BSOD ntoskrnl.exe/hal.ll (0x0000003b)

blahblah52500 · Jun 26, 2014

BSOD ntoskrnl.exe/hal.dll (0x0000003b)

Hello everyone, I've been placed with this problem for a very. VERY long time. I can't ever seem to fix this problem. I always have the ntoskrnl.exe/hall.dll, (with ntoskrnl.exe being more prominent). I've been posting uncountable threads on the Microsoft Forums, but I could never fix the problem. It mostly happens when I play games and I am convinced it is my graphics card's fault. I will list what I have done.

-Driver Verifier. (Crashed with dxgmms1.sys)
-Chkdsk /f /r
-Sfc /scannow
-Memtest86
-Uninstalled every antivirus I had and made me use Windows Defender.
-Lowered graphics.

I can never seem to solve this problem and I think it might be the hardware
(Edit: I deleted aosdriver2.sys and will see if the problem continues)

All the DMP files of it crashing:

https://onedrive.live.com/redir?res...150&authkey=!AHEPEWW2fSMojfo&ithint=file,.rar

https://onedrive.live.com/redir?res...149&authkey=!APIEpfkgCnPgqvA&ithint=file,.rar

https://onedrive.live.com/redir?res...134&authkey=!AFuZphgCssYY7kI&ithint=file,.rar

https://onedrive.live.com/redir?res...133&authkey=!AMZrv4yLIMyY6u0&ithint=file,.rar

https://onedrive.live.com/redir?res...133&authkey=!AMZrv4yLIMyY6u0&ithint=file,.rar

Please reply ASAP... I really am getting annoyed by this
Thanks in advance

-blahblah52500

(Edit2: I used the SFTool to put it in so don't use the websites link)

blueelvis · Jun 28, 2014

Hi BlahBlah & Welcome to the forums ^_^,

Below has been provided an analysis of your dump files for informative purposes :-

Code:

**************************Wed Jun 25 06:24:44.793 2014 (UTC + 5:30)**************************
Probably caused by : ntkrnlmp.exe ( nt!KxWaitForLockOwnerShip+12 )
 
BugCheck 3B, {c0000005, fffff800e1d1ec02, ffffd000acfe4730, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
 
BUGCHECK_STR:  0x3B
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  BLR.exe
 
FAILURE_BUCKET_ID:  0x3B_nt!KxWaitForLockOwnerShip
 
  BIOS Version                  1903
 
  BIOS Release Date             07/11/2013
 
  Manufacturer                  To be filled by O.E.M.
 
  Product Name                  To be filled by O.E.M.
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jun 25 06:13:26.642 2014 (UTC + 5:30)**************************
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
 
Probably caused by : ntkrnlmp.exe ( nt!KxWaitForLockOwnerShipWithIrql+14 )
 
BugCheck 1000007E, {ffffffffc0000005, fffff802e1adcc1c, ffffd0017f37ed98, ffffd0017f37e5a0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x1000007E]SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)[/url]
 
PROCESS_NAME:  System
 
BUGCHECK_STR:  AV
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  AV_nt!KxWaitForLockOwnerShipWithIrql
 
  BIOS Version                  1903
 
  BIOS Release Date             07/11/2013
 
  Manufacturer                  To be filled by O.E.M.
 
  Product Name                  To be filled by O.E.M.
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jun 25 06:11:22.367 2014 (UTC + 5:30)**************************
Probably caused by : ntkrnlmp.exe ( nt!KxWaitForLockOwnerShip+12 )
 
BugCheck 3B, {c0000005, fffff802ca8b2c02, ffffd00023306d90, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
 
BUGCHECK_STR:  0x3B
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  MsMpEng.exe
 
FAILURE_BUCKET_ID:  0x3B_nt!KxWaitForLockOwnerShip
 
  BIOS Version                  1903
 
  BIOS Release Date             07/11/2013
 
  Manufacturer                  To be filled by O.E.M.
 
