need help w/ IRQL NOT LESS OR EQUAL BSOD

[huynie]

I'm not expert when it comes to BSOD so I was hoping someone can tell me what kind error am I getting and how I can fix it. File available to download below. Thanks in advance!

http://tinyurl.com/q9j6cmj

let me know if my link doesn't work.

System spec:

i5 4690k Devil's Canyon
GTX 980ti
Mobo: Asus Maximus Hero VII
RAM: G.Skill Ripjaw 2x8
PSU: Antec HCG M 850W

 

[ArAnd0mPers0n]

I'm not expert when it comes to BSOD so I was hoping someone can tell me what kind error am I getting and how I can fix it. File available to download below. Thanks in advance!

http://tinyurl.com/q9j6cmj

let me know if my link doesn't work.

System spec:

i5 4690k Devil's Canyon
GTX 980ti
Mobo: Asus Maximus Hero VII
RAM: G.Skill Ripjaw 2x8
PSU: Antec HCG M 850W

Please give me an MEMORY.DMP file instead of minidumps, if you dont know where to find them look in C:\Windows or C:\Windows\System32

 

[huynie]

Thank you for your reply. Down below are MEMORY.DMP file.

http://tinyurl.com/ogeymem

 

[ArAnd0mPers0n]

Thank you for your reply. Down below are MEMORY.DMP file.

http://tinyurl.com/ogeymem

Is your system 64 bit?

 

[ArAnd0mPers0n]

Thank you for your reply. Down below are MEMORY.DMP file.

http://tinyurl.com/ogeymem

I think there is a bad application/driver problem here or your memory is starting to fail, i am seeing that WIN8_DRIVER_FAULT was imdicating a driver of some sort, usually a rootkit virus or poorly written driver.

Why i think that is because the IMAGE_NAME in the memory dump was memory_corruption and also various memory pages are missing from the file.

 

[huynie]

Thank you for your reply. Down below are MEMORY.DMP file.

http://tinyurl.com/ogeymem

I think there is a bad application/driver problem here or your memory is starting to fail, i am seeing that WIN8_DRIVER_FAULT was imdicating a driver of some sort, usually a rootkit virus or poorly written driver.

Why i think that is because the IMAGE_NAME in the memory dump was memory_corruption and also various memory pages are missing from the file.

is there a solution? I recently reinstalled window 8.1 so I don't think rootkit virus is the problem. I'm running window x64.
I have updated the MEMORY.DMP file

http://tinyurl.com/ndnvnu2

 

[ArAnd0mPers0n]

Thank you for your reply. Down below are MEMORY.DMP file.

http://tinyurl.com/ogeymem

I think there is a bad application/driver problem here or your memory is starting to fail, i am seeing that WIN8_DRIVER_FAULT was imdicating a driver of some sort, usually a rootkit virus or poorly written driver.

Why i think that is because the IMAGE_NAME in the memory dump was memory_corruption and also various memory pages are missing from the file.

is there a solution? I recently reinstalled window 8.1 so I don't think rootkit virus is the problem. I'm running window x64.
I have updated the MEMORY.DMP file

http://tinyurl.com/ndnvnu2

still missing pages, but this time i got this:

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.

the image name is win32k.sys now, i think the solution is GWXBW8ISAPOFS (Get Windows 10 Because Windows 8 Is A Piece Of Sh*t)

It also appears that the process that caused a problem was csrss.exe Proof:


Debugging Details:
------------------


SYSTEM_SKU: All

SYSTEM_VERSION: System Version

BIOS_DATE: 02/24/2015

BASEBOARD_PRODUCT: MAXIMUS VII HERO

BASEBOARD_VERSION: Rev 1.xx

BUGCHECK_P1: fffff901407ef000

BUGCHECK_P2: 1

BUGCHECK_P3: fffff960000efb48

BUGCHECK_P4: 0

WRITE_ADDRESS: fffff901407ef000 Paged session pool

FAULTING_IP:
win32k!cjComputeGLYPHSET_MSFT_UNICODE+2df
fffff960`000efb48 8907 mov dword ptr [rdi],eax

MM_INTERNAL_CODE: 0

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5308949c

MODULE_NAME: win32k

FAULTING_MODULE: fffff96000062000 win32k

CPU_COUNT: 4

CPU_MHZ: daa

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: csrss.exe

CURRENT_IRQL: 0

ANALYSIS_VERSION: 10.0.10240.9 amd64fre

TRAP_FRAME: ffffd000c484e140 -- (.trap 0xffffd000c484e140)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000255 rbx=0000000000000000 rcx=0000000000000110
rdx=0000001cab0d010a rsi=0000000000000000 rdi=0000000000000000
rip=fffff960000efb48 rsp=ffffd000c484e2d0 rbp=0000000000001005
r8=0000000000000000 r9=0000000000000110 r10=fffff901407edf54
r11=0000001cab0cf814 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
win32k!cjComputeGLYPHSET_MSFT_UNICODE+0x2df:
fffff960`000efb48 8907 mov dword ptr [rdi],eax ds:00000000`00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80235da40e7 to fffff80235d72fa0

