Windows 8 and 8.1 Forums


BSOD ntoskrnl.exe/hal.ll (0x0000003b)

  1. #11


    Posts : 12
    Windows 8.1


    Thanks for the reply . I've removed MalwareBytes and SAS, reinstalled the AMD Video Driver ((v14.4) the stable one) and tried BF3 again. Used the Avira removal tool but crashed before I got to it. I was just doing some digital art when I forgot to save and then crashed so now I lost my work. :C

    I will keep you up to date on the situation
    -Felix

    Dmp:

      My System SpecsSystem Spec

  2. #12


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Hi blahblah,

    I have analyzed your dump file and it still says that Direct X is blamed. Below is the analysis :-
    Code:
    5: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff802696dfc1c, Address of the instruction which caused the bugcheck
    Arg3: ffffd00057264100, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    nt!KxWaitForLockOwnerShipWithIrql+14
    fffff802`696dfc1c 48890a          mov     qword ptr [rdx],rcx
    
    CONTEXT:  ffffd00057264100 -- (.cxr 0xffffd00057264100;r)
    rax=0000000000000000 rbx=0000000000000000 rcx=ffffd00057264b80
    rdx=2000000000000000 rsi=ffffe0012341f800 rdi=ffffd00057264b80
    rip=fffff802696dfc1c rsp=ffffd00057264b30 rbp=ffffd00057264ba0
     r8=ffffd00057264bd0  r9=ffffd00057264c00 r10=fffff801eec61fc0
    r11=fffff801eeac280f r12=0000000000000000 r13=ffffc00195d5a820
    r14=0000000000000001 r15=0000000000000000
    iopl=0         nv up di pl zr na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010046
    nt!KxWaitForLockOwnerShipWithIrql+0x14:
    fffff802`696dfc1c 48890a          mov     qword ptr [rdx],rcx ds:002b:20000000`00000000=????????????????
    Last set context:
    rax=0000000000000000 rbx=0000000000000000 rcx=ffffd00057264b80
    rdx=2000000000000000 rsi=ffffe0012341f800 rdi=ffffd00057264b80
    rip=fffff802696dfc1c rsp=ffffd00057264b30 rbp=ffffd00057264ba0
     r8=ffffd00057264bd0  r9=ffffd00057264c00 r10=fffff801eec61fc0
    r11=fffff801eeac280f r12=0000000000000000 r13=ffffc00195d5a820
    r14=0000000000000001 r15=0000000000000000
    iopl=0         nv up di pl zr na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010046
    nt!KxWaitForLockOwnerShipWithIrql+0x14:
    fffff802`696dfc1c 48890a          mov     qword ptr [rdx],rcx ds:002b:20000000`00000000=????????????????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    BUGCHECK_STR:  0x3B
    
    PROCESS_NAME:  dwm.exe
    
    CURRENT_IRQL:  0
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff802696a7f64 to fffff802696dfc1c
    
    STACK_TEXT:  
    ffffd000`57264b30 fffff802`696a7f64 : ffffe001`2317b860 fffff801`ef35a528 00000000`c0000001 ffffe001`242b4010 : nt!KxWaitForLockOwnerShipWithIrql+0x14
    ffffd000`57264b60 fffff801`eec7dfa2 : 00000000`00000002 ffffe001`23bfac30 ffffe001`23fbb240 00000000`00000000 : nt!ExAcquireResourceSharedLite+0x404
    ffffd000`57264bd0 fffff801`eeb17c8f : 00000000`00000200 ffffd000`572654c0 00000000`00000200 ffffd000`57264d40 : dxgmms1!VIDMM_DMA_POOL::AcquireBuffer+0x52
    ffffd000`57264c20 fffff801`eeb17755 : ffffc001`95eef000 00000000`00000000 00000000`00000000 ffffc001`95f83240 : dxgkrnl!DXGCONTEXT::Render+0x13f
    ffffd000`57265770 fffff802`6976d7b3 : ffffe001`2341f800 ffffe001`2341f800 00000099`2dd8dcb0 fffff901`80000001 : dxgkrnl!DxgkRender+0x325
    ffffd000`57265a80 00007ffe`3ac817fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000099`2dd8da98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`3ac817fa
    
    
    FOLLOWUP_IP: 
    dxgmms1!VIDMM_DMA_POOL::AcquireBuffer+52
    fffff801`eec7dfa2 488b0b          mov     rcx,qword ptr [rbx]
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  dxgmms1!VIDMM_DMA_POOL::AcquireBuffer+52
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: dxgmms1
    