  Product Name                  To be filled by O.E.M.
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jun 24 08:14:45.438 2014 (UTC + 5:30)**************************
Probably caused by : ntkrnlmp.exe ( nt!WheaReportHwError+63 )
 
BugCheck A, {ffffe000f1f9a4a8, f, 0, fffff8010d9c765b}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000000A]IRQL_NOT_LESS_OR_EQUAL (a)[/url]
 
BUGCHECK_STR:  AV
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  AV_nt!WheaReportHwError
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jun 23 03:41:01.094 2014 (UTC + 5:30)**************************
Probably caused by : dxgmms1.sys ( dxgmms1!VIDMM_GLOBAL::ReferenceDmaBuffer+1a28e )
 
BugCheck D1, {fffff80032ccbe7e, 2, 8, fffff80032ccbe7e}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000D1]DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)[/url]
 
BUGCHECK_STR:  AV
 
DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
 
PROCESS_NAME:  watch_dogs.exe
 
FAILURE_BUCKET_ID:  AV_VRF_CODE_AV_PAGED_IP_dxgmms1!VIDMM_GLOBAL::ReferenceDmaBuffer
 
  BIOS Version                  1903
 
  BIOS Release Date             07/11/2013
 
  Manufacturer                  To be filled by O.E.M.
 
  Product Name                  To be filled by O.E.M.
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

Below is a list of 3rd party drivers which are installed over your system :-

Code:

**************************Wed Jun 25 06:24:44.793 2014 (UTC + 5:30)**************************
[B][U]SASKUTIL64.SYS              Wed Jul 13 02:30:01 2011 (4E1CB5D1)[/U][/B]
[B][U]SASDIFSV64.SYS              Fri Jul 22 04:33:00 2011 (4E28B024)[/U][/B]
[U][B]PxHlpa64.sys                Mon Oct 17 19:59:34 2011 (4E9C3BCE)[/B][/U]
GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
Rt630x64.sys                Fri May 10 15:29:08 2013 (518CC4EC)
dump_storahci.sys           Thu Aug 22 17:10:39 2013 (5215F8B7)
[B][U]mbam.sys                    Wed Oct 30 21:41:45 2013 (52712FC1)[/U][/B]
AODDriver2.sys              Tue Feb 11 16:36:52 2014 (52FA044C)
usbfilter.sys               Mon Feb 17 11:53:43 2014 (5301AAEF)
AMDACPKSL.SYS               Wed Mar 12 05:19:44 2014 (531FA118)
AtihdWB6.sys                Wed Mar 12 05:20:02 2014 (531FA12A)
atikmpag.sys                Fri May 23 06:41:53 2014 (537EA059)
atikmdag.sys                Fri May 23 07:16:07 2014 (537EA85F)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jun 25 06:11:22.367 2014 (UTC + 5:30)**************************
[COLOR=#ff0000][B][U]xhunter1.sys                Fri May 30 00:44:21 2014 (5387870D)[/U][/B][/COLOR]
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jun 24 08:14:45.438 2014 (UTC + 5:30)**************************
hiber_storport.sys          Thu Aug 22 17:10:18 2013 (5215F8A2)
xusb22.sys                  Tue Mar 18 13:48:41 2014 (53280161)
X6va019                     Thu May  8 10:20:08 2014 (536B0D00)

http://www.carrona.org/drivers/driver.php?id=SASKUTIL64.SYS
http://www.carrona.org/drivers/driver.php?id=SASDIFSV64.SYS
http://www.carrona.org/drivers/driver.php?id=PxHlpa64.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=Rt630x64.sys
http://www.carrona.org/drivers/driver.php?id=dump_storahci.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=AODDriver2.sys
http://www.carrona.org/drivers/driver.php?id=usbfilter.sys
http://www.carrona.org/drivers/driver.php?id=AMDACPKSL.SYS
http://www.carrona.org/drivers/driver.php?id=AtihdWB6.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=xhunter1.sys
http://www.carrona.org/drivers/driver.php?id=hiber_storport.sys
http://www.carrona.org/drivers/driver.php?id=xusb22.sys
X6va019 - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.

I have highlighted a driver in RED in the above driver list named as "xhunter1.sys". Now, this driver belong to the Themida Protection. You can read about how the themida protection works over here :-
Oreans Technology : Software Security Defined.