STACK_TEXT:
ffffd000`c484df58 fffff802`35da40e7 : 00000000`00000050 fffff901`407ef000 00000000`00000001 ffffd000`c484e140 : nt!KeBugCheckEx
ffffd000`c484df60 fffff802`35c869c9 : 00000000`00000001 ffffe000`666a3880 ffffd000`c484e140 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x20c37
ffffd000`c484e000 fffff802`35d7d22f : 00000000`00000001 00000000`0000042b 00000000`00000000 ffffd000`c484e140 : nt!MmAccessFault+0x7a9
ffffd000`c484e140 fffff960`000efb48 : 00000000`00000000 ffffe000`63a90b50 00000000`00000001 0000001c`ab0cf806 : nt!KiPageFault+0x12f
ffffd000`c484e2d0 fffff960`000f0749 : fffff901`401daa28 fffff901`407e7740 fffff901`407eb020 ffffd000`c484e440 : win32k!cjComputeGLYPHSET_MSFT_UNICODE+0x2df
ffffd000`c484e3c0 fffff960`000f136b : fffff901`401da9d0 00000000`00000001 00000000`00000001 00000000`00000000 : win32k!bLoadGlyphSet+0x91
ffffd000`c484e3f0 fffff960`000f159a : 00000000`00000001 00000000`00000001 00000000`00000000 fffff960`000bb77c : win32k!bReloadGlyphSet+0x18b
ffffd000`c484e580 fffff960`000f14f7 : fffff901`401dad10 fffff901`401da9d0 00000000`00000001 00000000`00000000 : win32k!ttfdQueryFontTree+0x66
ffffd000`c484e5d0 fffff960`000f0b1c : fffff960`000f14a8 fffff901`401dad10 00000000`00000000 00000000`00000000 : win32k!ttfdSemQueryFontTree+0x4f
ffffd000`c484e610 fffff960`00066447 : 00000000`00000000 00000000`00000000 3ff00000`00000000 00000000`00000000 : win32k!PDEVOBJ::QueryFontTree+0x6c
ffffd000`c484e6c0 fffff960`00064f36 : fffff901`4008a010 fffff901`00000000 00000000`00000000 00000000`00000000 : win32k!PFEOBJ:fdg+0xcb
ffffd000`c484e730 fffff960`0006911d : ffffe000`63c73f90 ffffd000`c484e980 ffffd000`c484ea90 ffffd000`c484e938 : win32k!RFONTOBJ::bRealizeFont+0x46
ffffd000`c484e880 fffff960`00075ece : 00000000`00d1caa0 ffffd000`c484eb80 00000000`00d1caa0 00000000`010105a7 : win32k!RFONTOBJ::bInit+0xa0d
ffffd000`c484ea40 fffff960`0006950e : 00000000`00d1caa0 fffff960`000694f0 00000000`00000000 ffffd000`c484eb80 : win32k!GreGetTextMetricsW+0x3e
ffffd000`c484ea80 fffff802`35d7e7b3 : 00000000`00000044 fffff960`000694f0 fffff901`406cd501 00000000`00000044 : win32k!NtGdiGetTextMetricsW+0x1f
ffffd000`c484eb00 00007ffc`0ff8429a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00d1ca68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : GDI32!NtGdiGetTextMetricsW+0xa


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!cjComputeGLYPHSET_MSFT_UNICODE+2df
fffff960`000efb48 8907 mov dword ptr [rdi],eax

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: win32k!cjComputeGLYPHSET_MSFT_UNICODE+2df

FOLLOWUP_NAME: MachineOwner

IMAGE_VERSION: 6.3.9600.17031

BUCKET_ID_FUNC_OFFSET: 2df

FAILURE_BUCKET_ID: AV_win32k!cjComputeGLYPHSET_MSFT_UNICODE

BUCKET_ID: AV_win32k!cjComputeGLYPHSET_MSFT_UNICODE

PRIMARY_PROBLEM_CLASS: AV_win32k!cjComputeGLYPHSET_MSFT_UNICODE

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_win32k!cjcomputeglyphset_msft_unicode

FAILURE_ID_HASH: {1073f6f0-c9e4-4a90-3d30-3d7eaaefa677}

Followup: MachineOwner
---------

I think these two may work,

1. GWXBW8ISAPOFS (Get Windows 10 Because Windows 8 Is A Piece Of Sh*t)

2. Replace the RAM

 

[johnbl]

for your second memory dump file your copy of win32k.sys is corrupted in memory.
974 errors. running windows 8 build 9600.17031 you will want to start cmd.exe as an admin and
run
dism.exe /online /cleanup-image /restorehealth
to attempt to repair your files, then run malwarebytes scan, reboot your system and
run cmd.exe as an admin and run
sfc.exe /scannow
and confirm that no corruptions exists.

this could also be a random memory corruption but win32k.sys is a common attack point for malware/virus and hack programs for pirate versions of windows.

pick up the newly released bios and windows 10 drivers from
https://www.asus.com/us/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/

new drivers for both sata controllers
----------
looking at the first minidump:
showed a memory corruption reading from the file system.
I would expect a problem in a storage driver as a potential cause.
maybe Asmedia ASM-106x Sata 6G controller
\SystemRoot\System32\drivers\asstor64.sys Thu Mar 13 20:38:20 2014
or
Intel RST (Rapid Storage Technology) driver
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014



