According to the analysis it's "probably caused by win32k.sys".
If you Google that, it turns out there was a fairly recent update made to address a security vulnerability:
http://support.microsoft.com/kb/2639417 . You could check installed Windows Updates on that server to make sure that KB update has been applied. If not already applied, you could run the "FixIt" ( Enable ) on the above link. You would run this on the server console, and you will need to restart the server after it's applied.
In case the server has become infected with the W32.Duqu trojan, you might want to run a thorough antivirus scan.
There is also another process mentioned, "Flexexe.exe". I recommend finding where that exe exists on the server, to see if it is legitimate or if it might be malware.
>Hi
>I have attached the dump info as below. But customer keep claimed their display driver is compatible. What could I do next? Thank you
>
>
>
>
>*******************************************************************************
>* *
>* Bugcheck Analysis *
>* *
>*******************************************************************************
>
>Use !analyze -v to get detailed debugging information.
>
>BugCheck 1000008E, {c0000005, 8169e323, c5c29840, 0}
>
>Probably caused by : win32k.sys ( win32k!SpBitBlt+210 )
>
>Followup: MachineOwner
>---------
>
>0: kd> !analyze -v
>*******************************************************************************
>* *
>* Bugcheck Analysis *
>* *
>*******************************************************************************
>
>KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
>This is a very common bugcheck. Usually the exception address pinpoints
>the driver/function that caused the problem. Always note this address
>as well as the link date of the driver/image that contains this address.
>Some common problems are exception code 0x80000003. This means a hard
>coded breakpoint or assertion was hit, but this system was booted
>/NODEBUG. This is not supposed to happen as developers should never have
>hardcoded breakpoints in retail code, but ...
>If this happens, make sure a debugger gets connected, and the
>system is booted /DEBUG. This will let us see why this breakpoint is
>happening.
>Arguments:
>Arg1: c0000005, The exception code that was not handled
>Arg2: 8169e323, The address that the exception occurred at
>Arg3: c5c29840, Trap Frame
>Arg4: 00000000
>
>Debugging Details:
>------------------
>
>
>EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
>
>FAULTING_IP:
>nt!RtlInitUnicodeString+1b
>8169e323 f266af repne scas word ptr es:[edi]
>
>TRAP_FRAME: c5c29840 -- (.trap 0xffffffffc5c29840)
>ErrCode = 00000000
>eax=00000000 ebx=fe818fd8 ecx=ffffffec edx=c5c29914 esi=fe818a90 edi=fe819000
>eip=8169e323 esp=c5c298b4 ebp=c5c29924 iopl=0 nv up ei pl zr na pe nc
>cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
>nt!RtlInitUnicodeString+0x1b:
>8169e323 f266af repne scas word ptr es:[edi]
>Resetting default scope
>
>CUSTOMER_CRASH_COUNT: 1
>
>DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
>
>BUGCHECK_STR: 0x8E
>
>PROCESS_NAME: Flexexe.exe
>
>CURRENT_IRQL: 0
>
>LAST_CONTROL_TRANSFER: from 973db97e to 8169e323
>
>STACK_TEXT:
>c5c298e8 973db97e c5c2998c c5c29978 c5c29998 nt!RtlInitUnicodeString+0x1b
>c5c29924 9742f05b 410100ac 00000006 00000002 win32k!SpBitBlt+0x210
>c5c29a0c 9743ec00 410100ac 00000006 00000002 win32k!xxxRealDrawMenuItem+0x80b
>c5c29abc 9741460a 410100ac 0110007f c5c29b04 win32k!xxxDrawState+0x1c9
>c5c29b2c 97415490 410100ac fe818a18 00c8d0d4 win32k!xxxDrawMenuItem+0x3f8
>c5c29b98 9742f5c1 410100ac 00000000 fe817f98 win32k!xxxMenuDraw+0x1f2
>c5c29bf0 9737cfff 00000017 410100ac 00000004 win32k!xxxMenuBarDraw+0x1bf
>c5c29c38 9739bf25 fe817f98 410100ac 00000001 win32k!xxxDrawWindowFrame+0xf7
>c5c29cb4 9739d56d fe817f98 00000085 00000001 win32k!xxxRealDefWindowProc+0x88b
>c5c29ccc 97376599 fe817f98 00000085 00000001 win32k!xxxWrapRealDefWindowProc+0x2b
>c5c29ce8 9739d524 fe817f98 00000085 00000001 win32k!NtUserfnNCDESTROY+0x27
>c5c29d20 816a3a7a 00040242 00000085 00000001 win32k!NtUserMessageCall+0xc6
>c5c29d20 770b9a94 00040242 00000085 00000001 nt!KiFastCallEntry+0x12a
>WARNING: Frame IP not in any known module. Following frames may be wrong.
>0012ea4c 00000000 00000000 00000000 00000000 0x770b9a94
>
>
>STACK_COMMAND: kb
>
>FOLLOWUP_IP:
>win32k!SpBitBlt+210
>973db97e 85c0 test eax,eax
>
>SYMBOL_STACK_INDEX: 1
>
>SYMBOL_NAME: win32k!SpBitBlt+210
>
>FOLLOWUP_NAME: MachineOwner
>
>MODULE_NAME: win32k
>
>IMAGE_NAME: win32k.sys
>
>DEBUG_FLR_IMAGE_TIMESTAMP: 47918c6e
>
>FAILURE_BUCKET_ID: 0x8E_win32k!SpBitBlt+210
>
>BUCKET_ID: 0x8E_win32k!SpBitBlt+210
>
>Followup: MachineOwner
>---------
>
>0: kd> .trap 0xffffffffc5c29840
>ErrCode = 00000000
>eax=00000000 ebx=fe818fd8 ecx=ffffffec edx=c5c29914 esi=fe818a90 edi=fe819000
>eip=8169e323 esp=c5c298b4 ebp=c5c29924 iopl=0 nv up ei pl zr na pe nc
>cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
>nt!RtlInitUnicodeString+0x1b:
>8169e323 f266af repne scas word ptr es:[edi]
>
>
>
>
>
>
>*******************************************************************************
>* *
>* Bugcheck Analysis *
>* *
>*******************************************************************************
>
>Use !analyze -v to get detailed debugging information.