Now, this piece of protection is generally used in Anti-Piracy measures to determine if a game is hacked or not. If you are using a pirated version of a game, please uninstall the games immediately and buy games from legit sources. So, this protection generally gives the user a Blue Screen once it detects that a game has been HACKED. Please stop using any cheats and stop using software like CheatEngine etc.

Now about the remaining highlighted drivers in black. Please remove the below software :-
1. Sonic CD/DVD driver (Used by many other CD/DVD Programs as well)
2. AODDriver2.sys

Furthermore, could you please run this ESET Online Scanner? :-
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Click to expand...

[/*]
Select the option YES, I accept the Terms of Use then click on: [img=http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif][/*]
When prompted allow the Add-On/Active X to install.[/*]
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.[/*]
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications[/*]
- Scan for potentially unsafe applications[/*]
- Enable Anti-Stealth Technology[/*]
[/*]
Now click on: [img=http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif][/*]
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[/*]
When completed the Online Scan will begin automatically.[/*]
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.[/*]
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![/*]
Now click on: [img=http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif][/*]
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[/*]
Copy and paste that log as a reply to this topic.[/*]

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Also, are you this same guy over here?
ntoskrnl.exe+1500a0 BSoD crash? - Microsoft Community

blahblah52500 · Jun 28, 2014

Thanks for the really.REALLY in depth reply.

1 . About the links in red. I do usually use Cheat Engine to hack games but even when I don't hack it still crashes (e.g BF3, Alliance of Valliant Arms)
2. I didnt find a log in the ESET Scanner, but I clicked LIST OF THREATS and copied to a txt file (if thats what you're talking about)
3. Yes I am the same guy.

blueelvis · Jul 6, 2014

blahblah52500 said:
Thanks for the really.REALLY in depth reply.

1 . About the links in red. I do usually use Cheat Engine to hack games but even when I don't hack it still crashes (e.g BF3, Alliance of Valliant Arms)
2. I didnt find a log in the ESET Scanner, but I clicked LIST OF THREATS and copied to a txt file (if thats what you're talking about)
3. Yes I am the same guy.

I am extremely sorry for not replying, this just seems to skipped out of my mind

.
Anyways, I have analyzed your log file from ESET, there are potential unwanted applications in that. Furthermore, could you please remove the following software?

1. CheatEngine
2. Xbox 360 Emulator (I found this just on a simple **Google search**. Furthermore, the setup file itself contains multiple threats.)
3. Please remove this file of the above Xbox 360 Emulator file located over here :- "C:\Users\blahb_000\Downloads\XeMu360_Setup.exe" .

Also, could you try doing a manual full search on your PC for the "xhunter1.sys" and report back where you found that?

Furthermore, have you removed the software asked in my previous post?

blahblah52500 · Jul 6, 2014

Thanks so much for continuing this topic

. On to the reply.

I've removed the Emulator and CheatEngine but I still can't find the xhunter1.sys when I search my computer. I don't really know if the xhunter1.sys is hidden... but I've searched all over my Local Disk C: but cannot find anything. Looked through (Search This PC) and shows nothing....

Please reply soon!

-Felix

blueelvis · Jul 6, 2014

blahblah52500 said:
Thanks so much for continuing this topic . On to the reply.

I've removed the Emulator and CheatEngine but I still can't find the xhunter1.sys when I search my computer. I don't really know if the xhunter1.sys is hidden... but I've searched all over my Local Disk C: but cannot find anything. Looked through (Search This PC) and shows nothing....

Please reply soon!

-Felix

Hi Felix!

I really look to resolve your issue as it is very interesting and would be the first time a case like this has opened before me

Anyways, please enable hidden files by following the guide :-

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Once, you have enabled the hidden files, see if you can find the driver over here :- "C:\windows\xhunter1.sys".
Also, can you see anything named similarly as "WellBia" or "Xigncode" or something in Korean in your Add/Remove Programs list? If you have other partitions installed over your machine, then search them as well with the above keywords and for the drivers. Let me know, if you are still not able to find it or not.

blahblah52500 · Jul 6, 2014

Fixed the folder options, but still doesn't find xhunter1.sys. I do have xIGNCode in a GAME (Alliance of Valliant Arms) , but doesn't show up in my Programs list.

blueelvis · Jul 7, 2014

blahblah52500 said:
Fixed the folder options, but still doesn't find xhunter1.sys. I do have xIGNCode in a GAME (Alliance of Valliant Arms) , but doesn't show up in my Programs list.