I would remove
Asus PCProbe Utility
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

machine info:
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014
BIOS Release Date 02/24/2015
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO

 

[huynie]

for your second memory dump file your copy of win32k.sys is corrupted in memory.
974 errors. running windows 8 build 9600.17031 you will want to start cmd.exe as an admin and
run
dism.exe /online /cleanup-image /restorehealth
to attempt to repair your files, then run malwarebytes scan, reboot your system and
run cmd.exe as an admin and run
sfc.exe /scannow
and confirm that no corruptions exists.

this could also be a random memory corruption but win32k.sys is a common attack point for malware/virus and hack programs for pirate versions of windows.

pick up the newly released bios and windows 10 drivers from
https://www.asus.com/us/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/

new drivers for both sata controllers
----------
looking at the first minidump:
showed a memory corruption reading from the file system.
I would expect a problem in a storage driver as a potential cause.
maybe Asmedia ASM-106x Sata 6G controller
\SystemRoot\System32\drivers\asstor64.sys Thu Mar 13 20:38:20 2014
or
Intel RST (Rapid Storage Technology) driver
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014



I would remove
Asus PCProbe Utility
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

machine info:
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014
BIOS Release Date 02/24/2015
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO

Thank you kindly for your reply. To confirm, the issue isn't my RAM, right? And also, should I upgrade to window 10 then download the BIOS and SATA controller? I ran sfc.exe /scannow and the scan shows that I don't have an issue as of now. I still get IRQL LESS THAN EQUAL BSOD though

 

[ArAnd0mPers0n]

for your second memory dump file your copy of win32k.sys is corrupted in memory.
974 errors. running windows 8 build 9600.17031 you will want to start cmd.exe as an admin and
run
dism.exe /online /cleanup-image /restorehealth
to attempt to repair your files, then run malwarebytes scan, reboot your system and
run cmd.exe as an admin and run
sfc.exe /scannow
and confirm that no corruptions exists.

this could also be a random memory corruption but win32k.sys is a common attack point for malware/virus and hack programs for pirate versions of windows.

pick up the newly released bios and windows 10 drivers from
https://www.asus.com/us/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/

new drivers for both sata controllers
----------
looking at the first minidump:
showed a memory corruption reading from the file system.
I would expect a problem in a storage driver as a potential cause.
maybe Asmedia ASM-106x Sata 6G controller
\SystemRoot\System32\drivers\asstor64.sys Thu Mar 13 20:38:20 2014
or
Intel RST (Rapid Storage Technology) driver
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014



I would remove
Asus PCProbe Utility
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

machine info:
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014
BIOS Release Date 02/24/2015
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO

Thank you kindly for your reply. To confirm, the issue isn't my RAM, right? And also, should I upgrade to window 10 then download the BIOS and SATA controller? I ran sfc.exe /scannow and the scan shows that I don't have an issue as of now. I still get IRQL LESS THAN EQUAL BSOD though

I would first run memtestx86 or memtest64 depending if your computer is 32bit or 64bit to confirm whats wrong.

 

[ArAnd0mPers0n]

for your second memory dump file your copy of win32k.sys is corrupted in memory.
974 errors. running windows 8 build 9600.17031 you will want to start cmd.exe as an admin and
run
dism.exe /online /cleanup-image /restorehealth
to attempt to repair your files, then run malwarebytes scan, reboot your system and
run cmd.exe as an admin and run
sfc.exe /scannow
and confirm that no corruptions exists.

this could also be a random memory corruption but win32k.sys is a common attack point for malware/virus and hack programs for pirate versions of windows.

pick up the newly released bios and windows 10 drivers from
https://www.asus.com/us/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/

new drivers for both sata controllers
----------
looking at the first minidump:
showed a memory corruption reading from the file system.
I would expect a problem in a storage driver as a potential cause.
maybe Asmedia ASM-106x Sata 6G controller
\SystemRoot\System32\drivers\asstor64.sys Thu Mar 13 20:38:20 2014
or
Intel RST (Rapid Storage Technology) driver
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014



I would remove
Asus PCProbe Utility
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

machine info:
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014
BIOS Release Date 02/24/2015
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO

Did you rely on what i posted to help him out?

 

[johnbl]

system file checker only check certain core system files, not all of them. It is just a start to check for issues.

if you have windows 8.x you would run
dism.exe /online /cleanup-image /restorehealth
it will do a better job than the system file checker. Mainly because the system file checker will try to fix corrupted files by using a local backup copy in the hidden driverstore on your local machine. Malware just modifies both copies to prevent sfc.exe from doing a repair.
the dism.exe command will go to a microsoft update server and get a trusted, known good copy to replace corrupted local copies. so if you do a malwarebytes scan at the same time then malware does not undo the fixes from the sfc.exe command.

note: some malware attacks win32k.sys via the font subsystem. fix was to delete FNTCACHE.DAT file and the system would make another one. I think microsoft made a update to fix the bug about 9 or 10 months ago. Just in case your system was not updated to the current patches.

