just updated the video drivers, is there anything else i should do?

While it appears you have no RAM problems, again, those tests are not 100% conclusive.

is there anything else i should do?

Hurry up and wait. That is, use the computer and see if happens again.

If it does crash again, you might try running with just one stick of RAM for awhile. Also, whenever I troubleshoot hardware problems, I ALWAYS want to know I am providing good power as a flakey power supply can manifest into one or more, and often very odd, symptoms. So I keep a known good power supply handy to swap in during troubleshooting.

 

[hunkymunky2]

several online sources told me to run the chkdsk thing but i never did. Ill give it a shot.

computer seemed to be fine after the video driver updates but then i got 2 more crashes today :/

 

[hunkymunky2]

Here are the results/logs for the CHKDSK-

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
195328 file records processed. File verification completed.
849 large file records processed. 0 bad file records processed. 0 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
Unable to locate the file name attribute of index entry BFE.DLL
of index $I30 with parent 0x8b3 in file 0x2b298.
Deleting index entry BFE.DLL in index $I30 of file 2227.
256780 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
195328 file SDs/SIDs processed. Cleaning up 3506 unused index entries from index $SII of file 0x9.
Cleaning up 3506 unused index entries from index $SDH of file 0x9.
Cleaning up 3506 unused security descriptors.
Security descriptor verification completed.
30727 data files processed. CHKDSK is verifying Usn Journal...
35284512 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
195312 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
167725826 free clusters processed. Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

732469247 KB total disk space.
61142900 KB in 125816 files.
101268 KB in 30728 indexes.
0 KB in bad sectors.
321771 KB in use by the system.
65536 KB occupied by the log file.
670903308 KB available on disk.

4096 bytes in each allocation unit.
183117311 total allocation units on disk.
167725827 allocation units available on disk.

Internal Info:
00 fb 02 00 8c 63 02 00 35 90 04 00 00 00 00 00 .....c..5.......
c8 5a 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 .Z..<...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

 

[TrainableMan]

As usual your DMPS point to different things which makes debugging difficult.

It seems something was missing on your hard drive: BFE.DLL

Did you ever test for a virus from safe mode? See how at the start of my post HERE.

 

[hunkymunky2]

It seems something was missing on your hard drive: BFE.DLL

o.o should i be worried?

i have avg free as my antivirus, can i use that or should i download the ones that you posted?

 

[TrainableMan]

In safe mode, run TDSSKiller and after that run RKill and after that run AVG.

The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

Source

So the fact it is missing seems suspicious to me. Some scumbag viruses destroy or alter system files to remain undetected or to trick you into buying "their solution" to problems, so I just want to know why that file is missing.

NOTE: When I search on "BFE.DLL" there are a lot of websites offering to sell a solution. Any time a website's main suggestion is to "buy a product to fix the issue" it sends up red flags to me. Scam websites pop up all the time trying to sell registry fixers, etc. to correct common W7 errors. These products are a waste.

 

[TrainableMan]

After you are sure you are virus-free I suggest you pop in a W7 DVD and from the installation screen run the "system repair" option in the bottom corner.

 

[hunkymunky2]

Tdsskiller ended up clean

rkill says this-
Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/17/2013 07:44:30 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* BFE (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/17/2013 07:44:39 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

