Multiples BSOD - Windows 8.1 - Clevo

P

PilouPSD

Member
Joined
Jan 24, 2015
Posts
20
Hi,

I have a Clevo laptop and I'm having some BSOD since I bought it. I used the warranty and they changed a RAM module, but I'm pretty sure it wasn't the source of the problem.
Error messages seemed to be random and one day I tried to solve the BSODs. Actually, it was pretty successful because they almost disappeared... Almost.

I still having some at least once a week (instead of once or two a day) and it starts to be a little annoying.

I have two GPU, an Intel for "common usage" and a Nvidia for gaming usage. I've noticed that BSODs appeared only when I was playing, so it was the Nvidia GPU working.
From what I've seen from BlueScreenView, there is a common file who causes BSOD, and it's scary : it's a Windows kernel, ntoskrnl.exe.

I don't really know what to do. I can't do a Windows restoration, it says that my hard drive is locked or something like this. All my drivers are up to date, I've updated my BIOS, clean my HDD (which isn't damaged), run a Memtest... And BSOD are still there ! So I need your help please.

As you asked, the requested file are attached to this post (the zipped file didn't created itself, so I did) : View attachment SysnativeFileCollectionApp.zip. I was unable to run perfmon /report. Despite being an administrator I have that error : "The operator or administrator has refused the request". I am running the program as an administrator...

· OS : Windows 8.1
· x64
· What was original installed OS on system? : Windows 8
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? : OEM
· Age of system (hardware) : About 2 years
· Age of OS installation - have you re-installed the OS? : Also 2 years

· CPU : Intel i7-4700MQ
· Video Card : Intel HD Graphics 4600 & Nvidia 765M

· System Manufacturer : Clevo
· Exact model number : W370ST

· Laptop

Thanks a lot !

PS : I'm french, I'll do my best to be understandable.
 
Last edited:
MEMORY_MANAGEMENT (1a)

This indicates that a severe memory management error occurred.

Code: 
1: kd> .bugcheck
Bugcheck code 0000001A
Arguments 00000000`00003452 00000000`54e2b000 fffff580`10829218 59400001`db232424

The 1st argument of the bug check is 3452 which indicates an unknown memory management error occurred.Small dump, so we can go no further with this.

IRQL_NOT_LESS_OR_EQUAL (a)