all the debugger can see is that the copy of win32k.sys was corrupted in memory at the time of the bugcheck.
I can not tell if it was corrupted on disk (use the sfc.exe to check for that) or if it was place in a bad spot in RAM.
(run memtest to test the RAM) or if malware/virus/rootkit modified win32k.sys after it was loaded into memory.
most likely) run malwarebytes, virus scan and rootkit scan.

you can even have a bad sata controller or drive that corrupts the data as it is being read into memory, I just can not tell without looking at each of the corruptions. what you will see if it is malware is the the win32k.sys will be corrupted on each boot. if that is true it is not likely to be a memory (RAM) problem because winodws will attempt to load the files into memory in a different location on each boot. RAM problems tend to corrupt different drivers on each boot for this reason.

for your second memory dump file your copy of win32k.sys is corrupted in memory.
974 errors. running windows 8 build 9600.17031 you will want to start cmd.exe as an admin and
run
dism.exe /online /cleanup-image /restorehealth
to attempt to repair your files, then run malwarebytes scan, reboot your system and
run cmd.exe as an admin and run
sfc.exe /scannow
and confirm that no corruptions exists.

this could also be a random memory corruption but win32k.sys is a common attack point for malware/virus and hack programs for pirate versions of windows.

pick up the newly released bios and windows 10 drivers from
https://www.asus.com/us/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/

new drivers for both sata controllers
----------
looking at the first minidump:
showed a memory corruption reading from the file system.
I would expect a problem in a storage driver as a potential cause.
maybe Asmedia ASM-106x Sata 6G controller
\SystemRoot\System32\drivers\asstor64.sys Thu Mar 13 20:38:20 2014
or
Intel RST (Rapid Storage Technology) driver
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014



I would remove
Asus PCProbe Utility
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

machine info:
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014
BIOS Release Date 02/24/2015
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO

Thank you kindly for your reply. To confirm, the issue isn't my RAM, right? And also, should I upgrade to window 10 then download the latest BIOS and SATA controller? I ran sfc.exe /scannow and the scan shows that I don't have an issue as of now. I still get IRQL LESS THAN EQUAL BSOD though

 

[huynie]

system file checker only check certain core system files, not all of them. It is just a start to check for issues.

if you have windows 8.x you would run
dism.exe /online /cleanup-image /restorehealth
it will do a better job than the system file checker. Mainly because the system file checker will try to fix corrupted files by using a local backup copy in the hidden driverstore on your local machine. Malware just modifies both copies to prevent sfc.exe from doing a repair.
the dism.exe command will go to a microsoft update server and get a trusted, known good copy to replace corrupted local copies. so if you do a malwarebytes scan at the same time then malware does not undo the fixes from the sfc.exe command.

note: some malware attacks win32k.sys via the font subsystem. fix was to delete FNTCACHE.DAT file and the system would make another one. I think microsoft made a update to fix the bug about 9 or 10 months ago. Just in case your system was not updated to the current patches.

all the debugger can see is that the copy of win32k.sys was corrupted in memory at the time of the bugcheck.
I can not tell if it was corrupted on disk (use the sfc.exe to check for that) or if it was place in a bad spot in RAM.
(run memtest to test the RAM) or if malware/virus/rootkit modified win32k.sys after it was loaded into memory.
most likely) run malwarebytes, virus scan and rootkit scan.

you can even have a bad sata controller or drive that corrupts the data as it is being read into memory, I just can not tell without looking at each of the corruptions. what you will see if it is malware is the the win32k.sys will be corrupted on each boot. if that is true it is not likely to be a memory (RAM) problem because winodws will attempt to load the files into memory in a different location on each boot. RAM problems tend to corrupt different drivers on each boot for this reason.

for your second memory dump file your copy of win32k.sys is corrupted in memory.
974 errors. running windows 8 build 9600.17031 you will want to start cmd.exe as an admin and
run
dism.exe /online /cleanup-image /restorehealth
to attempt to repair your files, then run malwarebytes scan, reboot your system and
run cmd.exe as an admin and run
sfc.exe /scannow
and confirm that no corruptions exists.

this could also be a random memory corruption but win32k.sys is a common attack point for malware/virus and hack programs for pirate versions of windows.

pick up the newly released bios and windows 10 drivers from
https://www.asus.com/us/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/

new drivers for both sata controllers
----------
looking at the first minidump:
showed a memory corruption reading from the file system.
I would expect a problem in a storage driver as a potential cause.
maybe Asmedia ASM-106x Sata 6G controller
\SystemRoot\System32\drivers\asstor64.sys Thu Mar 13 20:38:20 2014
or
Intel RST (Rapid Storage Technology) driver
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014



I would remove
Asus PCProbe Utility
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

machine info:
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014
BIOS Release Date 02/24/2015
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO

Thank you kindly for your reply. To confirm, the issue isn't my RAM, right? And also, should I upgrade to window 10 then download the latest BIOS and SATA controller? I ran sfc.exe /scannow and the scan shows that I don't have an issue as of now. I still get IRQL LESS THAN EQUAL BSOD though

its definitely not a RAM problem since I ran the memory test and the result are here http://tinypic.com/r/wa6elf/8. I also did the dism.exe /online /cleanup-image /restorehealth as instructed. I updated my SATA controller. I just got to wait to see if I get BSOD and update you guys. Please let me know if there's anything else I need to do. This is a great learning experience. Thank you so much for your time. I really do appreciate it.

