I have three BSOD's in the last day, Need some help (ntkrnlmp.exe, hal.dll, dxgmms2.sys) Windows 10

JasonTodd616 · Jun 20, 2016

So I got three bsod's here and according to BlueScreenView the crash address is all the same "ntoskrnl.exe+1427a0" Need some help, this bsod thing is becoming quite common. Another thing to note is when playing games there are often graphical glitches where the texture flings every which way and the BSOD's mostly happen while playing games but one or two have happened while not in game.

Video drivers are up to date and I have already uninstalled using DDU and reinstalled. BIOS is also up to date. Temps are also fine, CPU goes to like 41 and GPU is around 50 - 60

I'm on Windows 10
GPU MSI R9 270x 2G
CPU AMD FX 6300
Motherboard Gigabyte 970A UD3P

Here's my mini dumps

https://www.dropbox.com/sh/s3z9mhbrobfl8j6/AADEPGvLi_ZTjqwprD9LQseRa?dl=0

EDIT: I found a couple events in event viewer

Event 10114, DriverFrameworks-UserMode
WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-DriverFrameworks-UserMode" Guid="{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}" />
<EventID>10114</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2016-06-20T23:56:35.906852900Z" />
<EventRecordID>11472</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="228" />
<Channel>System</Channel>
<Computer>JasonTodd</Computer>
<Security UserID="S-1-5-18" />
</System>
- <UserData>
- <UMDFReflectorDependencyMissing xmlns="http://www.microsoft.com/DriverFrameworks/UserMode/Event">
<Dependency>WUDFPf</Dependency>
</UMDFReflectorDependencyMissing>
</UserData>
</Event>

and

Event 219, Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\WPD\0000.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2016-06-20T23:56:35.907033900Z" />
<EventRecordID>11473</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="228" />
<Channel>System</Channel>
<Computer>JasonTodd</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="DriverNameLength">13</Data>
<Data Name="DriverName">ROOT\WPD\0000</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WudfRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>

johnbl · Jun 21, 2016

I think your most current memory dump is the one to work on, the others look like overclocking problems.
I would go ahead and delete the old memory dumps. (Run cleanmgr.exe )

----------------
third bugcheck was a bad memory address passed to directx
System Uptime: 1 days 14:38:52.729
running bf4.exe
various copies of overclocking software installed, (looks like you removed them in the last memory dump)

----------------
second bugcheck 0x124 WHEA_UNCORRECTABLE_ERROR
called by the CPU because of a cache error reading from core 4 cache bank 1
system was up 12 mins. could be overheating, just not sure.
-------------------
-looks like your system might be having some sleep issue (I would check for a BIOS update)( i checked, look like you are current on the bios version for a rev 1 motherboard)
- the date and time stamp for your storage driver has been removed, this can happen with with malware, viruses infecting the storage driver. I would start cmd.exe as an admin then run
sfc.exe /scannow
dism.exe /online /cleanup-image /restorehealth
then run a malwarebytes scan. (just in case)
you will want to update your via audio driver to the one provided by gigabyte:
http://www.gigabyte.com/products/product-page.aspx?pid=4717#dl

I would also update the usb files, one of your files is from 2014
(VIA Labs eXtensible Host Controller driver)

----------------------
note: your memory timings should be 9-9-9-24-2N
it is very common for the BIOS not to set the command rate correctly in BIOS. your RAM should have 2n or 2t clock rate not 1N or 1T
this setting can cause memory timing errors.

Often BIOS updates will fix the defaults as more vendors are added to the qualified memory list.
there can be other causes of this error but this is a common root cause.
-------------
first bugcheck was a single bit corruption while the system was running some microsoft store code.

I would confirm that your memory timings are correct in BIOS by running memtest86.

machine info:
BIOS Version F2g
BIOS Starting Address Segment f000
BIOS Release Date 10/07/2014
Manufacturer Gigabyte Technology Co., Ltd.
Product 970A-UD3P
Processor Version AMD FX(tm)-6300 Six-Core Processor
Processor Voltage 8dh - 1.3V
External Clock 200MHz
Max Speed 4200MHz
Current Speed 4200MHz

memory:
Speed 800MHz
Part Number F3-12800CL9-4
http://www.gskill.com/en/product/f3-12800cl9d-4gbxl

JasonTodd616 · Jun 21, 2016

johnbl :

So I ran sfc.exe scannow and no errors came up and dism said everything was good too. I did a full scan with malwarebytes and it found a pup file which was just a registry key from driver agent that I previously deleted. I updated the audio drivers with the ones from gigabyte and with the usb drivers I believe a couple of their files are actually from 2014 because when downloading them they say last edited like 11/8/2014 or something unless I should get drivers from not my motherboards site.. So far so good though.. Will update if more errors.