and my virus scan says 79 errors-

AVG 2013 AntiVirus command line scanner
Copyright (c) 1992 - 2012 AVG Technologies
Program version 2013.0.3336, engine 2013.0.3162
Virus Database: Version 3162/6332 2013-05-17
c:\Documents and Settings\ Locked file. Not tested.
c:\hiberfil.sys Locked file. Not tested.
c:\pagefile.sys Locked file. Not tested.
c:\ProgramData\AVG\AWL2012\TTUSvclrt.tt Locked file. Not tested.
c:\ProgramData\Desktop\ Locked file. Not tested.
c:\ProgramData\Documents\ Locked file. Not tested.
c:\ProgramData\Favorites\ Locked file. Not tested.
c:\ProgramData\Templates\ Locked file. Not tested.
c:\System Volume Information\ Locked file. Not tested.
c:\Users\Carlos\AppData\Local\Avg2013\log\avg-b1e03617-4de0-4f7d-b9fc-106773d5ca0f.tmp Locked file. Not tested.
c:\Users\Carlos\AppData\Local\History\ Locked file. Not tested.
c:\Users\Carlos\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
c:\Users\Carlos\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
c:\Users\Carlos\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
c:\Users\Carlos\Documents\My Music\ Locked file. Not tested.
c:\Users\Carlos\Documents\My Pictures\ Locked file. Not tested.
c:\Users\Carlos\Documents\My Videos\ Locked file. Not tested.
c:\Users\Carlos\NetHood\ Locked file. Not tested.
c:\Users\Carlos\ntuser.dat Locked file. Not tested.
c:\Users\Carlos\ntuser.dat.LOG1 Locked file. Not tested.
c:\Users\Carlos\ntuser.dat.LOG2 Locked file. Not tested.
c:\Users\Carlos\PrintHood\ Locked file. Not tested.
c:\Users\Carlos\Templates\ Locked file. Not tested.
c:\Users\Default\AppData\Local\History\ Locked file. Not tested.
c:\Users\Default\Documents\My Music\ Locked file. Not tested.
c:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
c:\Users\Default\Documents\My Videos\ Locked file. Not tested.
c:\Users\Default\NetHood\ Locked file. Not tested.
c:\Users\Default\PrintHood\ Locked file. Not tested.
c:\Users\Default\Recent\ Locked file. Not tested.
c:\Users\Default\Templates\ Locked file. Not tested.
c:\Users\Guest\AppData\Local\History\ Locked file. Not tested.
c:\Users\Guest\Documents\My Music\ Locked file. Not tested.
c:\Users\Guest\Documents\My Pictures\ Locked file. Not tested.
c:\Users\Guest\Documents\My Videos\ Locked file. Not tested.
c:\Users\Guest\NetHood\ Locked file. Not tested.
c:\Users\Guest\PrintHood\ Locked file. Not tested.
c:\Users\Guest\Templates\ Locked file. Not tested.
c:\Users\Public\Documents\My Music\ Locked file. Not tested.
c:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
c:\Users\Public\Documents\My Videos\ Locked file. Not tested.
c:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
c:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
c:\Windows\ServiceProfiles\LocalService\ntuser.dat Locked file. Not tested.
c:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.
c:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.
c:\Windows\ServiceProfiles\NetworkService\ntuser.dat Locked file. Not tested.
c:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.
c:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.
c:\Windows\System32\catroot2\edb.log Locked file. Not tested.
c:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
c:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
c:\Windows\System32\config\default Locked file. Not tested.
c:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
c:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
c:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
c:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
c:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
c:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
c:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
c:\Windows\System32\config\sam Locked file. Not tested.
c:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
c:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
c:\Windows\System32\config\security Locked file. Not tested.
c:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
c:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
c:\Windows\System32\config\software Locked file. Not tested.
c:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
c:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
c:\Windows\System32\config\system Locked file. Not tested.
c:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
c:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
c:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
c:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat Locked file. Not tested.
c:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 Locked file. Not tested.
c:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 Locked file. Not tested.
c:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{87bb9983-6ce7-11e2-8f9c-001fc68b08d3}.TM.blf Locked file. Not tested.
c:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{87bb9983-6ce7-11e2-8f9c-001fc68b08d3}.TMContainer00000000000000000001.regtrans-ms Locked file. Not tested.
c:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{87bb9983-6ce7-11e2-8f9c-001fc68b08d3}.TMContainer00000000000000000002.regtrans-ms Locked file. Not tested.

------------------------------------------------------------
Test started: 17.5.2013 22:56:33
Duration of test: 26 minute(s) 3 second(s)
------------------------------------------------------------
Objects scanned : 191143
Found infections : 79
Found high severity : 0
Found med severity : 0
Found info severity : 79
Fixed high severity : 0
Fixed med severity : 0
Fixed info severity : 0
------------------------------------------------------------