 

[ArAnd0mPers0n]

system file checker only check certain core system files, not all of them. It is just a start to check for issues.

if you have windows 8.x you would run
dism.exe /online /cleanup-image /restorehealth
it will do a better job than the system file checker. Mainly because the system file checker will try to fix corrupted files by using a local backup copy in the hidden driverstore on your local machine. Malware just modifies both copies to prevent sfc.exe from doing a repair.
the dism.exe command will go to a microsoft update server and get a trusted, known good copy to replace corrupted local copies. so if you do a malwarebytes scan at the same time then malware does not undo the fixes from the sfc.exe command.

note: some malware attacks win32k.sys via the font subsystem. fix was to delete FNTCACHE.DAT file and the system would make another one. I think microsoft made a update to fix the bug about 9 or 10 months ago. Just in case your system was not updated to the current patches.

all the debugger can see is that the copy of win32k.sys was corrupted in memory at the time of the bugcheck.
I can not tell if it was corrupted on disk (use the sfc.exe to check for that) or if it was place in a bad spot in RAM.
(run memtest to test the RAM) or if malware/virus/rootkit modified win32k.sys after it was loaded into memory.
most likely) run malwarebytes, virus scan and rootkit scan.

you can even have a bad sata controller or drive that corrupts the data as it is being read into memory, I just can not tell without looking at each of the corruptions. what you will see if it is malware is the the win32k.sys will be corrupted on each boot. if that is true it is not likely to be a memory (RAM) problem because winodws will attempt to load the files into memory in a different location on each boot. RAM problems tend to corrupt different drivers on each boot for this reason.

for your second memory dump file your copy of win32k.sys is corrupted in memory.
974 errors. running windows 8 build 9600.17031 you will want to start cmd.exe as an admin and
run
dism.exe /online /cleanup-image /restorehealth
to attempt to repair your files, then run malwarebytes scan, reboot your system and
run cmd.exe as an admin and run
sfc.exe /scannow
and confirm that no corruptions exists.

this could also be a random memory corruption but win32k.sys is a common attack point for malware/virus and hack programs for pirate versions of windows.

pick up the newly released bios and windows 10 drivers from
https://www.asus.com/us/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/

new drivers for both sata controllers
----------
looking at the first minidump:
showed a memory corruption reading from the file system.
I would expect a problem in a storage driver as a potential cause.
maybe Asmedia ASM-106x Sata 6G controller
\SystemRoot\System32\drivers\asstor64.sys Thu Mar 13 20:38:20 2014
or
Intel RST (Rapid Storage Technology) driver
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014



I would remove
Asus PCProbe Utility
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

machine info:
\SystemRoot\System32\drivers\iaStorA.sys Fri May 02 16:06:56 2014
BIOS Release Date 02/24/2015
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO
Manufacturer ASUSTeK COMPUTER INC.
Product MAXIMUS VII HERO

Thank you kindly for your reply. To confirm, the issue isn't my RAM, right? And also, should I upgrade to window 10 then download the latest BIOS and SATA controller? I ran sfc.exe /scannow and the scan shows that I don't have an issue as of now. I still get IRQL LESS THAN EQUAL BSOD though

its definitely not a RAM problem since I ran the memory test and the result are here http://tinypic.com/r/wa6elf/8. I also did the dism.exe /online /cleanup-image /restorehealth as instructed. I updated my SATA controller. I just got to wait to see if I get BSOD and update you guys. Please let me know if there's anything else I need to do. This is a great learning experience. Thank you so much for your time. I really do appreciate it.

Its now Probably a storage or graphics or driver problem.

 

[huynie]

Its now Probably a storage or graphics or driver problem.
[/quotemsg]

What a coincidence. I thought i fixed my BSOD issue a month ago, however I started getting BSOD yesterday and I am quite sadden by it.



Here are my new MEMORY.DMP files. http://tinyurl.com/px63x5a
I have no added any new hardware. We also concluded that it is not a memory issue last time. I wonder what the problem is this time around. I'm running Window 10 btw.

Thank you kindly for taking your time to help me.

 

[johnbl]

mediafire throttles connections after the first few times you use it. I downloaded someone else memory dump today. first 3 took 12 seconds each. Last one took 20 mins.

Microsoft one drive works better. Just FYI.

 

[johnbl]

you changed operating systems.
go to : https://www.asus.com/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/
select windows 10, update to the new BIOS version, reboot pick up all the new windows 10 drivers except the ASUS Probe II.

you only had one old driver on your system and it was for ventrillo, you need to pick up all the custom drivers for your system from your motherboard vendor.

The bugcheck showed a bad memory address, you might want to boot and run memtest86 and confirm your memory settings but after you update the BIOS again.

system up timer was 11 minutes.

 

[huynie]

you changed operating systems.
go to : https://www.asus.com/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/
select windows 10, update to the new BIOS version, reboot pick up all the new windows 10 drivers except the ASUS Probe II.

you only had one old driver on your system and it was for ventrillo, you need to pick up all the custom drivers for your system from your motherboard vendor.