This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

Code: 
0: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff802`7c28b2f8 fffff802`7a7717e9 : 00000000`0000000a ffffe003`d2f4afa9 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff802`7c28b300 fffff802`7a77003a : 00000000`00000000 ffffe001`d74bd9c0 ffffe001`ce5c2000 fffff802`7c28b440 : nt!KiBugCheckDispatch+0x69
fffff802`7c28b440 fffff802`7a7117c7 : ffffe001`d01a52b0 ffffe001`d2fb1ae0 ffffe001`d2fb1ae0 fffff800`73556f49 : nt!KiPageFault+0x23a (TrapFrame @ fffff802`7c28b440)
fffff802`7c28b5d0 fffff802`7a698df8 : ffffe001`d74bd9c0 fffff802`7c28b6a9 00000000`00000000 ffffe001`d74bde3b : nt!IopUnloadSafeCompletion+0x2b
fffff802`7c28b600 fffff800`b1d138fc : ffffe001`d00a6920 00000000`00000000 00000000`00000004 ffffe001`d00a6920 : nt!IopfCompleteRequest+0x588
fffff802`7c28b710 fffff800`b1d20364 : 00000000`ffffffff fffff800`00000000 00000000`00000001 ffffe001`00000002 : Wdf01000!FxRequest::CompleteInternal+0x23c
fffff802`7c28b7d0 fffff800`b49c1cee : ffffe001`ccc60c90 00000000`00000000 ffffe001`ccc60af0 ffffe001`ccc60af0 : Wdf01000!imp_WdfRequestComplete+0x8c
fffff802`7c28b840 fffff800`b49c22d2 : ffffe001`cc4b6670 00000000`00000060 ffffe001`ccc60d10 ffffe001`ccc60c90 : USBXHCI!Isoch_Transfer_CompleteCancelable+0x1d2
fffff802`7c28b8a0 fffff800`b49c261e : ffffe001`ccc60c90 00000000`00000000 ffffe001`cc4b6670 00000000`00000003 : USBXHCI!Isoch_Stage_CompleteTD+0x16e
fffff802`7c28b920 fffff800`b49b4c66 : ffffe001`d07a4000 ffffe001`d4de57f0 fffff802`7c28bb19 fffff802`7a76693d : USBXHCI!Isoch_ProcessTransferEventWithED1+0x252
fffff802`7c28b9b0 fffff800`b49cd57f : 00000000`00000004 fffff802`7c28baf0 fffff802`7c28bb19 fffff802`7c28bad0 : USBXHCI!Endpoint_TransferEventHandler+0x4e
fffff802`7c28ba20 fffff800`b49b705a : 00000000`00000000 ffffe001`d0784900 ffffe001`cffff808 fffff800`b396c18c : USBXHCI!UsbDevice_TransferEventHandler+0x87
fffff802`7c28ba80 fffff800`b1dabc81 : fffff802`7a8f8180 00000000`00000f44 00001ffe`30000ab8 00000000`00400a02 : USBXHCI!Interrupter_WdfEvtInterruptDpc+0x456
fffff802`7c28bb80 fffff802`7a655130 : fffff802`7a8faf00 fffff802`7c28be60 ffffe001`cffff540 fffff802`7c280f44 : Wdf01000!FxInterrupt::DpcHandler+0xc1
fffff802`7c28bbb0 fffff802`7a65434b : ffffe001`cc7a29f0 ffffe001`cb4e5080 fffff802`7a8f8180 fffff802`00000000 : nt!KiExecuteAllDpcs+0x1b0
fffff802`7c28bd00 fffff802`7a768dd5 : 00000000`00000000 fffff802`7a8f8180 ffffd000`8008ea00 00000000`7bc28610 : nt!KiRetireDpcList+0xdb
fffff802`7c28bfb0 fffff802`7a768bd9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxRetireDpcList+0x5 (TrapFrame @ fffff802`7c28be70)
ffffd000`24b08ac0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue

Executing all DPCs/doing some USB work, we go off the rails when attempting to complete the request.

Code: 
0: kd> .trap fffff802`7c28b440
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe001d388d980
rdx=ffffe001d74bd9c0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8027a7117c7 rsp=fffff8027c28b5d0 rbp=ffffe001d74bd9c0
 r8=ffffe003d2f4af90  r9=0000000000000000 r10=ffffe001cb0fe000
r11=000000000000054e r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!IopUnloadSafeCompletion+0x2b:
fffff802`7a7117c7 41387819        cmp     byte ptr [r8+19h],dil ds:ffffe003`d2f4afa9=??

Comparing dil (legacy low byte) to the r8 register + 19.

Code: 
0: kd> !pte ffffe003d2f4af90
                                           VA ffffe003d2f4af90
PXE at FFFFF6FB7DBEDE00    PPE at FFFFF6FB7DBC0078    PDE at FFFFF6FB7800F4B8    PTE at FFFFF6F001E97A50
contains 0000000000F36863  contains 0000000000000000
GetUlongFromAddress: unable to read from fffff8027a966104
pfn f36       ---DA--KWEV  not valid

r8's contents are invalid, and this is why we crashed.

Code: 
0: kd> lmvm avkmgr
start             end                 module name
fffff800`b3411000 fffff800`b341b000   avkmgr     (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\avkmgr.sys
    Image name: avkmgr.sys
    Timestamp:        Mon Sep 16 07:14:23 2013

That's a relatively old kernel driver for an antivirus suite (Avira). Uninstall Avira and replace it with Windows Defender.

Avira removal - How do I uninstall my Avira product?