I guess that is the problem that Xigncode. I read some threads regarding this technology and people have written that even having a vpn installed on the system would make it crash as the Xigncode detects it and says possible hack. Also, I have found a thread which seemed legit so could you please give it a try whether the problem gets solved or not?

[Outdated] XINGCODE BYPASS for INJECTORS - MPGH - MultiPlayer Game Hacking & Cheats

By the way, you could also try uninstalling Alliance Of Valiant Arms to see if it solves the problem or not.

blahblah52500 · Jul 7, 2014

I'm not sure Alliance of Valiant Arms is the problem because AVA when Xigncode detects a hack, it just shuts down the game. It hasn't really BSOD'ed much for the game tho. Plus the Xigncode only runs when I play AVA so I'm not sure if it will solve the problem.

If that were to solve the problem I probably will have more of it later. I still play a lot of high end games and I'm going to buy a lot more. I just want to know I didn't waste my money on something that doesn't work. I will uninstall AVA and try the games. I will post back to you later.

Thanks,
Felix

Edit: It still crashes

. Here is the BF3 DMP

blueelvis · Jul 7, 2014

I see that you have still not removed/dealt with the software I asked you to in my first post. Please uninstall the below software and see if the problem still occurs or not :-
1. Avira using this **TOOL**
2. MalwareBytes using this **TOOL**
3. SuperAntiSpyware using this **TOOL**

If the problem still does not solve, please follow this guide and enable the Driver Verifier and post back the dump files :-

Using Driver Verifier to identify issues with Drivers - Windows 7 Help Forums

Please read the entire guide carefully.

This time, the dxgmms is blamed which is the DirectX driver for Windows. You could try using the OEM drivers for your graphics card and see if the problems occur or not.

blahblah52500 · Jul 8, 2014

Thanks for the reply

. I've removed MalwareBytes and SAS, reinstalled the AMD Video Driver ((v14.4) the stable one) and tried BF3 again. Used the Avira removal tool but crashed before I got to it. I was just doing some digital art when I forgot to save and then crashed so now I lost my work. :C

I will keep you up to date on the situation
-Felix

Dmp:

blueelvis · Jul 8, 2014

Hi blahblah,

I have analyzed your dump file and it still says that Direct X is blamed. Below is the analysis :-

Code:

5: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff802696dfc1c, Address of the instruction which caused the bugcheck
Arg3: ffffd00057264100, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!KxWaitForLockOwnerShipWithIrql+14
fffff802`696dfc1c 48890a          mov     qword ptr [rdx],rcx

CONTEXT:  ffffd00057264100 -- (.cxr 0xffffd00057264100;r)
rax=0000000000000000 rbx=0000000000000000 rcx=ffffd00057264b80
rdx=2000000000000000 rsi=ffffe0012341f800 rdi=ffffd00057264b80
rip=fffff802696dfc1c rsp=ffffd00057264b30 rbp=ffffd00057264ba0
 r8=ffffd00057264bd0  r9=ffffd00057264c00 r10=fffff801eec61fc0
r11=fffff801eeac280f r12=0000000000000000 r13=ffffc00195d5a820
r14=0000000000000001 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010046
nt!KxWaitForLockOwnerShipWithIrql+0x14:
fffff802`696dfc1c 48890a          mov     qword ptr [rdx],rcx ds:002b:20000000`00000000=????????????????
Last set context:
rax=0000000000000000 rbx=0000000000000000 rcx=ffffd00057264b80
rdx=2000000000000000 rsi=ffffe0012341f800 rdi=ffffd00057264b80
rip=fffff802696dfc1c rsp=ffffd00057264b30 rbp=ffffd00057264ba0
 r8=ffffd00057264bd0  r9=ffffd00057264c00 r10=fffff801eec61fc0
r11=fffff801eeac280f r12=0000000000000000 r13=ffffc00195d5a820
r14=0000000000000001 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010046
nt!KxWaitForLockOwnerShipWithIrql+0x14:
fffff802`696dfc1c 48890a          mov     qword ptr [rdx],rcx ds:002b:20000000`00000000=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  dwm.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LAST_CONTROL_TRANSFER:  from fffff802696a7f64 to fffff802696dfc1c