The bugcheck showed a bad memory address, you might want to boot and run memtest86 and confirm your memory settings but after you update the BIOS again.

system up timer was 11 minutes.

I did all that was asked except for the memtest86 since that takes at least 10 hours to scan according to my last encounter. Last time I scanned with memtest86, I had 0 error.

I have updated my BIOS and everything that you mentioned.

here are the updated MEMORY.DMP file that I uploaded on onedrive: http://1drv.ms/1i4YxpJ

hope we can find a fix.

cheers!

 

[ArAnd0mPers0n]

you changed operating systems.
go to : https://www.asus.com/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/
select windows 10, update to the new BIOS version, reboot pick up all the new windows 10 drivers except the ASUS Probe II.

you only had one old driver on your system and it was for ventrillo, you need to pick up all the custom drivers for your system from your motherboard vendor.

The bugcheck showed a bad memory address, you might want to boot and run memtest86 and confirm your memory settings but after you update the BIOS again.

system up timer was 11 minutes.

I did all that was asked except for the memtest86 since that takes at least 10 hours to scan according to my last encounter. Last time I scanned with memtest86, I had 0 error.

I have updated my BIOS and everything that you mentioned.

here are the updated MEMORY.DMP file that I uploaded on onedrive: http://1drv.ms/1i4YxpJ

hope we can find a fix.

cheers!

This confuses the sh*t out of me, You are saying its not the ram but the memory dump says its a ram problem, The image name is still memory_corruption

Proof:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa9800a8e7c8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800681695a6, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
fffffa9800a8e7c8

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiInsertDecayClusterTimer+d2
fffff800`681695a6 498b4008 mov rax,qword ptr [r8+8]

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: System

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

TRAP_FRAME: ffffd00023675b80 -- (.trap 0xffffd00023675b80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffffeffeb39aa rbx=0000000000000000 rcx=ffeb39aaffeb39aa
rdx=ffeb393200000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800681695a6 rsp=ffffd00023675d10 rbp=ffffd00023675db8
r8=fffffa9800a8e7c0 r9=00000001ffffffff r10=fffffffffff59c99
r11=fffff800683c1a80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MiInsertDecayClusterTimer+0xd2:
fffff800`681695a6 498b4008 mov rax,qword ptr [r8+8] ds:fffffa98`00a8e7c8=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800681d3ba9 to fffff800681c9240

STACK_TEXT:
ffffd000`23675a38 fffff800`681d3ba9 : 00000000`0000000a fffffa98`00a8e7c8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd000`23675a40 fffff800`681d23c8 : 00000000`0000001d fffff800`680984cd ffffe001`00000002 ffffd000`23675df8 : nt!KiBugCheckDispatch+0x69
ffffd000`23675b80 fffff800`681695a6 : ffffe001`88c5a840 ffffc001`00000000 0000000f`ffffff11 00000000`00000000 : nt!KiPageFault+0x248
ffffd000`23675d10 fffff800`680cb907 : fffffa80`00a8dc80 fffff800`683c25b8 ffffe001`8feb4f78 ffffe001`8feb4f00 : nt!MiInsertDecayClusterTimer+0xd2
ffffd000`23675d40 fffff800`6808c514 : ffffb001`00000003 fffffa80`00000008 00000000`00336d7f ffffb001`00000000 : nt!MiInsertPageInList+0x537
ffffd000`23675de0 fffff800`680d449f : fffff799`40000001 ffffc001`b1a0f7f8 ffffc001`b1a0f7f8 00000000`00000040 : nt!MiPfnShareCountIsZero+0x204
ffffd000`23675ef0 fffff800`6848c7a9 : 00000000`00100000 fffff800`680ac007 ffffe001`8f1b7820 00000000`00000001 : nt!MmUnmapViewInSystemCache+0x98f
ffffd000`23676210 fffff800`680abca2 : 00000000`000c0000 ffffe001`8f1b7820 00000000`00000000 00000000`00100000 : nt!CcUnmapVacb+0xa9
ffffd000`23676250 fffff800`680b162c : ffffe001`8f1b7801 00000000`00100000 00000000`00040000 ffffe001`88d6e998 : nt!CcUnmapVacbArray+0x212
ffffd000`236762c0 fffff800`680af255 : ffffe001`00000000 00000000`00100000 ffffd000`236763c8 ffffd000`236763dc : nt!CcGetVirtualAddress+0x40c
ffffd000`23676370 fffff800`681740e2 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`891c7a00 : nt!CcPinFileData+0x105
ffffd000`23676540 fffff800`6859d8d0 : 00000000`00200000 00000000`a0000001 00000000`00000000 00000000`00000001 : nt!CcZeroDataInCache+0x82
ffffd000`236765f0 fffff801`57fe1dcf : ffffe001`00000200 00000000`00000000 ffffd000`236766e0 00000000`00000001 : nt!CcZeroData+0xec
ffffd000`23676670 fffff801`57ef9312 : ffffe001`89f1e828 ffffc001`b094f150 ffffe001`8f8f5f20 00000000`00000000 : NTFS!NtfsZeroData+0x12b
ffffd000`23676750 fffff801`57f0d552 : ffffe001`89f1e828 ffffd000`23676a40 00000000`00000000 ffffe001`89f1e828 : NTFS!NtfsCommonWrite+0x12b2
ffffd000`236769f0 fffff800`680f36a9 : fffff800`68454340 ffffe001`8dddf040 ffffe001`89f1e898 fffff800`68454340 : NTFS!NtfsFspDispatch+0x282
ffffd000`23676b70 fffff800`68161e88 : ffffe001`88c5a840 00000000`00000080 fffff800`68454340 ffffe001`8dddf040 : nt!ExpWorkerThread+0xe9
ffffd000`23676c00 fffff800`681ce326 : ffffd000`c55d5180 ffffe001`8dddf040 ffffd000`c55e1bc0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd000`23676c60 00000000`00000000 : ffffd000`23677000 ffffd000`23671000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiInsertDecayClusterTimer+d2
fffff800`681695a6 498b4008 mov rax,qword ptr [r8+8]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!MiInsertDecayClusterTimer+d2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 55d5626b

