Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, February 13, 2018 9:27 AM
Hi,
I'm having a bit of trouble finding the cause of this blue screen on a HP ProBook 450 G4 with Windows 10 Pro installed. I have removed any recently installed windows updates, installed all the latest drives from HP website which i could find, ran the HP hardware diagnostic utility which didn't find any issues and removed any installed applications which were not needed. A sfc and a chkdsk didn't find any issues so i'm a bit stuck on what to try next. The BSOD happens randomly and not very frequently so i usually have to wait some time in between making changers before it happens again. Any help or suggestion on what i can try would be greatly appreciated.
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff39ccc029f99, Address of the instruction which caused the bugcheck
Arg3: ffffdf0251bbeed0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 16299.15.amd64fre.rs3_release.170928-1534
SYSTEM_MANUFACTURER: HP
SYSTEM_PRODUCT_NAME: HP ProBook 450 G4
SYSTEM_SKU: Y8A23ET#ABU
BIOS_VENDOR: HP
BIOS_VERSION: P85 Ver. 01.14
BIOS_DATE: 01/22/2018
BASEBOARD_MANUFACTURER: HP
BASEBOARD_PRODUCT: 8231
BASEBOARD_VERSION: KBC Version 42.6D
DUMP_TYPE: 1
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff39ccc029f99
BUGCHECK_P3: ffffdf0251bbeed0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
win32kbase!DirectComposition::CEvent::`scalar deleting destructor'+9
fffff39c`cc029f99 488b4908 mov rcx,qword ptr [rcx+8]
CONTEXT: ffffdf0251bbeed0 -- (.cxr 0xffffdf0251bbeed0)
rax=0000000000000000 rbx=0008000000000000 rcx=0008000000000000
rdx=ffffa701489d20a0 rsi=fffff3c5c0007d90 rdi=fffff3c5c3ee4638
rip=fffff39ccc029f99 rsp=ffffdf0251bbf8c0 rbp=fffff3c5c0007d90
r8=ffffdf0251bbf558 r9=7fffa701489d20a0 r10=7ffffffffffffffc
r11=0000000000000001 r12=fffff3c5c4feb890 r13=0000000000000000
r14=fffff3c5c4255220 r15=fffff3c5c3ee43e0
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
win32kbase!DirectComposition::CEvent::`scalar deleting destructor'+0x9:
fffff39c`cc029f99 488b4908 mov rcx,qword ptr [rcx+8] ds:002b:00080000`00000008=????????????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: a98
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: 9
CPU_MICROCODE: 6,8e,9,0 (F,M,S,R) SIG: 70'00000000 (cache) 70'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: JPTWS04
ANALYSIS_SESSION_TIME: 02-13-2018 08:33:04.0435
ANALYSIS_VERSION: 10.0.16299.15 amd64fre
LAST_CONTROL_TRANSFER: from fffff39ccc0055ad to fffff39ccc029f99
STACK_TEXT:
ffffdf02`51bbf8c0 fffff39c`cc0055ad : fffff3c5`c3ee43e0 fffff3c5`c0007d90 fffff3c5`c0007d90 fffff3c5`61624344 : win32kbase!DirectComposition::CEvent::`scalar deleting destructor'+0x9
ffffdf02`51bbf8f0 fffff39c`cbff8f74 : 00000000`00000001 fffff3c5`c0007d90 fffff3c5`c4255220 fffff3c5`c0007d90 : win32kbase!DirectComposition::CApplicationChannel::~CApplicationChannel+0x1c9
ffffdf02`51bbf920 fffff39c`cc0075b3 : ffffb906`bb4cb440 fffff3c5`c38f3002 ffffb906`bb4cb440 fffff3c5`00000000 : win32kbase!DirectComposition::CApplicationChannel::`vector deleting destructor'+0x14
ffffdf02`51bbf950 fffff39c`cc009e5c : fffff3c5`c38f3010 00000000`0001f380 00000000`00000000 00000000`00000000 : win32kbase!DirectComposition::CConnection::ConfirmFrame+0x243
ffffdf02`51bbf9a0 fffff802`183f3553 : 00000000`00000004 00000000`00000000 fffff3c5`c0007d90 fffff3c5`c38f3010 : win32kbase!NtDCompositionConfirmFrame+0x1cc
ffffdf02`51bbfa00 00007ffb`04173404 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000081`2e4ff258 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`04173404
THREAD_SHA1_HASH_MOD_FUNC: 87d852947757b4d49cea108efec182b3d903c335
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 436523f432356a0ee1707d2c9e7adeefadec2142
THREAD_SHA1_HASH_MOD: 96c6557a2509482ea824a36ec3f8e3e3f401c56b
FOLLOWUP_IP:
win32kbase!DirectComposition::CEvent::`scalar deleting destructor'+9
fffff39c`cc029f99 488b4908 mov rcx,qword ptr [rcx+8]
FAULT_INSTR_CODE: 8498b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32kbase!DirectComposition::CEvent::`scalar deleting destructor'+9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32kbase
IMAGE_NAME: win32kbase.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.16299.125
STACK_COMMAND: .cxr 0xffffdf0251bbeed0 ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: 0x3B_win32kbase!DirectComposition::CEvent::_scalar_deleting_destructor_
BUCKET_ID: 0x3B_win32kbase!DirectComposition::CEvent::_scalar_deleting_destructor_
