Windows 8.1 x64 always Bsod (usually around 7-8 per day)

[reignandbongao]

Hello, my computer always Blue screens ever since I changed my Os from Windows 8.1 32bit to Windows 8.1 64bit.

The usual message while crashing are "Nfts File System", "Memory Management", "IRQL not less or Equal", "Watchdog Violation", "Bad Pool Header", "Kernel Mode Exception Not Handled". With "Nfts File System", "Memory Management" and "Bad Pool Header" being the most common cause for me.

I already did a memtest that said nothing was wrong, I scanned my computer for viruses and malware to no avail, I chkdsk'ed my primary and secondary hard drive. And lastly a few minutes before I wrote this thread I refresh my windows, so far no blue screens as of yet

Like my thread titles says, I usually get 7-8 blue screens per day. With some days having ten or more. The things I'm doing before Blue Screening are as follow: ps2 emulation, using Mozilla Firefox (which always crashes for some reason), medium to heavy gaming, Autodesk sketchbook while screen capturing with obs, waiting for a download in Utorrent, idle in the desktop (doing nothing), Video editing with Sony Vegas, and just restarting from an earlier Blue screen!!!.

I think that maybe that the problem is windows itself, or one of my hard drive (I have 3 hdd's connect to my Mobo by the way). hope that it could be fixed, thanks in advance whoever answered.

 

[cin19]

Refresh the 8.1 windows that is good try, because you did the memory test so the problem may from other hardware or device drivers.
Also try to unplug other HDDs, update the windows updates, chipset driver from intel or AMD, or use Driver Booster 2 to update all other drivers, even the MB BIOS, after that to see your PC works fine or not. If it is fine plug back one HDD to see the PC will work or not, then do the same for other HDD.

intel chipset driver https://downloadcenter.intel.com/download/20775
AMD chipset driver http://support.amd.com/en-us/download/chipset?os=Windows%208%20-%2032
Driver Booster 2 http://download.cnet.com/Driver-Booster-2/3000-18513_4-75992725.html?tag=main;pop

 

[johnbl]

for windows 8.x you would want to start by running cmd.exe as an admin
then run
sfc.exe /scannow
confirm it fixes any errors if there are errors it can not fix then run:

dism.exe /online /cleanup-image /restorehealth

it will repair files from a known good copy on the internet.

if nothing was found or repaired it is best to have someone look at your memory dumps.
you can place the memory dumps on a server and post a link.
memory dumps are located in c:\windows\minidumps and have a file extension of .dmp by default.
you can copy them to any cloud server you have access to and give the public access an post a link.

for problems related to a bad pool header or memory corruption often you will have to turn on verifier.exe functions to figure out the cause.
but start with putting some of the current memory dumps on a server.

 

[reignandbongao]

https://drive.google.com/folderview?id=0BzXXmPmQTP4AfkVhbmxqZWNNNEtaeWR0V3otODc2akJ1NFJHclJDaUdVVGpVQWNaLWpJV1k&usp=sharing
Here's the link for the dmp. files. The dmp. files in my drive are only from today and yesterday.

So far I updated my Intel chipset driver, used Driver Booster (I didn't see Mobo bios listed in the outdated drivers list), I also did "sfc.exe /scannow" and " dism.exe /online /cleanup-image /restorehealth" on cmd. So far it only blue screened twice huge improvement over yesterday. thank you all for your help so far.

The two Bsod I had today were "Memory Management" and "IRQL not less or Equal". After googling it I found out the "IRQL not less or Equal" is cause by anti-viruses conflicting with the memory addresses on my PC, is this the case? can anyone confirm if this is valid or not?

And about "Memory Management" I think have an idea on why this is happening. I have 8gb (2x4gb) of ram, 1 Generic 4gb one, and one Hyperx fury 4gb one. I believe that both are on different timings and latencies. could that be the cause of my problem? Later I will try removing one of my ram modules, see if it blue screens. Then do the same for the other one.

Once again thanks for your help.

 

[cin19]

For "IRQL not less or Equal" error, more info from Microsoft https://msdn.microsoft.com/en-us/library/windows/hardware/ff560129(v=vs.85).aspx For "Memory Management" , that is ram problem, like you said, try the RAM one by one , when you mix two RAM with different timings then they will cause problem sometime. You can either go into the memory section in the BIOS manually set the timing and speed, etc. or if the PC ( MB and RAM ) does support XMP profile you can try that, otherwise try buy other set RAM.

For update the BIOS, you have to go to MB manufacturer to download.

 

[johnbl]

you have 3 modified storage drivers, remote software installed and a hacking tool installed.
I would guess you now have a virus infection of your storage driver.