IMAGE_NAME: memory_corruption

BUCKET_ID_FUNC_OFFSET: d2

FAILURE_BUCKET_ID: AV_nt!MiInsertDecayClusterTimer

BUCKET_ID: AV_nt!MiInsertDecayClusterTimer

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_nt!miinsertdecayclustertimer

FAILURE_ID_HASH: {1a5fdf32-a686-1bab-2d4b-d01b28c406c3}

Followup: MachineOwner

The only idea i have left is uninstall all drivers excluding the network and graphics and audio drivers

 

[johnbl]

there is a difference between RAM and the data contained in the RAM
The DATA contained in the RAM is corrupted. The physical RAM may or may not be the cause of the corruption.
You can not tell from the memory dump, just that the data is wrong.

you changed operating systems.
go to : https://www.asus.com/Motherboards/MAXIMUS_VII_HERO/HelpDesk_Download/
select windows 10, update to the new BIOS version, reboot pick up all the new windows 10 drivers except the ASUS Probe II.

you only had one old driver on your system and it was for ventrillo, you need to pick up all the custom drivers for your system from your motherboard vendor.

The bugcheck showed a bad memory address, you might want to boot and run memtest86 and confirm your memory settings but after you update the BIOS again.

system up timer was 11 minutes.

I did all that was asked except for the memtest86 since that takes at least 10 hours to scan according to my last encounter. Last time I scanned with memtest86, I had 0 error.

I have updated my BIOS and everything that you mentioned.

here are the updated MEMORY.DMP file that I uploaded on onedrive: http://1drv.ms/1i4YxpJ

hope we can find a fix.

cheers!

This confuses the sh*t out of me, You are saying its not the ram but the memory dump says its a ram problem, The image name is still memory_corruption

Proof:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa9800a8e7c8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800681695a6, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
fffffa9800a8e7c8

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiInsertDecayClusterTimer+d2
fffff800`681695a6 498b4008 mov rax,qword ptr [r8+8]

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: System

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

TRAP_FRAME: ffffd00023675b80 -- (.trap 0xffffd00023675b80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffffeffeb39aa rbx=0000000000000000 rcx=ffeb39aaffeb39aa
rdx=ffeb393200000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800681695a6 rsp=ffffd00023675d10 rbp=ffffd00023675db8
r8=fffffa9800a8e7c0 r9=00000001ffffffff r10=fffffffffff59c99
r11=fffff800683c1a80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MiInsertDecayClusterTimer+0xd2:
fffff800`681695a6 498b4008 mov rax,qword ptr [r8+8] ds:fffffa98`00a8e7c8=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800681d3ba9 to fffff800681c9240