PRIMARY_PROBLEM_CLASS: 0x3B_win32kbase!DirectComposition::CEvent::_scalar_deleting_destructor_
TARGET_TIME: 2018-02-08T15:52:30.000Z
OSBUILD: 16299
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-12-07 21:55:32
BUILDDATESTAMP_STR: 170928-1534
BUILDLAB_STR: rs3_release
BUILDOSVER_STR: 10.0.16299.15.amd64fre.rs3_release.170928-1534
ANALYSIS_SESSION_ELAPSED_TIME: 8d9
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_win32kbase!directcomposition::cevent::_scalar_deleting_destructor_
FAILURE_ID_HASH: {9c5b4e26-3a81-4c3c-36b0-ac9a27c0da78}
Followup: MachineOwner
All replies (4)
Tuesday, February 13, 2018 9:36 AM
The SYSTEM_SERVICE_EXCEPTION bug check has a value of 0x0000003B. This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
To evaluate the BSOD please post logs for troubleshooting.
Using administrative command prompt copy and paste this whole command:
Make sure the default language is English so that the logs can be scanned and read.
https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html
The command will automatically collect the computer files and place them on the desktop.
Then use one drive or drop box to place share links into the thread for troubleshooting.
It will automatically collect these files: msinfo32, dxdiag, mini dumps, drivers hosts, install, uninstall, services, startup, event viewer files, etc.
Open administrative command prompt and copy and paste the whole command:
copy %SystemRoot%\minidump\.dmp "%USERPROFILE%\Desktop\&dxdiag /t %Temp%\dxdiag.txt© %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"® export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"® export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"
There is 1 file for you to find manually: memory dump file:
C:\Windows\MEMORY.DMP
Use file explorer > this PC > local C: drive > right upper corner search enter each of the above to find results.
Sometimes the dxdiag may need to be done manually: In the left lower corner search type: dxdiag > open all pages/tabs > allow it load for several minutes > save to desktop > post a one drive or drop box share link into the thread.
Tuesday, February 13, 2018 1:41 PM
Hi,
Many thanks for the reply. Below is the link to the MEMORY.DMP file and all the files outputted by the command you asked me to be run.
Wednesday, February 14, 2018 2:46 AM
Hi,
Due to network limitation, we can’t download and analysis your files.
Microsoft has a useful tool called WinDbg can analyze these dump files, kindly check the following link for assistance.
Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)
https://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx
Best Regards,
Tao
Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, February 14, 2018 4:41 AM | 1 vote
The BSOD dump file bugchecks were 3B and 1E
The event logs reported many corrected hardware errors related to Intel
There were 2 misbehaving hardware drivers and 1 software driver:
tmcomm.sys Mon Dec 04 02:33:02 2017 (5A25083E)
Netwtw04.sys Mon Oct 02 09:56:53 2017 (59D253B5)
igdkmd64.sys Mon Aug 14 01:13:46 2017 (59913F9A)
Perform the following steps:
The dxdiag was not submitted.
In the left lower corner search type: dxdiag > open all pages/tabs > allow it load for several minutes > save to desktop > post a one drive or drop box share link into the thread.Open administrative command prompt and type or copy and paste:
sfc /scannow
dism /online /cleanup-image /restorehealth
chkdsk /scan
When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread
Uninstall Trend Micro:
https://esupport.trendmicro.com/en-us/home/pages/technical-support/maximum-security/1115650.aspx?referral=1104855Turn on Windows Defender
Trend Micro can be reinstalled in 2 weeks if there are no BSOD. If there are BSOD after reinstalling the AV software > find an alternative AV. If there are no BSOD then continue using the AV software.
Update: Netwtw04.sys
Intel(R) Dual Band Wireless-AC 7265
Updating a driver: https://answers.microsoft.com/en-us/windows/wiki/windows_10-update/updating-a-driver/a5e6345e-af9b-4099-bef0-8d22254aa1c1Update: igdkmd64.sys
Intel(R) HD Graphics 620
Updating a driver: https://answers.microsoft.com/en-us/windows/wiki/windows_10-update/updating-a-driver/a5e6345e-af9b-4099-bef0-8d22254aa1c1Run memtest86+ version 5.01 for at least 8 passes.
http://www.memtest.org/
This may take hours so plan to run it overnight.
a) Please make sure you use the Memtest86+ version 5.01 with the link below.
http://www.memtest.org/
The testing is done not by time but by passes.