STACK_TEXT:  
ffffd000`57264b30 fffff802`696a7f64 : ffffe001`2317b860 fffff801`ef35a528 00000000`c0000001 ffffe001`242b4010 : nt!KxWaitForLockOwnerShipWithIrql+0x14
ffffd000`57264b60 fffff801`eec7dfa2 : 00000000`00000002 ffffe001`23bfac30 ffffe001`23fbb240 00000000`00000000 : nt!ExAcquireResourceSharedLite+0x404
ffffd000`57264bd0 fffff801`eeb17c8f : 00000000`00000200 ffffd000`572654c0 00000000`00000200 ffffd000`57264d40 : dxgmms1!VIDMM_DMA_POOL::AcquireBuffer+0x52
ffffd000`57264c20 fffff801`eeb17755 : ffffc001`95eef000 00000000`00000000 00000000`00000000 ffffc001`95f83240 : dxgkrnl!DXGCONTEXT::Render+0x13f
ffffd000`57265770 fffff802`6976d7b3 : ffffe001`2341f800 ffffe001`2341f800 00000099`2dd8dcb0 fffff901`80000001 : dxgkrnl!DxgkRender+0x325
ffffd000`57265a80 00007ffe`3ac817fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000099`2dd8da98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`3ac817fa


FOLLOWUP_IP: 
dxgmms1!VIDMM_DMA_POOL::AcquireBuffer+52
fffff801`eec7dfa2 488b0b          mov     rcx,qword ptr [rbx]

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  dxgmms1!VIDMM_DMA_POOL::AcquireBuffer+52

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: dxgmms1

IMAGE_NAME:  dxgmms1.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  53183e46

IMAGE_VERSION:  6.3.9600.17041

STACK_COMMAND:  .cxr 0xffffd00057264100 ; kb

BUCKET_ID_FUNC_OFFSET:  52

FAILURE_BUCKET_ID:  0x3B_dxgmms1!VIDMM_DMA_POOL::AcquireBuffer

BUCKET_ID:  0x3B_dxgmms1!VIDMM_DMA_POOL::AcquireBuffer

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x3b_dxgmms1!vidmm_dma_pool::acquirebuffer

FAILURE_ID_HASH:  {d845d790-fd12-fe9d-3f5a-c461b3c67469}

Followup: MachineOwner
---------

Please run the Driver Verifier according to the instructions in my previous post and upload the SF_Diagnostic Log file once you get some BSOD's with the Driver Verifier enabled.

Btw, are you overclocking or your setup is overheating by any chance?

blahblah52500 · Jul 8, 2014

Uninstalled Avira, MalwareBytes and SuperAntiSpyware but still no success. I will try doing the Driver Verifier. Thankz (How do you get the SF Diagnostic Log file btw?)

(P.S. I was Overclocking, but turned it off to help the situation)

I also don't really know if my setup is overheating. My CPU fan does get really loud at random moments, but then goes back to its regular sound after.

blueelvis · Jul 8, 2014

blahblah52500 said:
Uninstalled Avira, MalwareBytes and SuperAntiSpyware but still no success. I will try doing the Driver Verifier. Thankz (How do you get the SF Diagnostic Log file btw?)

(P.S. I was Overclocking, but turned it off to help the situation)

I also don't really know if my setup is overheating. My CPU fan does get really loud at random moments, but then goes back to its regular sound after.

Did you just disable the overclock?