    IMAGE_NAME:  dxgmms1.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  53183e46
    
    IMAGE_VERSION:  6.3.9600.17041
    
    STACK_COMMAND:  .cxr 0xffffd00057264100 ; kb
    
    BUCKET_ID_FUNC_OFFSET:  52
    
    FAILURE_BUCKET_ID:  0x3B_dxgmms1!VIDMM_DMA_POOL::AcquireBuffer
    
    BUCKET_ID:  0x3B_dxgmms1!VIDMM_DMA_POOL::AcquireBuffer
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x3b_dxgmms1!vidmm_dma_pool::acquirebuffer
    
    FAILURE_ID_HASH:  {d845d790-fd12-fe9d-3f5a-c461b3c67469}
    
    Followup: MachineOwner
    ---------
    Please run the Driver Verifier according to the instructions in my previous post and upload the SF_Diagnostic Log file once you get some BSOD's with the Driver Verifier enabled.

    Btw, are you overclocking or your setup is overheating by any chance?
      My System SpecsSystem Spec

  3. #13


    Posts : 12
    Windows 8.1


    Uninstalled Avira, MalwareBytes and SuperAntiSpyware but still no success. I will try doing the Driver Verifier. Thankz (How do you get the SF Diagnostic Log file btw?)

    (P.S. I was Overclocking, but turned it off to help the situation)

    I also don't really know if my setup is overheating. My CPU fan does get really loud at random moments, but then goes back to its regular sound after.
      My System SpecsSystem Spec

  4. #14


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Quote Originally Posted by blahblah52500 View Post
    Uninstalled Avira, MalwareBytes and SuperAntiSpyware but still no success. I will try doing the Driver Verifier. Thankz (How do you get the SF Diagnostic Log file btw?)

    (P.S. I was Overclocking, but turned it off to help the situation)

    I also don't really know if my setup is overheating. My CPU fan does get really loud at random moments, but then goes back to its regular sound after.
    Did you just disable the overclock? :P

    Looking forward to your update.
      My System SpecsSystem Spec

  5. #15


    Posts : 12
    Windows 8.1


    Yes I did disable the overclocking and here is the DMP file I think. Although it didnt crash with dxgmms1, it still crashed with ntoskrnl.exe... I didnt know if it was correct or not so here's the DMP files
      My System SpecsSystem Spec

  6. #16


    Posts : 12
    Windows 8.1


    It looks like there was a new reason for BSOD. This time it said DRIVER_IRQL_NOT_LESS_OR_EQUAL (tap0909.sys) or something) DMP:
      My System SpecsSystem Spec

  7. #17


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Did you follow this guide?
    [Outdated] XINGCODE BYPASS for INJECTORS - MPGH - MultiPlayer Game Hacking & Cheats

    Please run GMER from this **LINK** and post back the results.

    Here is a bit more information on the tap0909.sys driver :-

    Driver Reference Table - tap0901.sys

    Since, most of your earlier dump files were related to Direct X, could you see that if the BSOD's are still occuring if the GPU is removed? (I still see presence of the AODDriver2.sys in your latest dump file, please deal with it).
      My System SpecsSystem Spec

  8. #18


    Posts : 12
    Windows 8.1


    I did the XINGCODE Bypass and I will try it out right now. For the GMER, here is the scan

    GMER 2.1.19357 - GMER - Rootkit Detector and Remover
    Rootkit scan 2014-07-08 16:38:51
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST3500413AS rev.HP64 465.76GB
    Running: gmer.exe; Driver: C:\Users\BLAHB_~1\AppData\Local\Temp\uwldqpow.sys




    ---- User code sections - GMER 2.1 ----


    .text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
    .text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
    .text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
    .text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
    .text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
    .text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
    .text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
    .text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2084] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffa45eb1f6a 4 bytes {JMP 0x47}
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2084] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffa45eb1f82 4 bytes {JMP 0x47}


