arleetel Posted January 20, 2009 Hello, Last week the computer crashed with a BSOD, reason was SASKUTIL.sys. The action that triggered it was trying to print a PDF with PDF Factory/and or Fine Print (both new updated versions) and I also contacted those people. Uninstalled those versions in the meantime and reinstalled the old ones and so far it does not give me a problem. Since it seems to be superantispyware related I thought I'll post it here too because I really have no idea for what reason this happened. Hereunder a copy of a bugcheck analysis, I know everything can be the reason but anyway I would like your opinion about this as well. Thank you. 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 82e2888f, The address that the exception occurred at Arg3: cb29fb7c, Trap Frame Arg4: 00000000 Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* AUTOBUG_OS_SKU: 3 FAULTING_MODULE: 82c16000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 48163ef6 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt+21288f 82e2888f 8b01 mov eax,dword ptr [ecx] TRAP_FRAME: cb29fb7c -- (.trap 0xffffffffcb29fb7c) ErrCode = 00000000 eax=00000000 ebx=fe6530a8 ecx=00000020 edx=cb29fbe4 esi=86a49030 edi=00000000 eip=82e2888f esp=cb29fbf0 ebp=cb29fc04 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 nt+0x21288f: 82e2888f 8b01 mov eax,dword ptr [ecx] ds:0023:00000020=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: WRONG_SYMBOLS BUGCHECK_STR: 0x8E CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 973a1c69 to 82e2888f STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. cb29fc04 973a1c69 fe6530a8 fe33eb40 fd76d180 nt+0x21288f cb29fc18 97349d15 fd69edd0 86a49030 00000001 win32k+0x101c69 cb29fc2c 97349c93 86a49030 00000001 86a49030 win32k+0xa9d15 cb29fc48 82e24eab 86a49030 00000001 e7acce62 win32k+0xa9c93 cb29fcb4 82e253fb c0000374 00000000 86a49030 nt+0x20eeab cb29fcd4 82df9160 86a49030 c0000374 00000001 nt+0x20f3fb cb29fd04 911ccfc0 ffffffff c0000374 00000000 nt+0x1e3160 cb29fd34 82c6da1a ffffffff c0000374 061ccff0 SASKUTIL+0x8fc0 cb29fd44 77819a94 badb0d00 061ccfe8 00000000 nt+0x57a1a cb29fd48 badb0d00 061ccfe8 00000000 00000000 0x77819a94 cb29fd4c 061ccfe8 00000000 00000000 00000000 0xbadb0d00 cb29fd50 00000000 00000000 00000000 00000000 0x61ccfe8 STACK_COMMAND: kb FOLLOWUP_IP: SASKUTIL+8fc0 911ccfc0 ?? ??? SYMBOL_STACK_INDEX: 7 SYMBOL_NAME: SASKUTIL+8fc0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: SASKUTIL IMAGE_NAME: SASKUTIL.sys BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- Share this post Link to post Share on other sites
SUPERAntiSpy Posted January 20, 2009 What version of SUPERAntiSpyware (numeric) do you have installed? Share this post Link to post Share on other sites
arleetel Posted January 22, 2009 The version installed is 4.24.1004 In the meantime I uninstalled PDF Factory and Fine Print and reversed to their previous versions and this seems to work for now. Although I'm still puzzled with : why did this happen ? Thanks for your reply. Share this post Link to post Share on other sites
h2eau Posted January 22, 2009 The current version of SAS is 4.25.1012. Share this post Link to post Share on other sites
arleetel Posted January 22, 2009 @h2eau I noticed it this morning when updating and downloaded the latest version. Will see what happens. Thanks for your reply. Share this post Link to post Share on other sites