I ran memtest for 2 hours and no errors came up but I want to run again tonight while i'm sleeping so it can go longer. Memtest said my ram was 9-9-9-24 and I also checked in the BIOS afterwards and it's at 9-9-9-24 2N.

I did also reset the bios to default settings so hopefully that might fix something too.

That Microsoft store code bit error that you mentioned i've been seeing a lot of microsoft windows related things in event viewer, most of them I fixed a couple days ago but there is this one that keeps showing up upon every system restart

Event 10016, DistributedCOM

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T03:14:57.005474500Z" />
<EventRecordID>11813</EventRecordID>
<Correlation />
<Execution ProcessID="892" ThreadID="2432" />
<Channel>System</Channel>
<Computer>JasonTodd</Computer>
<Security UserID="S-1-5-21-3702806893-2623672944-1550618358-1001" />
</System>
- <EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data>
<Data Name="param5">{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data>
<Data Name="param6">JasonTodd</Data>
<Data Name="param7">Jason</Data>
<Data Name="param8">S-1-5-21-3702806893-2623672944-1550618358-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy</Data>
<Data Name="param11">S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742</Data>
</EventData>
</Event>

johnbl · Jun 22, 2016

the microsoft store corruption could be saved on disk. The code would check for corruption on each load and refuse to run if found to be modified. You might try and clear your microsft store cache and see if that helps. Generally, with random corruptions the second copy will not have the corruption. (these corruption can also come from network drivers, sata controllers/drivers and firmware bugs in solid state drives)

http://www.thewindowsclub.com/reset-windows-store-cache
-------------
the error log refers to cortona
it should be unrelated to any bugcheck. I have error logs for cortona but I rarely use it since my microphone is not plugged in most of the time.

bugchecks come from errors in device drivers, device drivers talk to the hardware. Cortona is a app and should not directly cause a bugcheck.

JasonTodd616 · Jun 22, 2016

johnbl :

Okay, so I cleared the windows store cache and all of that is good. I also decided to uninstall the MSI Gaming App just in case as well but I got another BSOD today and this one is a Memory Management error, this is the minidump

https://www.dropbox.com/sh/3cbftc78ieb4ewi/AADJYhVKD5Wsjt2vvrHGoHTYa?dl=0

johnbl · Jun 22, 2016

the bugcheck was in memory management but with a undocumented error code.
error code=61941

svchost.exe was the process but it is a generic one.

you are going to have to find out which svchost.exe is messing up

minidumps and kernel dumps don't have the user mode code. only full memory dumps would.

JasonTodd616 · Jun 25, 2016

johnbl :

I was literally about to set this thread as solved but then another BSOD, Driver IRQL Not Less Or Equal. Here's the minidump.

https://www.dropbox.com/sh/4q5ait7p3sk0bti/AADMlWcLvbp1AlThAv0dT-xsa?dl=0

I do have a full dump but it's about 8gb's but I can try to upload it if that will help more. Also thank you tons for the help you have given already, it has helped me make a lot of progress.

johnbl · Jun 26, 2016

it was some service rolled up under a generic service controller host. svchost.exe
it tried to access a bad memory address ( address = 0) the system shutdown with a bugcheck.

this is most likely not a microsoft service, it will be a 3rd party service.
normally you would go into control panel and turn of some 3rd party services and attempt to figure out which one is the cause.

I would use https://technet.microsoft.com/en-us/sysinternals/processexplorer
process explorer and expand each service host entry, figure out which ones were not microsoft services and focus on either stopping any 3rd party service that was suspect.

what the service host is. It allows someone to run any app as a service in the background without any user control.
Nice for malware and virus writers.

here is info on how to find out what service is running under a host.
http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/

(basically, you have to figure out what service failed, then find out if you want it, if you do you have to find out why it failed otherwise you disable the service)

you can also zip up your full memory dump and I can see if i can get the name of the actual file being run.

JasonTodd616 · Aug 11, 2016

johnbl :

I missed your last line for some reason but it's been a bit and I havn't had a crash since so i'm assuming this issue got fixed through these methods, I should of documented everything I did because I don't really know exactly how it was fixed but I have no more crashes. Thank you for the support! I will definitely come back if I get more but for now I will mark this solved

Search

I have three BSOD's in the last day, Need some help (ntkrnlmp.exe, hal.dll, dxgmms2.sys) Windows 10

JasonTodd616

Commendable

johnbl

johnbl

Polypheme

JasonTodd616

Commendable

johnbl

Polypheme

JasonTodd616

Commendable

johnbl

Polypheme

JasonTodd616

Commendable

johnbl

Polypheme

JasonTodd616

Commendable

TRENDING THREADS

Latest posts

Moderators online

Share this page