Looking forward to your update.

blahblah52500 · Jul 8, 2014

Yes I did disable the overclocking and here is the DMP file I think. Although it didnt crash with dxgmms1, it still crashed with ntoskrnl.exe... I didnt know if it was correct or not so here's the DMP files

blahblah52500 · Jul 8, 2014

It looks like there was a new reason for BSOD. This time it said DRIVER_IRQL_NOT_LESS_OR_EQUAL (tap0909.sys) or something) DMP:

blueelvis · Jul 8, 2014

Did you follow this guide?
[Outdated] XINGCODE BYPASS for INJECTORS - MPGH - MultiPlayer Game Hacking & Cheats

Please run GMER from this **LINK** and post back the results.

Here is a bit more information on the tap0909.sys driver :-

Driver Reference Table - tap0901.sys

Since, most of your earlier dump files were related to Direct X, could you see that if the BSOD's are still occuring if the GPU is removed? (I still see presence of the AODDriver2.sys in your latest dump file, please deal with it).

blahblah52500 · Jul 8, 2014

I did the XINGCODE Bypass and I will try it out right now. For the GMER, here is the scan

GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-07-08 16:38:51
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST3500413AS rev.HP64 465.76GB
Running: gmer.exe; Driver: C:\Users\BLAHB_~1\AppData\Local\Temp\uwldqpow.sys

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
.text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
.text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
.text C:\Windows\system32\atiesrxx.exe[892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
.text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
.text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
.text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
.text C:\Windows\system32\atieclxx.exe[388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1816] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2112] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa5029169a 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa502916a2 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffa5029181a 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3712] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffa50291832 4 bytes [29, 50, FA, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2084] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffa45eb1f6a 4 bytes {JMP 0x47}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2084] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffa45eb1f82 4 bytes {JMP 0x47}

---- Devices - GMER 2.1 ----

Device \Driver\KProcessHacker2 \Device\KProcessHacker2 fffff800108ce008

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [588:608] fffff96000aabb90
Thread C:\Windows\syswow64\wwahost.exe [6224:6316] 000000007549a797
Thread C:\Windows\syswow64\wwahost.exe [6224:6368] 000000006952a172
Thread C:\Windows\syswow64\wwahost.exe [6224:1016] 00000000754946ea
Thread C:\Windows\syswow64\wwahost.exe [6224:6428] 00000000753c8244
Thread C:\Windows\syswow64\wwahost.exe [6224:6288] 000000005e48e82a
Thread C:\Windows\syswow64\wwahost.exe [6224:6436] 000000005e4ef891
Thread C:\Windows\syswow64\wwahost.exe [6224:2128] 000000005e48e769
Thread C:\Windows\syswow64\wwahost.exe [6224:6396] 000000005e4ef891
Thread C:\Windows\syswow64\wwahost.exe [6224:6348] 000000005e4ef891
Thread C:\Windows\syswow64\wwahost.exe [6224:4140] 0000000075e11174
Thread C:\Windows\syswow64\wwahost.exe [6224:424] 0000000076ef187e
Thread C:\Windows\syswow64\wwahost.exe [6224:1008] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:664] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:4952] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:2784] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:4044] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:5872] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:4644] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:1872] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:5456] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:6000] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:4468] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:6676] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:6748] 000000005e4ef891
Thread C:\Windows\syswow64\wwahost.exe [6224:2828] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:2552] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:2732] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:5552] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:1972] 000000005cb64a7c
Thread C:\Windows\syswow64\wwahost.exe [6224:7152] 000000005cb64a7c
---- Processes - GMER 2.1 ----

Process C:\Users\BLAHB_~1\AppData\Local\Temp\Rar$EXa0.749\gmer.exe (*** suspicious ***) @ C:\Users\BLAHB_~1\AppData\Local\Temp\Rar$EXa0.749\gmer.exe [6772](2014-07-08 20:33:01) 0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

blueelvis · Jul 8, 2014

Did it say about any sign of possible rootkit activity? In the meanwhile, try the other steps and I will ask around with my seniors ^_^.

blahblah52500 · Jul 8, 2014

No it didn't say anything about rootkit activity. I also tried BF3 again and now it crashes but doesn't restart. It stays at 100% forever. Here are 4 of the DMPs. Also, when I disabled xhunter1.sys, Alliance of Valiant Arms is not working anymore

BSOD ntoskrnl.exe/hal.ll (0x0000003b)

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer

OMG Debugger!

My Computer

New Member

My Computer