STACK_TEXT:
ffffd000`23675a38 fffff800`681d3ba9 : 00000000`0000000a fffffa98`00a8e7c8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd000`23675a40 fffff800`681d23c8 : 00000000`0000001d fffff800`680984cd ffffe001`00000002 ffffd000`23675df8 : nt!KiBugCheckDispatch+0x69
ffffd000`23675b80 fffff800`681695a6 : ffffe001`88c5a840 ffffc001`00000000 0000000f`ffffff11 00000000`00000000 : nt!KiPageFault+0x248
ffffd000`23675d10 fffff800`680cb907 : fffffa80`00a8dc80 fffff800`683c25b8 ffffe001`8feb4f78 ffffe001`8feb4f00 : nt!MiInsertDecayClusterTimer+0xd2
ffffd000`23675d40 fffff800`6808c514 : ffffb001`00000003 fffffa80`00000008 00000000`00336d7f ffffb001`00000000 : nt!MiInsertPageInList+0x537
ffffd000`23675de0 fffff800`680d449f : fffff799`40000001 ffffc001`b1a0f7f8 ffffc001`b1a0f7f8 00000000`00000040 : nt!MiPfnShareCountIsZero+0x204
ffffd000`23675ef0 fffff800`6848c7a9 : 00000000`00100000 fffff800`680ac007 ffffe001`8f1b7820 00000000`00000001 : nt!MmUnmapViewInSystemCache+0x98f
ffffd000`23676210 fffff800`680abca2 : 00000000`000c0000 ffffe001`8f1b7820 00000000`00000000 00000000`00100000 : nt!CcUnmapVacb+0xa9
ffffd000`23676250 fffff800`680b162c : ffffe001`8f1b7801 00000000`00100000 00000000`00040000 ffffe001`88d6e998 : nt!CcUnmapVacbArray+0x212
ffffd000`236762c0 fffff800`680af255 : ffffe001`00000000 00000000`00100000 ffffd000`236763c8 ffffd000`236763dc : nt!CcGetVirtualAddress+0x40c
ffffd000`23676370 fffff800`681740e2 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`891c7a00 : nt!CcPinFileData+0x105
ffffd000`23676540 fffff800`6859d8d0 : 00000000`00200000 00000000`a0000001 00000000`00000000 00000000`00000001 : nt!CcZeroDataInCache+0x82
ffffd000`236765f0 fffff801`57fe1dcf : ffffe001`00000200 00000000`00000000 ffffd000`236766e0 00000000`00000001 : nt!CcZeroData+0xec
ffffd000`23676670 fffff801`57ef9312 : ffffe001`89f1e828 ffffc001`b094f150 ffffe001`8f8f5f20 00000000`00000000 : NTFS!NtfsZeroData+0x12b
ffffd000`23676750 fffff801`57f0d552 : ffffe001`89f1e828 ffffd000`23676a40 00000000`00000000 ffffe001`89f1e828 : NTFS!NtfsCommonWrite+0x12b2
ffffd000`236769f0 fffff800`680f36a9 : fffff800`68454340 ffffe001`8dddf040 ffffe001`89f1e898 fffff800`68454340 : NTFS!NtfsFspDispatch+0x282
ffffd000`23676b70 fffff800`68161e88 : ffffe001`88c5a840 00000000`00000080 fffff800`68454340 ffffe001`8dddf040 : nt!ExpWorkerThread+0xe9
ffffd000`23676c00 fffff800`681ce326 : ffffd000`c55d5180 ffffe001`8dddf040 ffffd000`c55e1bc0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd000`23676c60 00000000`00000000 : ffffd000`23677000 ffffd000`23671000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiInsertDecayClusterTimer+d2
fffff800`681695a6 498b4008 mov rax,qword ptr [r8+8]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!MiInsertDecayClusterTimer+d2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 55d5626b

IMAGE_NAME: memory_corruption

BUCKET_ID_FUNC_OFFSET: d2

FAILURE_BUCKET_ID: AV_nt!MiInsertDecayClusterTimer

BUCKET_ID: AV_nt!MiInsertDecayClusterTimer

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_nt!miinsertdecayclustertimer

FAILURE_ID_HASH: {1a5fdf32-a686-1bab-2d4b-d01b28c406c3}

Followup: MachineOwner

The only idea i have left is uninstall all drivers excluding the network and graphics and audio drivers

 

[johnbl]

the asus probe utility is still installed, see if there is a uninstaller for asus AI Suite.
or boot in safe mode and just rename the file while it is not in use.

\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

system is reporting memory corruption again. The asus driver above is the only one you have installed that I have seen cause memory corruption.

you might turn verifier and see if it will find a driver problem.

start cmd.exe as an admin, run
verifier.exe /standard /all

change the memory dump type to kernel memory dump

reboot
wait for the next bugcheck

note: run verifier.exe /reset
to turn off the verifier after you are done testing.

 

[huynie]

the asus probe utility is still installed, see if there is a uninstaller for asus AI Suite.
or boot in safe mode and just rename the file while it is not in use.

\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

system is reporting memory corruption again. The asus driver above is the only one you have installed that I have seen cause memory corruption.

you might turn verifier and see if it will find a driver problem.

start cmd.exe as an admin, run
verifier.exe /standard /all

change the memory dump type to kernel memory dump

reboot
wait for the next bugcheck

note: run verifier.exe /reset
to turn off the verifier after you are done testing.

I did a memtest86 and found a lot of errors. Bought new RAMs. I will update if it crashes still. I also updated BIOS as you instructed.

Thank you so much for your time and effort. Much appreciated.

 

[johnbl]

generally you want to update the BIOS or reset it to defaults before you run memtest.
if you get failures, you manually go and check your RAM timings or try to isolate a bad RAM stick.
(just in case it turns out to be BIOS timings /voltage settings or a bad RAM connection to the SLOT or a bad RAM slot)

it is pretty common for a BIOS to use poor secondary timings on RAM. These are often fixed in BIOS updates.

the asus probe utility is still installed, see if there is a uninstaller for asus AI Suite.
or boot in safe mode and just rename the file while it is not in use.

\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

system is reporting memory corruption again. The asus driver above is the only one you have installed that I have seen cause memory corruption.

you might turn verifier and see if it will find a driver problem.

start cmd.exe as an admin, run
verifier.exe /standard /all

change the memory dump type to kernel memory dump

reboot
wait for the next bugcheck

note: run verifier.exe /reset
to turn off the verifier after you are done testing.

I did a memtest86 and found a lot of errors. Bought new RAMs. I will update if it crashes still. I also updated BIOS as you instructed.

Thank you so much for your time and effort. Much appreciated.