>
>BugCheck 1000008E, {c0000005, 81c91313, bbc88834, 0}
>
>Probably caused by : win32k.sys ( win32k!xxxRealDrawMenuItem+686 )
>
>Followup: MachineOwner
>---------
>
>1: kd> !analyze -v
>*******************************************************************************
>* *
>* Bugcheck Analysis *
>* *
>*******************************************************************************
>
>KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
>This is a very common bugcheck. Usually the exception address pinpoints
>the driver/function that caused the problem. Always note this address
>as well as the link date of the driver/image that contains this address.
>Some common problems are exception code 0x80000003. This means a hard
>coded breakpoint or assertion was hit, but this system was booted
>/NODEBUG. This is not supposed to happen as developers should never have
>hardcoded breakpoints in retail code, but ...
>If this happens, make sure a debugger gets connected, and the
>system is booted /DEBUG. This will let us see why this breakpoint is
>happening.
>Arguments:
>Arg1: c0000005, The exception code that was not handled
>Arg2: 81c91313, The address that the exception occurred at
>Arg3: bbc88834, Trap Frame
>Arg4: 00000000
>
>Debugging Details:
>------------------
>
>
>EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
>
>FAULTING_IP:
>nt!RtlInitUnicodeString+1b
>81c91313 f266af repne scas word ptr es:[edi]
>
>TRAP_FRAME: bbc88834 -- (.trap 0xffffffffbbc88834)
>ErrCode = 00000000
>eax=00000000 ebx=fe618fd8 ecx=ffffffec edx=bbc88908 esi=fe6159e8 edi=fe619000
>eip=81c91313 esp=bbc888a8 ebp=bbc88918 iopl=0 nv up ei pl zr na pe nc
>cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
>nt!RtlInitUnicodeString+0x1b:
>81c91313 f266af repne scas word ptr es:[edi]
>Resetting default scope
>
>CUSTOMER_CRASH_COUNT: 1
>
>DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
>
>BUGCHECK_STR: 0x8E
>
>PROCESS_NAME: Flexexe.exe
>
>CURRENT_IRQL: 0
>
>LAST_CONTROL_TRANSFER: from bbc88908 to 81c91313
>
>STACK_TEXT:
>bbc888ac bbc88908 fe618fda ffffffff 97603634 nt!RtlInitUnicodeString+0x1b
>WARNING: Frame IP not in any known module. Following frames may be wrong.
>bbc88918 97810a2b 14010070 00000006 00000002 0xbbc88908
>bbc88a00 978207c6 14010070 00000006 00000002 win32k!xxxRealDrawMenuItem+0x686
>bbc88ab0 977f42dc 14010070 0110007e bbc88af8 win32k!xxxDrawState+0x21
>bbc88b20 977f5244 14010070 fe616878 00c8d0d4 win32k!xxxDrawMenuItem+0x208
>bbc88b98 97810fa4 14010070 00000000 fe6155c8 win32k!xxxMenuDraw+0x38
>bbc88bf0 9775d71a 00000017 14010070 00000004 win32k!xxxDrawMenuBarTemp+0x2d2
>bbc88c38 9777c525 fe6155c8 14010070 00000001 win32k!xxxSendNCPaint+0xa3
>bbc88cb4 9777db6d fe6155c8 00000085 6504040f win32k!xxxRealDefWindowProc+0x78b
>bbc88ccc 97756b5c fe6155c8 00000085 6504040f win32k!NtUserMessageCall+0xf
>bbc88d20 81c96a2a 0001023c 00000085 6504040f win32k!xxxSetWindowData+0x36b
>bbc88d20 00000000 0001023c 00000085 6504040f nt!KiFastCallEntry+0x12a
>00000000 00000000 00000000 00000000 00000000 0x0
>
>
>STACK_COMMAND: kb
>
>FOLLOWUP_IP:
>win32k!xxxRealDrawMenuItem+686
>97810a2b 66f7060020 test word ptr [esi],2000h
>
>SYMBOL_STACK_INDEX: 2
>
>SYMBOL_NAME: win32k!xxxRealDrawMenuItem+686
>
>FOLLOWUP_NAME: MachineOwner
>
>MODULE_NAME: win32k
>
>IMAGE_NAME: win32k.sys
>
>DEBUG_FLR_IMAGE_TIMESTAMP: 4de78921
>
>FAILURE_BUCKET_ID: 0x8E_win32k!xxxRealDrawMenuItem+686
>
>BUCKET_ID: 0x8E_win32k!xxxRealDrawMenuItem+686
>
>Followup: MachineOwner
>---------
>
>1: kd> .trap 0xffffffffbbc88834
>ErrCode = 00000000
>eax=00000000 ebx=fe618fd8 ecx=ffffffec edx=bbc88908 esi=fe6159e8 edi=fe619000
>eip=81c91313 esp=bbc888a8 ebp=bbc88918 iopl=0 nv up ei pl zr na pe nc
>cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
>nt!RtlInitUnicodeString+0x1b:
>81c91313 f266af repne scas word ptr es:[edi]
>
>
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up