Windows Defender (how to turn on after removal)

A.Navigate to Control Panel (with icons). You can do this by hitting Start > Search > Control Panel. Once in Control Panel, change the drop-down from Category to Large and/or Small icons.

B.Among the list of icons, find and click Action Center.

C.Assuming the removal of your prior antivirus software went properly, you will notice for both Spyware and unwated software protection (important) and Virus protection (important), it'll have a button labeled Turn on now. Click this button (it doesn't matter which, as Windows Defender serves as both in Windows 8/8.1).
 
Thanks for your reply. I'll do that but BSOD appeared way before Avira's installation. Is it possible that is due to a bad uninstalling of my previous antivirus, Avast ?
 
Can you enable verifier, please?

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users
 
My computer just BSOD'd with a standard error (IRQL_NOT_LESS_OR_EQUAL) despite having Driver Verifier enabled (I checked twice, it was enabled).

I've got a Memory dump, but it is really large : about 200 Mo compressed. I've uploaded it, you can find it here : https://mega.co.nz/#!89VHnCzB!nAvdID-sUXneMserjNAwiXV-lJqQitzAiacKzPVKgWw . Another small dump was created, which is here : https://mega.co.nz/#!lklVmBiZ!SoXeEbi49nma3QU4DMVYfWvIFqckqsEti_FgB45MVRc .

I've read the largest one with WhoCrashed and the BSOD seems to be caused by dxgkrnl.sys. Could you have a look on it please ?

I also have another question, almost all BSOD point out that ntoskrnl.exe is the reason why my computer crashed. Could it be an OS corruption or something like this ? And why not also checked it with all the other drivers when Driver Verifier was enabled ?

Thanks.

PS : By the way, I can't load the quick reply form (meaning I can't load any the entire page, even the reply page) anymore with the default theme. I have to do it with mobile theme on my computer.
 
IRQL_NOT_LESS_OR_EQUAL (a)

This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

Code: 
0: kd> k
Child-SP          RetAddr           Call Site
fffff801`1cda58a8 fffff801`1b1d84e9 nt!KeBugCheckEx
fffff801`1cda58b0 fffff801`1b1d6d3a nt!KiBugCheckDispatch+0x69
fffff801`1cda59f0 fffff801`1b11db2b nt!KiPageFault+0x23a
fffff801`1cda5b88 fffff800`8a413b71 nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+0x1b
fffff801`1cda5b90 fffff801`1b146cd0 dxgkrnl!DpiFdoDpcForIsr+0x31
fffff801`1cda5be0 fffff801`1b145f87 nt!KiExecuteAllDpcs+0x1b0
fffff801`1cda5d30 fffff801`1b1cfad5 nt!KiRetireDpcList+0xd7
fffff801`1cda5fb0 fffff801`1b1cf8d9 nt!KxRetireDpcList+0x5
ffffd001`ed554770 fffff801`1b1d1b45 nt!KiDispatchInterruptContinue
ffffd001`ed5547a0 fffff801`1b1cdfb3 nt!KiDpcInterruptBypass+0x25
ffffd001`ed5547b0 fffff801`1b165e53 nt!KiInterruptDispatch+0x173
ffffd001`ed554940 fffff801`1b165d6b nt!MiEmptyWorkingSetHelper+0x5f
ffffd001`ed554970 fffff801`1b273bc2 nt!MiEmptyWorkingSet+0x10b
ffffd001`ed554a80 fffff801`1b6f6721 nt!MiTrimAllSystemPagableMemory+0x286
ffffd001`ed554ad0 fffff801`1b70991d nt!MmVerifierTrimMemory+0xa1
ffffd001`ed554b00 fffff801`1b709114 nt!ViKeRaiseIrqlSanityChecks+0xd9
ffffd001`ed554b40 fffff800`8964de20 nt!VerifierKfRaiseIrql+0x44
ffffd001`ed554b70 fffff801`1b17dc70 ndis!ndisReceiveWorkerThread+0xb0
ffffd001`ed554c00 fffff801`1b1d2fc6 nt!PspSystemThreadStartup+0x58
ffffd001`ed554c60 00000000`00000000 nt!KiStartSystemThread+0x16

