[Win8.1] BSOD keeps coming back

[Rick]

~ someone already tried to help me here, so I'll just copy and paste. Hopefully someone can help me further here :) (url = [Help - Other] Blue Screen keeps coming back)

Post 1:
Hey,


Since a few months I've been experiencing the blue screen SYSTEM_SERVICE_EXCEPTION and NTFS_FILE_SYSTEM.
The reason behind them is the file 'ntoskrnl.exe' and also 'Ntfs.sys' if the NTFS_FILE_SYSTEM bsod appears.


A month ago or so the bsod kept spamming me like 2 times a hour, so I decided to re install my complete computer.


What I've tried myself:
- Re install Windows
- Update and check every driver
- Memory scan
- Hard disk scan


I re installed my computer at: 27-5-2014
I'm running: Windows 8.1 Pro (Legit, no crack) on a SSD!


NTFS_FILE_SYSTEM bsod:

SYSTEM_SERVICE_EXCEPTION bsod (I had this one the most before I re installed my PC):

I Google'd my *** off, but couldn't find anything to resolve to problem.


If you need additional information about my PC, feel free to ask. I just want to get rid of this annoying bsod.


- Rick


Post 2: He asked me to do several tests
Results
HDTune: Looks good, no errors(?), SSD is healthy. Do I need to test HDD as well?

CHKDSK: No Idea what went wrong and what went good, fell asleep :3. But it did finish :)
Memtest: I've no idea what what means, but maybe you do xd:

Post 3: 'Health' tab in HDTune

SSD:

HDD:

Post 4: My .dmp files
Had 4 so far:
http://puu.sh/9pa1Z.zip

His response to Post 4:
I debugged the .dmp files but they all reference to something different.
061114-10984-01.dmp > nt > ntkrnlmp.exe > process searchindexer
061114-11203-01.dmp > dxgkrnl.sys > process league of legends
061114-11875-01.dmp > nt > ntkrnl.exe > process pokki.exe
061114-11984-01.dmp > luafv.sys
I still think there's something wrong with your memory, your best bet is to go to this forum: https://www.sysnative.com/forums/bsod...nel-debugging/


Post 5: My response to him
My 2 memory slots (2x 4gb) are maybe already 4 years old, I've never upgraded them. Maybe it is time to do that?


dxgkrnl.sys > League of Legends, almost every first bsod of the day happens when I play League. After that, they randomly appear every now and then.
Pokki.exe > replacement for the Windows button, to get the old menu back (http://puu.sh/9pddK.jpg)
The other 2 I've no idea how/what.

Hopefully someone can help me further with this all this information, if more needed, feel free to ask!

Regards,

Rick


-- Additional information from Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 & Vista :
1A: AutoRuns => http://puu.sh/9pfnV.arn
1B: http://puu.sh/9pfw6.zip
*I don't really understand what what does and how so, so please. If you need something else, ask me :3

 

[Patrick]

re: BSOD keeps coming back - Windows 8.1

Hi,

Your output folder contains no crash dumps. Please manually navigate to C:\Windows\Minidump and zip up all the crash dumps there, and then attach the zip to your next post please.

Regards,

Patrick

 

[Rick]

re: BSOD keeps coming back - Windows 8.1

Hi,

Your output folder contains no crash dumps. Please manually navigate to C:\Windows\Minidump and zip up all the crash dumps there, and then attach the zip to your next post please.

Regards,

Patrick

There you go, just had another one and 4 from a few hours back!

 

[Patrick]

re: BSOD keeps coming back - Windows 8.1

Thanks!

We have two consistent bug checks:

SYSTEM_SERVICE_EXCEPTION (3b)

This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.

BugCheck 3B, {c0000005, fffff801dbd32c02, ffffd00021548d90, 0}

4: kd> ln fffff801dbd32c02
(fffff801`dbd32bf0)   [COLOR=#ff0000]nt!KxWaitForLockOwnerShip+0x12[/COLOR]   |  (fffff801`dbd32c38)   nt!ObReferenceObjectSafe

The exception occurred in nt!KxWaitForLockOwnerShip+0x12.

We're likely dealing with a deadlock here.

NTFS_FILE_SYSTEM (24)

This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives.

One possible cause of this bug check is disk corruption. Corruption in the NTFS file system or bad blocks (sectors) on the hard disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to disk, thus causing the error.

Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.

BugCheck 24, {b500190637, ffffd00026d3d8a8, ffffd00026d3d0b0, fffff800de0e5c1c}

4: kd> .exr 0xffffd00026d3d8a8
ExceptionAddress: fffff800de0e5c1c ([COLOR=#4b0082]nt!KxWaitForLockOwnerShipWithIrql+0x0000000000000014[/COLOR])
   ExceptionCode: [COLOR=#ff0000]c0000005 (Access violation)[/COLOR]

The access violation occurred in nt!KxWaitForLockOwnerShipWithIrql+0x0000000000000014.

Again, likely a deadlock.

4: kd> .trap ffffd000`26d3d950
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffd00026d3db30
rdx=0270000000000000 rsi=0000000000000000 rdi=0000000000000000
[COLOR=#0000cd]rip=fffff800de0e5c1c[/COLOR] rsp=ffffd00026d3dae0 rbp=ffffd00026d3db50
 r8=ffffd00026d3db80  r9=0000000000000020 r10=0000000000000020
r11=000000000000000b r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
[COLOR=#4b0082]nt!KxWaitForLockOwnerShipWithIrql+0x14[/COLOR]:
[COLOR=#0000cd]fffff800`de0e5c1c[/COLOR] 48890a          mov     qword ptr [rdx],rcx ds:02700000`00000000=????????????????