    ---- Devices - GMER 2.1 ----


    Device \Driver\KProcessHacker2 \Device\KProcessHacker2 fffff800108ce008


    ---- Threads - GMER 2.1 ----


    Thread C:\Windows\system32\csrss.exe [588:608] fffff96000aabb90
    Thread C:\Windows\syswow64\wwahost.exe [6224:6316] 000000007549a797
    Thread C:\Windows\syswow64\wwahost.exe [6224:6368] 000000006952a172
    Thread C:\Windows\syswow64\wwahost.exe [6224:1016] 00000000754946ea
    Thread C:\Windows\syswow64\wwahost.exe [6224:6428] 00000000753c8244
    Thread C:\Windows\syswow64\wwahost.exe [6224:6288] 000000005e48e82a
    Thread C:\Windows\syswow64\wwahost.exe [6224:6436] 000000005e4ef891
    Thread C:\Windows\syswow64\wwahost.exe [6224:2128] 000000005e48e769
    Thread C:\Windows\syswow64\wwahost.exe [6224:6396] 000000005e4ef891
    Thread C:\Windows\syswow64\wwahost.exe [6224:6348] 000000005e4ef891
    Thread C:\Windows\syswow64\wwahost.exe [6224:4140] 0000000075e11174
    Thread C:\Windows\syswow64\wwahost.exe [6224:424] 0000000076ef187e
    Thread C:\Windows\syswow64\wwahost.exe [6224:1008] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:664] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:4952] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:2784] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:4044] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:5872] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:4644] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:1872] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:5456] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:6000] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:4468] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:6676] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:6748] 000000005e4ef891
    Thread C:\Windows\syswow64\wwahost.exe [6224:2828] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:2552] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:2732] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:5552] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:1972] 000000005cb64a7c
    Thread C:\Windows\syswow64\wwahost.exe [6224:7152] 000000005cb64a7c
    ---- Processes - GMER 2.1 ----


    Process C:\Users\BLAHB_~1\AppData\Local\Temp\Rar$EXa0.749\gmer.exe (*** suspicious ***) @ C:\Users\BLAHB_~1\AppData\Local\Temp\Rar$EXa0.749\gmer.exe [6772](2014-07-08 20:33:01) 0000000000400000


    ---- Disk sectors - GMER 2.1 ----


    Disk \Device\Harddisk0\DR0 unknown MBR code


    ---- EOF - GMER 2.1 ----
      My System SpecsSystem Spec

  9. #19


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    Did it say about any sign of possible rootkit activity? In the meanwhile, try the other steps and I will ask around with my seniors ^_^.
      My System SpecsSystem Spec

  10. #20


    Posts : 12
    Windows 8.1


    No it didn't say anything about rootkit activity. I also tried BF3 again and now it crashes but doesn't restart. It stays at 100% forever. Here are 4 of the DMPs. Also, when I disabled xhunter1.sys, Alliance of Valiant Arms is not working anymore
    Last edited by blahblah52500; 08 Jul 2014 at 19:28.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
BSOD ntoskrnl.exe/hal.ll (0x0000003b)
Related Threads
Dear Sir/Madam I am having trouble with my new notebook (Windows 8.1, 64bit), on which I keep getting BSOD errors. I tried solving the problem myself but I can't find any solution that eliminates the BSOD. Today I got a BSOD on startup saying: BSOD SYSTEM_SERVICE_EXCEPTION. BlueScreenView...
BSOD Win 8.1 x64 (ntoskrnl.exe) in BSOD Crashes and Debugging
hello I need help to solve this problem. tried just about everything! has become a mystery to me - And I am grateful to any assist ;)
Random BSOD Issues 0x0000003b in BSOD Crashes and Debugging
Hi all, Sorry to be annoying again, recently in the past day or two, I have had a stream of BSOD, all with random numbers, I have attached a log to this post below. Can anyone, please enlighten me up on this? It is really getting on my nerves, I really can't work out the cause. Thanks...
Solved BSOD 0x0000003B in various games in BSOD Crashes and Debugging
Hi, i recently had my power supply die and had to get a new one. Thee new one arrived two days ago and everything seemed to be running fine until i got a BSOD while playing a game and has continued to happen with a few different games. The games include CS:GO, BF4, and dark souls 2. It seems to My...
I've had BSODS since last year. The laptop has been for three RMA's with PC Specialist, in the last one they said they did a full rebuild of the system. The BIOS has been updated, RAM replaced, I've done clean reinstalls of Windows in the past. I had it back for 10 days and then yesterday it...
Solved BSOD with ntoskrnl.exe in BSOD Crashes and Debugging
Hi! :) For a couple of weeks now I'm using Windows 8.1 (upgraded from a Win 8 installation). Everything went fine until yesterday when I got my first BSOD on Win 8.1. Today it happened again. The causes seem to be the same but I hope for your analysis and help! Thanks in advance :)
BSOD - Ntoskrnl.exe in BSOD Crashes and Debugging
Hi, I have been experiencing shutdowns which I am not sure of the reason behind. I have hibernate and sleep disabled. The computer crashes andshutdown on its own. This is only happening when getting into sleep mode. It will never happen If I am working on the laptop no matter for how long. I...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook