[SOLVED] Windows 8.1 BSOD - Appears to be related to sleep/hibernate

F

frewster

Member
Joined
Jan 1, 2014
Posts
16
Hello. I have a Clevo W230ST laptop that for the most part works great. However, I've been having BSOD when I resume from sleep (most often) and spontaneously (rarely). I have done my best to get all the latest drivers both from Clevo's website and the various hardware company's (Intel, Nvidia, Realtek, etc.).

I was unable to run perfmon /report. Despite being an administrator I get an error stating that "The operator or administrator has refused the request". I am running the program as an administrator but it continues to fail. I think this is a Windows 8.1 bug from what I was able to find about it.

Earlier I thought that the issue may have been my graphics card driver due to a dump mentioning it, but that was only one and it hasn't been mentioned in the later two dumps. It seems that almost all of the crashes are caused by different sources from what I can tell from Blue Screen View.

At this point I don't know what to do. The system came with 8 and I updated to 8.1 without a clean install when it came out. I have also made sure that the firmware for my SSD is up to date.

There are two things that come to mind - one is that the airplane mode driver for 8.1 from Clevo continues to fail to install. Apart from it being made by Insyde I really don't have much more info about it. The other is that despite uninstalling and reinstalling my graphics drivers several times I sometimes get an error bubble when I launch games that the nvidia display kernel has crashed. I don't have the exact error written down but I will be sure to do that when it happens again.

· OS - Windows 8.1
· x64
· What was original installed OS on system? - Windows 8
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? - OEM
· Age of system (hardware) - 6 months
· Age of OS installation - have you re-installed the OS? - Same as the system

· CPU - 4700MQ
· Video Card - GTX 765M
· MotherBoard - Custom Clevo
· Power Supply - brand & wattage (if laptop, skip this one)

· System Manufacturer - Clevo
· Exact model number (if laptop, check label on bottom) - Clevo W230ST/Sager 7330

Thank you in advance for the help!
 

Attachments

  • airplane mode unknown device.PNG
    airplane mode unknown device.PNG
    201.1 KB · Views: 11
Hi,

We have various attached DMP files:

IRQL_NOT_LESS_OR_EQUAL (a)

This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

Unable to load image \SystemRoot\system32\DRIVERS\NETwbw02.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETwbw02.sys
*** ERROR: Module load completed but symbols could not be loaded for NETwbw02.sys
Probably caused by : NETwbw02.sys ( NETwbw02+2b8e64 )

^^ Intel® Wireless WiFi Link Driver - Intel® Wireless WiFi Link Adapter.

Have you downloaded all of the latest drivers for 8.1 (or 8 if a driver version of 8.1 is not available) from CLEVO - Download ?

DPC_WATCHDOG_VIOLATION (133)

This bug check indicates that the DPC watchdog executed, either because it detected a single long-running deferred procedure call (DPC), or because the system spent a prolonged time at an interrupt request level (IRQL) of DISPATCH_LEVEL or above.

-------------------

You mentioned display driver crashes:

RTCore64.sys - Mon Mar 11 01:32:06 2013
Click to expand...

^^ RivaTuner OR EVGA Precision OR MSI Afterburner (known BSOD issues w/Win 7 and 8). I'd recommend uninstalling for troubleshooting purposes ASAP.

Regards,

Patrick
 
OK Patrick, I have uninstalled Afterburner and Rivatuner from my system. As for the Intel wireless drivers, I noticed after the crash that I had related to them that mine were not up to date. I updated them to the latest from Intel and have (as you can see from the logs) not had any more Intel related crashes.

What (if anything) should I do now?

Thanks
 
Unfortunately I had multiple crashes today. I left my computer and when I came back it had frozen, which hadn't happened before. I hard reset it and everything seemed to be fine until after I entered my password to login. One of the dots that circle in Windows 8 during login/startup had just appeared when it froze and gave me a BSOD. This happened several times. I was about to do a system restore when I was finally able to boot to the desktop. I'm confused as to how this problem would seemingly fix itself - several failed boots with BSODs after login and then all of a sudden it works without changing anything at all. :huh:

I've attached the logs. Got DPC_WATCHDOG_VIOLATION errors at the BSODs.
 
Hello again,

The latest 2 DMP files are of the DPC_WATCHDOG_VIOLATION (133) bug check.

This bug check indicates that the DPC watchdog executed, either because it detected a single long-running deferred procedure call (DPC), or because the system spent a prolonged time at an interrupt request level (IRQL) of DISPATCH_LEVEL or above.

Can you please go ahead and enable Driver Verifier?

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
Using Driver Verifier to identify issues with Windows drivers for advanced users

Regards,

Patrick
 
Code: 
[COLOR=#ff0000]BugCheck A[/COLOR], {10, [COLOR=#0000cd]2[/COLOR], 1, fffff80172aae97f}

*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
Probably caused by : nvlddmkm.sys ( nvlddmkm+e46dc )

Well, we can see that we're running at IRQL Level 2 or DISPATCH_LEVEL, which complements the other bugchecks.

Code: 
1: kd> [COLOR=#008000]!irql[/COLOR]
Debugger saved IRQL for processor 0x1 -- 2 ([COLOR=#ff0000]DISPATCH_LEVEL[/COLOR])

Code: 
1: kd> [COLOR=#008000]knL[/COLOR]
 # Child-SP          RetAddr           Call Site
00 ffffd000`20cb1db8 fffff801`72bcf7e9 nt!KeBugCheckEx
01 ffffd000`20cb1dc0 fffff801`72bce03a nt!KiBugCheckDispatch+0x69
02 ffffd000`20cb1f00 fffff801`72aae97f nt!KiPageFault+0x23a
03 ffffd000`20cb2098 fffff800`01f2a6dc [COLOR=#ff0000]nt!KeAcquireInStackQueuedSpinLock[/COLOR]+0x2f
04 ffffd000`20cb20a0 ffffe000`0532d260 [COLOR=#ff0000]nvlddmkm+0xe46dc[/COLOR]
05 ffffd000`20cb20a8 00000000`00000000 0xffffe000`0532d260

Stack Queued Spinlocks are the type of queued spinlocks which were made available to third-party developers like nVidia, thus the reason why it's appearing in the stack.

More Information on my blog - BSODTutorials: Spinlocks and Queued Spinlocks

Code: 
1: kd> [COLOR=#008000]lmvm nvlddmkm[/COLOR]

start             end                 module name
fffff800`01e46000 fffff800`02a87000   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        [COLOR=#ff0000]Sat Nov 23 16:28:53 2013[/COLOR] (5290D7C5)
    CheckSum:         00C09A5E
    ImageSize:        00C41000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I would suggest updating to the latest WHQL version of your graphics card driver from here - NVIDIA Driver Downloads - Advanced Search
 
You have seemed to have enabled Driver Verifier either:

Code: 
1: kd> [COLOR=#008000]!verifier[/COLOR]

Verify Level 0 ... enabled options are:

Summary of All Verifier Statistics

RaiseIrqls                             0x0
AcquireSpinLocks                       0x0
Synch Executions                       0x0
Trims                                  0x0

Pool Allocations Attempted             0x0
Pool Allocations Succeeded             0x0
Pool Allocations Succeeded SpecialPool 0x0
Pool Allocations With NO TAG           0x0
Pool Allocations Failed                0x0
Resource Allocations Failed Deliberately   0x0

Current paged pool allocations         0x0 for 00000000 bytes
Peak paged pool allocations            0x0 for 00000000 bytes
Current nonpaged pool allocations      0x0 for 00000000 bytes
Peak nonpaged pool allocations         0x0 for 00000000 bytes
 
Sorry, just noticed a typo in my last post. I meant to mention that you don't seem to have enabled Driver Verifier.
 
x BlueRobot said:
Sorry, just noticed a typo in my last post. I meant to mention that you don't seem to have enabled Driver Verifier.
Click to expand...

Are you sure about that? The BSODs only ceased once I booted into safe mode and disabled driver verifier. Also, as you can see in this screen shot from Blue Screen View driver verifier must be enabled as it is what is causing the BSODs. The dump that you are looking at is from November. I currently have the latest Nvidia WHQL drivers (331.82).
 

Attachments

  • driver verifier blue screen view.jpg
    driver verifier blue screen view.jpg
    345.8 KB · Views: 7
Good, and those dump files weren't saved in the folder for some reason, weren't they in the Minidump folder?

Code: 
C:\Windows\Minidump
 
x BlueRobot said:
Good, and those dump files weren't saved in the folder for some reason, weren't they in the Minidump folder?

Code: 
C:\Windows\Minidump
Click to expand...

Are you absolutely sure? I just downloaded and looked at the zip I uploaded and it has dumps from November yo January. I can see them right now.
 
Sorry I must have overlooked them by accident.

Code: 
[COLOR=#ff0000]BugCheck C4[/COLOR], {[COLOR=#0000cd]2001b[/COLOR], [COLOR=#008000]fffff80000306ff0[/COLOR], 0, 0}

Probably caused by : [COLOR=#ff0000]pnpnptool.sys[/COLOR] ( pnpnptool+1cff )

It appears that a driver has broken a DDI Compliance rule, the exact rule is described within a string, the pointer to the string and it's address can be found in the second parameter. Using the dc command to deference virtual memory with a character string, we can see this string.

Code: 
2: kd> [COLOR=#008000]!ruleinfo 0x2001b[/COLOR]
The IrqlObPassive rule specifies that the driver calls 
ObReferenceObjectByHandle only when it is executing at 
IRQL = [COLOR=#ff0000]PASSIVE_LEVEL[/COLOR]

The ObReferenceObjectByHandle should only be called at IRQL Level 0, instead of IRQL Level 1. The function checks the access permissions for the handle attempting to reference the object, and then returns the handle to the object for the appropriate process' handle table if the access validation checking is fine.

Code: 
2: kd> [COLOR=#008000]!irql[/COLOR]
Debugger saved IRQL for processor 0x2 -- 1 ([COLOR=#ff0000]APC_LEVEL[/COLOR])

Code: 
2: kd> [COLOR=#008000]dc fffff80000306ff0[/COLOR]
fffff800`00306ff0  6552624f 65726566 4f65636e 63656a62  ObReferenceObjec
fffff800`00307000  48794274 6c646e61 68732065 646c756f  tByHandle should
fffff800`00307010  6c6e6f20 65622079 6c616320 2064656c   only be called 
fffff800`00307020  49207461 204c5152 4150203d 56495353  at IRQL = PASSIV
fffff800`00307030  454c5f45 2e4c4556 cccccc00 cccccccc  E_LEVEL.........
fffff800`00307040  6547624f 6a624f74 53746365 72756365  ObGetObjectSecur
fffff800`00307050  20797469 756f6873 6f20646c 20796c6e  ity should only 
fffff800`00307060  63206562 656c6c61 74612064 51524920  be called at IRQ

Code: 
2: kd> [COLOR=#008000]lmvm pnpnptool[/COLOR]
start             end                 module name
fffff800`043ef000 fffff800`043f9d00   pnpnptool T (no symbols)           
    Loaded symbol image file: pnpnptool.sys
    Image path: \??\C:\Windows\system32\Drivers\pnpnptool.sys
    Image name: pnpnptool.sys
    Timestamp:       [COLOR=#ff0000] Fri Oct 18 22:52:26 2013[/COLOR] (5261AD9A)
    CheckSum:         00013E08
    ImageSize:        0000AD00
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

This driver seems to belong to some Quest Software. The exact module is Quest RDP PnP driver. I would suggest finding a updated version of the program, or removing the program completely.
 
I uninstalled the software that had the problematic driver. I have turned back on driver verifier and am running it again to see if anything else pops up. I will let you know if I get any more BSODs.
 
After turning driver verifier back on I had several driver verifier BSODs referencing nvlddmkm.sys. I decided it was time for a fresh start and used Display Driver Uninstaller in safe mode to start from scratch on the Nvidia drivers and installed 332.21 (latest) after that was done.

Perhaps that was not the actual problem? I am uploading the dumps and would be grateful if someone could go over them for me.
 
Hmm. Had further BSODs after turning driver verifier back on after doing a clean install (as written in my previous post) of the Nvidia drivers. They still appear to point towards the Nvidia driver. Attached the dumps.
 

Attachments

Code: 
[COLOR=#ff0000]BugCheck C4[/COLOR], {[COLOR=#0000cd]f6[/COLOR], [COLOR=#008000]134[/COLOR], [COLOR=#ffa500]ffffe00001c85500[/COLOR], fffff80001ce70a1}

*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
Probably caused by : [COLOR=#ff0000]nvlddmkm.sys[/COLOR] ( nvlddmkm+9b0a1 )

This is a well-known bug with nVidia drivers, I've seen this exact bugcheck regularly, and it's always a User-Mode handle being used in Kernel-Mode.

Code: 
4: kd> [COLOR=#008000]lmvm nvlddmkm[/COLOR]
start             end                 module name
fffff800`01c4c000 fffff800`02895000   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        [COLOR=#ff0000]Thu Dec 19 17:02:52 2013[/COLOR] (52B326BC)
    CheckSum:         00C19112
    ImageSize:        00C49000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Please update to the latest Beta version of your graphics card driver from here - NVIDIA Driver Downloads - Advanced Search

If that doesn't resolve anything, then please boot into Safe Mode, and see if it crashes there.
 
Last edited:

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top