4: kd> u @rip
nt!KxWaitForLockOwnerShipWithIrql+0x14:
fffff800`de0e5c1c 48890a          mov     qword ptr [rdx],rcx
fffff800`de0e5c1f 4d85c0          test    r8,r8
fffff800`de0e5c22 7410            [COLOR=#4b0082]je[/COLOR]      [COLOR=#4b0082]nt!KxWaitForLockOwnerShipWithIrql+0x2c[/COLOR] (fffff800`de0e5c34)
fffff800`de0e5c24 440f20c2        mov     rdx,cr8
fffff800`de0e5c28 410fb600        movzx   eax,byte ptr [r8]
fffff800`de0e5c2c 440f22c0        mov     cr8,rax
fffff800`de0e5c30 418810          mov     byte ptr [r8],dl
fffff800`de0e5c33 fb              sti

---

Hard to say whether it's a driver holding a lock and causing a deadlock, or if this is a hardware issue. We'll need to go one step at a time.

1. Uninstall Glary Utilities ASAP, I've seen it cause a ton of issues lately.

2. Ensure your SSD firmware is 100% up to date via the manufacturers website.

3. If the above fails, please enable Driver Verifier so we can see whether or not a 3rd party driver is holding a lock:

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users

Regards,

Patrick

 

[Rick]

re: BSOD keeps coming back - Windows 8.1

1. Uninstall Glary Utilities ASAP, I've seen it cause a ton of issues lately.
Done!

2. Ensure your SSD firmware is 100% up to date via the manufacturers website.
I've updated my SSD firmware again, did this 2 weeks ago as well after a friend recommended me this to do (products)
>

3. If the above fails, please enable Driver Verifier so we can see whether or not a 3rd party driver is holding a lock:
I enabled it for 24 hours.


Now I wait for the next bsod to appear I guess(?). Until then, thank you!

 

[Rick]

re: BSOD keeps coming back - Windows 8.1

Also, after 24 hours I just go to cmd and type in "verifier /reset" followed by a reboot to disable it?
Any other tips to prevent this in the future? :)

 

[Patrick]

re: BSOD keeps coming back - Windows 8.1

Correct regarding disabling it.

Any other tips to prevent this in the future?

By 'this' I presume you mean the BSOD? Well, we'll need to wait and see what's causing it first! :grin1:

Regards,

Patrick

 

[Rick]

re: BSOD keeps coming back - Windows 8.1

Correct regarding disabling it.

Any other tips to prevent this in the future?

By 'this' I presume you mean the BSOD? Well, we'll need to wait and see what's causing it first! :grin1:

Regards,

Patrick

My PC just shutted down randomly w/o a blue screen. Was watching a video in full screen, tabbed out and my pc randomly rebooted.
Any idea how to check what happened?

 

[jcgriff2]

Re: BSOD keeps coming back - Windows 8.1

My PC just shutted down randomly w/o a blue screen. Was watching a video in full screen, tabbed out and my pc randomly rebooted.
Any idea how to check what happened?

The PC shutting down without a Blue Screen could be a power issue.

Can you swap out the PSU?

 

[Rick]

Re: BSOD keeps coming back - Windows 8.1

My PC just shutted down randomly w/o a blue screen. Was watching a video in full screen, tabbed out and my pc randomly rebooted.
Any idea how to check what happened?

The PC shutting down without a Blue Screen could be a power issue.

Can you swap out the PSU?

Can't do that right now, but I just blue screened twice after starting a game (League of Legends).
Here are the .dmp files:

 

[Rick]

Re: BSOD keeps coming back - Windows 8.1

And another one :'(

 

[Rick]

Re: BSOD keeps coming back - Windows 8.1

And I add another two for now, I just go to bed. Can't use my PC this way.

 

[Patrick]

Re: BSOD keeps coming back - Windows 8.1

My PC just shutted down randomly w/o a blue screen. Was watching a video in full screen, tabbed out and my pc randomly rebooted.
Any idea how to check what happened?

The PC shutting down without a Blue Screen could be a power issue.

Can you swap out the PSU?

Can't do that right now, but I just blue screened twice after starting a game (League of Legends).
Here are the .dmp files:

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

4: kd> k
Child-SP          RetAddr           Call Site
ffffd001`094e4948 fffff803`3c9ebae9 nt!KeBugCheckEx
ffffd001`094e4950 fffff803`3c9ea33a nt!KiBugCheckDispatch+0x69
ffffd001`094e4a90 fffff801`3fedc7db nt!KiPageFault+0x23a
ffffd001`094e4c20 fffff801`3fe7c755 dxgkrnl!DXGCONTEXT::Render+0x5fc8b
ffffd001`094e5770 fffff803`3c9eb7b3 dxgkrnl!DxgkRender+0x325
ffffd001`094e5a80 00000000`776977fa nt!KiSystemServiceCopyEnd+0x13
00000000`0e31e4e8 00000000`00000000 0x776977fa

At the time of the crash here we're generating a direct memory access (DMA) buffer from the command buffer that the user-mode display driver passed. With that said, at this point:

1 - Faulty RAM (Memtest).

2 - Faulty GPU (remove video card and either use integrated for testing or a secondary video card).

3 - Faulty PSU as suggested above.

4 - Faulty motherboard if all of the above fail.

Regards,

Patrick