I would start cmd.exe as an admin, run
sfc.exe /scannow
confirm it fixes all files, if not then run
dism.exe /online /cleanup-image /restorehealth

this will go to a microsoft server and try to get clean copies of the files.

after it completes, reboot and run the
sfc.exe /scannow command again and make sure your files are not corrupted again. (malware often undoes the fixes after you fix them)

If you did not install logmein and windivert i would remove them.
it looks like you already did a malwarebytes scan but you might want to do a rootkit scan

---------
remove hack program:
fffff800`03dd2000 fffff800`03ddf000 WinDivert.sys

network packet injector, can be used by malware to steal accounts from you or maybe used for game cheat software.
remove it until you figure out your problem.

driver PCIIDEX.sys PCI IDE Bus Driver Extension from windows update and
Generic PCI IDE Bus Driver pciide.sys seems to be modified.
ataport.SYS ATAPI Driver Extension looks to have been modified.


Note: you have remote software on your machine (make sure you installed it and want it)
(log me in software)
\SystemRoot\system32\DRIVERS\Hamdrv.sys Mon Mar 30 06:28:42 2015

machine info:
BIOS Release Date 02/25/2013
BIOS Version F3
Manufacturer Gigabyte Technology Co., Ltd.
Product H61M-DS2 3.0
Processor Version Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Processor Voltage 8ah - 1.0V
External Clock 100MHz
Max Speed 7000MHz
Current Speed 3300MHz

 

[reignandbongao]

you have 3 modified storage drivers, remote software installed and a hacking tool installed.
I would guess you now have a virus infection of your storage driver.

I would start cmd.exe as an admin, run
sfc.exe /scannow
confirm it fixes all files, if not then run
dism.exe /online /cleanup-image /restorehealth

this will go to a microsoft server and try to get clean copies of the files.

after it completes, reboot and run the
sfc.exe /scannow command again and make sure your files are not corrupted again. (malware often undoes the fixes after you fix them)

If you did not install logmein and windivert i would remove them.
it looks like you already did a malwarebytes scan but you might want to do a rootkit scan

---------
remove hack program:
fffff800`03dd2000 fffff800`03ddf000 WinDivert.sys

network packet injector, can be used by malware to steal accounts from you or maybe used for game cheat software.
remove it until you figure out your problem.

driver PCIIDEX.sys PCI IDE Bus Driver Extension from windows update and
Generic PCI IDE Bus Driver pciide.sys seems to be modified.
ataport.SYS ATAPI Driver Extension looks to have been modified.


Note: you have remote software on your machine (make sure you installed it and want it)
(log me in software)
\SystemRoot\system32\DRIVERS\Hamdrv.sys Mon Mar 30 06:28:42 2015

I installed Logmein Hamachi a while back shoud I uninstall it? I also found windivert.sys what should I do with it?
And lastly I sfc.exe / scannow said "Windows Resource Protection did not find any integrity violations."

 

[USAFRet]

7-8 blue screens a day?
Stop trying to 'fix' this badly broken install.

Start from a known good OS.
Wipe and reinstall the OS.

If it still happens, then it is a hardware issue.

 

[johnbl]

run the dism.exe command and see if it fixes anything.
if you are using logmein it should be ok, it is just a red flag if you don't know what it is for.
I would remove the network packet injector. (windivert.sys) it modifies network packets and if it makes any mistakes it can corrupt system memory.

you have 3 modified storage drivers, remote software installed and a hacking tool installed.
I would guess you now have a virus infection of your storage driver.

I would start cmd.exe as an admin, run
sfc.exe /scannow
confirm it fixes all files, if not then run
dism.exe /online /cleanup-image /restorehealth

this will go to a microsoft server and try to get clean copies of the files.

after it completes, reboot and run the
sfc.exe /scannow command again and make sure your files are not corrupted again. (malware often undoes the fixes after you fix them)

If you did not install logmein and windivert i would remove them.
it looks like you already did a malwarebytes scan but you might want to do a rootkit scan

---------
remove hack program:
fffff800`03dd2000 fffff800`03ddf000 WinDivert.sys

network packet injector, can be used by malware to steal accounts from you or maybe used for game cheat software.
remove it until you figure out your problem.

driver PCIIDEX.sys PCI IDE Bus Driver Extension from windows update and
Generic PCI IDE Bus Driver pciide.sys seems to be modified.
ataport.SYS ATAPI Driver Extension looks to have been modified.


Note: you have remote software on your machine (make sure you installed it and want it)
(log me in software)
\SystemRoot\system32\DRIVERS\Hamdrv.sys Mon Mar 30 06:28:42 2015

I installed Logmein Hamachi a while back shoud I uninstall it? I also found windivert.sys what should I do with it?
And lastly I sfc.exe / scannow said "Windows Resource Protection did not find any integrity violations."

 

[reignandbongao]

These past 3-4 days was amazing because of your help, I only had 2 Blue Screens "Driver IRQL not less or Equal" and the other one I can't seem to recall I'll update it when I remember it. What causes "Driver IRQL not less or Equal"? and how to prevent it?

Thanks as always.