The more passes the better.
There are a significant number of false negatives if fewer than 8 passes are made.
A false negative is a test pass when there is malfunctioning RAM.
There is 8 GB of RAM on the computer.
Memtest86+ version 5.01 testing takes approximately 1 - 2 hours /GB RAM
Just 1 error is a fail and you can abort testing.
Then test 1 RAM module at a time in the same DIMM each for 8 or more passes.
b) When Memtest86+ has completed 8 or more passes use a camera or smart phone camera to take a picture and post an image into the thread.
https://answers.microsoft.com/en-us/windows/wiki/windows_10-update/memory-problems/21c3f63f-f570-4522-b2ef-ecc7b7ff6461
https://www.tenforums.com/tutorials/14201-memtest86-test-ram.htmlTurn off Windows fast startup:
https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.htmlThe event logs reported numerous corrected hardware errors related to:
Intel(R) 100 Series Chipset Family PCI Express Root Port #6 - 9D15
PCI\VEN_8086&DEV_9D15Choose one of the temperature monitoring software applications: Speecy, HW monitor, Speed fan:
Speccy - Free Download - Piriform: Speccy - System Information - Free
https://www.piriform.com/speccy
HWMONITOR | Softwares | CPUID: HWMONITOR | Softwares | CPUID
http://www.cpuid.com/softwares/hwmonitor.html
SpeedFan - Access temperature sensor in your computer: SpeedFan - Access temperature sensor in your computer
http://www.almico.com/speedfan.phpPlan to evaluate the Intel WHEA corrected hardware error after all of the above results are reported into the thread.
.
.
.
.
.
Event[814]:
Log Name: System
Source: iaStorA
Date: 2018-01-31T16:04:26.256
Event ID: 129
Task: N/A
Level: Warning
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: BTR367.btros.local
Description:
Reset to device, \Device\RaidPort0, was issued.
.
.
.
Event[3977]:
Log Name: System
Source: Microsoft-Windows-WHEA-Logger
Date: 2018-02-12T21:22:48.155
Event ID: 17
Task: N/A
Level: Warning
Opcode: Info
Keyword: N/A
User: S-1-5-19
User Name: NT AUTHORITY\LOCAL SERVICE
Computer: BTR367.btros.local
Description:
A corrected hardware error has occurred.
Component: PCI Express Root Port
Error Source: Advanced Error Reporting (PCI Express)
Bus:Device:Function: 0x0:0x1C:0x5
Vendor ID:Device ID: 0x8086:0x9D15
Class Code: 0x30400
The details view of this entry contains further information.
.
.
.
Event[1041]:
Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 2018-02-01T19:42:48.795
Event ID: 29
Task: N/A
Level: Error
Opcode: Info
Keyword: N/A
User: S-1-5-18
User Name: NT AUTHORITY\SYSTEM
Computer: BTR367.btros.local
Description:
Windows failed fast startup with error status 0xC00000D4.
.
.
.
Event[3900]:
Log Name: System
Source: volmgr
Date: 2018-02-12T21:17:59.337
Event ID: 161
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: BTR367.btros.local
Description:
Dump file creation failed due to error during dump creation.
.
.
.
tmcomm.sys
Trend Micro Internet Security/ Housecall scanner
http://us.trendmicro.com/us/downloads/home-and-homeoffice/
tmcomm.sys Mon Dec 04 02:33:02 2017 (5A25083E)
.
.
.
Netwtw04.sys
Intel(R) Dual Band Wireless-AC 7265
http://downloadcenter.intel.com/
Netwtw04.sys Mon Oct 02 09:56:53 2017 (59D253B5)
PNP Device ID PCI\VEN_8086&DEV_095A&SUBSYS_50108086&REV_59\A0AFBDFFFFEF693800
Last Reset 12/02/2018 21:17
Driver c:\windows\system32\drivers\netwtw04.sys (19.51.7.2, 7.29 MB (7,647,232 bytes), 17/10/2017 21:17)
netwtw04 Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit c:\windows\system32\drivers\netwtw04.sys
.
.
.
igdkmd64.sys
Intel(R) HD Graphics 620
http://downloadcenter.intel.com/Default.aspx
PNP Device ID PCI\VEN_8086&DEV_5916&SUBSYS_8231103C&REV_02\3&11583659&2&10
igdkmd64.sys Mon Aug 14 01:13:46 2017 (59913F9A)
Installed Drivers C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_54f280a3eabe2363\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_54f280a3eabe2363\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_54f280a3eabe2363\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_54f280a3eabe2363\igd12umd64.dll
Driver Version 22.20.16.4771
Driver c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_54f280a3eabe2363\igdkmd64.sys (22.20.16.4771, 12.25 MB (12,842,992 bytes), 07/09/2017 19:23)
.
.
Please remember to mark the replies as answers if they help.
.
.