I am not going to go up>down the stack and thoroughly explain each call, but there are verifier checks in place such as raising the IRQL and doing a check to see if it's at the right IRQL. This is because we enabled verifier's IRQL checking parameter. With that said, likely not a driver causing IRQL problems. We go off the rails on a Direct X kernel call. I am not entirely sure what the function implies:

Code: 
DpiFdoDpcForIsr

But DPC/ISR tells me that your GPU fired an interrupt to be serviced and it wasn't handled because we pagefault right after attempting to acquire a queued spinlock.

Code: 
0: kd> .trap fffff801`1cda59f0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000bf31ffe780c rbx=0000000000000000 rcx=ffffe0019da261a0
rdx=fffff8011cda5bb0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8011b11db2b rsp=fffff8011cda5b88 rbp=fffff8011cda5ce0
 r8=fffff8011cda5bb0  r9=0000000000000000 r10=ffffe0019e487040
r11=fffff8011cda5e60 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+0x1b:
fffff801`1b11db2b 488711          xchg    rdx,qword ptr [rcx] ds:ffffe001`9da261a0=0000000000000000

Exchanging the value of two GPRs - rcx > rdx.

Code: 
0: kd> !pte ffffe0019da261a0
                                           VA ffffe0019da261a0
PXE at FFFFF6FB7DBEDE00    PPE at FFFFF6FB7DBC0030    PDE at FFFFF6FB78006768    PTE at FFFFF6F000CED130
contains 0000000000F35863  contains 0000000000F34863  contains 0000000100085863  contains 800000010ED9FB63
pfn f35       ---DA--KWEV  pfn f34       ---DA--KWEV  pfn 100085    ---DA--KWEV  pfn 10ed9f    CG-DA--KW-V

Code: 
0: kd> !pte fffff8011cda5bb0
                                           VA fffff8011cda5bb0
PXE at FFFFF6FB7DBEDF80    PPE at FFFFF6FB7DBF0020    PDE at FFFFF6FB7E004730    PTE at FFFFF6FC008E6D28
contains 0000000000F84063  contains 0000000000F85063  contains 0000000000F1D063  contains 8000000292C25163
pfn f84       ---DA--KWEV  pfn f85       ---DA--KWEV  pfn f1d       ---DA--KWEV  pfn 292c25    -G-DA--KW-V

The contents of both registers are valid, but we still failed on this instruction?

Code: 
0: kd> !dpcs
CPU Type      KDPC       Function
*** ERROR: Module load completed but symbols could not be loaded for igdkmd64.sys
 0: Normal  : 0xffffe0019e115100 0xfffff8008b5cd3a0 igdkmd64

Checking queued DPCs, we can see the Intel Graphics driver was queued.


I would ensure both the Intel/nVidia GPUs have the latest drivers. If they do, perhaps try older versions if you can find? Also, navigate to C:\Windows\System32 after the drivers are updated/rolled back, and then rename NvStreamKms.sys to NvStreamKms.old, and then restart the system.

If the above fails, it's a tough call to make, but I'd bet one of the GPUs is at fault considering verifier is enabled with various checks and failed to catch anything driver related.
 
Okay, here's its actual path:

Code: 
0: kd> lmvm nvstreamkms
start             end                 module name
fffff800`b57c5000 fffff800`b57cf000   NvStreamKms   (deferred)             
    Image path: \??\[COLOR=#ff0000]C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys[/COLOR]
    Image name: NvStreamKms.sys

Rename it there.
 
So, I've downgraded my drivers to my constructor's recommended version (my drivers were up to date) and I've renamed the file.

GPUs is at fault considering verifier is enabled with various checks and failed to catch anything driver related
Click to expand...
Do you mean it could be a hardware problem ?
 
Can you re-enable Driver Verifier, please? When it crashes, another kernel-dump would be great.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top