 

[johnbl]

device drivers must have certain data in memory when they operate, this is a requirement because they operate at a higher priority than the windows memory manager. What happens it a bad address is given to a driver, the driver attempts to access the memory but it is not in physical memory. Normally the memory manager would swap from disk to memory and it would be ok but the driver has priority and the memory manager can not swap in the data from disk/pagefile to physical memory. Windows detects this and all it can do is shutdown the system with a bugcheck.

generally the error will be caused by a bug in the device driver (programming bug, very common) or another device driver corrupted the first device drivers data (very common). It can also be caused by incorrect BIOS settings to memory timings, or defects in the actual RAM. memtest86 is used to help find these type of problems. Memtest86 runs without winodows being loaded so if you have a memory failure you know it is not a windows driver problem and will be a ram, bios or physical machine problem.

finding corruptions cause by drivers takes a little more effort:
you remove any overclocking from your system so you can get consistent results. IE reset or update the BIOS, remove any software that overclocks the GPU and CPU.

you then confirm your files are not corrupted (system file checker utility helps)
run malwarebytes test because malware can modify files in memory and inject bad memory addresses.

if you still have the problem you then
start cmd.exe as an admin and run
verifier.exe /standard /all
and change your memory dump type from minidump to kernel memory dump
https://www.sophos.com/en-us/support/knowledgebase/111474.aspx

then you reboot your system, verify.exe will tell the system to look for drivers that are corrupting memory or just doing things incorrectly and will bugcheck the system if it finds a problem. the memory dump file produced should list the name of the driver.
the kernel memory dump will write extra debug info, error logs and more data about the problem so the problem can be figured out. Minidumps don't provide the info.

Most often the bad driver will be a OEM driver that is not supplied to microsoft for distribution via windows update.
most network driver updates, motherboard drivers, custom SATA drivers, overclocking drivers, custom USB drivers drivers for bluetooth. Drivers for any custom hardware(usb mouse drivers), virus scanners,...

These past 3-4 days was amazing because of your help, I only had 2 Blue Screens "Driver IRQL not less or Equal" and the other one I can't seem to recall I'll update it when I remember it. What causes "Driver IRQL not less or Equal"? and how to prevent it?

Thanks as always.

 

[reignandbongao]

device drivers must have certain data in memory when they operate, this is a requirement because they operate at a higher priority than the windows memory manager. What happens it a bad address is given to a driver, the driver attempts to access the memory but it is not in physical memory. Normally the memory manager would swap from disk to memory and it would be ok but the driver has priority and the memory manager can not swap in the data from disk/pagefile to physical memory. Windows detects this and all it can do is shutdown the system with a bugcheck.

generally the error will be caused by a bug in the device driver (programming bug, very common) or another device driver corrupted the first device drivers data (very common). It can also be caused by incorrect BIOS settings to memory timings, or defects in the actual RAM. memtest86 is used to help find these type of problems. Memtest86 runs without winodows being loaded so if you have a memory failure you know it is not a windows driver problem and will be a ram, bios or physical machine problem.

finding corruptions cause by drivers takes a little more effort:
you remove any overclocking from your system so you can get consistent results. IE reset or update the BIOS, remove any software that overclocks the GPU and CPU.

you then confirm your files are not corrupted (system file checker utility helps)
run malwarebytes test because malware can modify files in memory and inject bad memory addresses.

if you still have the problem you then
start cmd.exe as an admin and run
verifier.exe /standard /all
and change your memory dump type from minidump to kernel memory dump
https://www.sophos.com/en-us/support/knowledgebase/111474.aspx

then you reboot your system, verify.exe will tell the system to look for drivers that are corrupting memory or just doing things incorrectly and will bugcheck the system if it finds a problem. the memory dump file produced should list the name of the driver.
the kernel memory dump will write extra debug info, error logs and more data about the problem so the problem can be figured out. Minidumps don't provide the info.

Most often the bad driver will be a OEM driver that is not supplied to microsoft for distribution via windows update.
most network driver updates, motherboard drivers, custom SATA drivers, overclocking drivers, custom USB drivers drivers for bluetooth. Drivers for any custom hardware(usb mouse drivers), virus scanners,...

These past 3-4 days was amazing because of your help, I only had 2 Blue Screens "Driver IRQL not less or Equal" and the other one I can't seem to recall I'll update it when I remember it. What causes "Driver IRQL not less or Equal"? and how to prevent it?

Thanks as always.

Thanks, I'm doing what you suggested now. As for the other Blue screen I had yesterday I remembered it was something along the lines of "System Thread Exception" or something close to that.

Update: Help! my computer is stuck on a blue screen loop. I get the "Special Pool Detected Memory Corruption" blue screen then after restart around 1 minute I get the "Special Pool Detected Memory Corruption" again.

Update #2: Removing my cheap-o 4GB ram seem to solve the "Special Pool Detected Memory Corruption" Blue screen loop. But for some reason Cpu usage is always at 98% even in idle and can't do basic stuff like using Mozilla. I'm suspecting this is cause by a virus/malware, fortunately I can still use my anti-virus and malwarebytes. Will refreshing windows help? any suggestions?

Update #3: Refreshing Windows did help, my computer is seems normal... well except having 4GB of ram instead of 8GB.