BSOD on shutdown, irql_not_less_or_equal ntoskrnl.exe


  1. Rufus2468
    Posts : 3
    Windows 7 Ultimate x64
       New #1

    BSOD on shutdown, irql_not_less_or_equal ntoskrnl.exe


    Lately, my PC has been blue-screening after shutdown. Never during anything, but once I hit shutdown, it logs off, shuts down, and then just before I would expect all the case lights to turn off, I get an irql_not_less_or_equal ntoskrnl.exe BSOD.

    From what I've gathered from Google, this is a driver issue, and the only help offered was nonspecific. I'm supposed to turn off all drivers and turn them on one by one, restarting in between, until I find the offender.

    Considering the sheer number of drivers on this PC, as well as the time involved in turning on each one individually, I was hoping to get some help reading the dumpfiles for anything to point me in the right direction.

    Attached is the .zip of the DM Log Collector.
      My Computer
    Quote Quote

  3. Arc
    Posts : 35,373
    Microsoft Windows 10 Pro Insider Preview 64-bit
       New #2

    Hi Rufus2468.

    The crash dumps are pointing to avast! Antivirus Stream Filter driver.

    Uninstall Avast using Avast Uninstall Utility. At least as a test. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.

    Report us for any further BSOD.
    __________________________________
    Code:
    BugCheck D1, {17851be1, 2, 1, fffffa8015426628}

*** WARNING: Unable to verify timestamp for aswStm.sys
*** ERROR: Module load completed but symbols could not be loaded for aswStm.sys
Probably caused by : aswStm.sys ( aswStm+4e68 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000017851be1, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffffa8015426628, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003d10100
GetUlongFromAddress: unable to read from fffff80003d101c0
 0000000017851be1 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP: 
+255674e2e450
fffffa80`15426628 0000            add     byte ptr [rax],al

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

DPC_STACK_BASE:  FFFFF88006122FB0

TRAP_FRAME:  fffff8800611aaf0 -- (.trap 0xfffff8800611aaf0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000017851be1 rbx=0000000000000000 rcx=fffffa8017161250
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa8015426628 rsp=fffff8800611ac80 rbp=00000000ffffffff
 r8=fffff8800611ac48  r9=0000000000000000 r10=0000000000000000
r11=fffff8800611ac70 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po cy
fffffa80`15426628 0000            add     byte ptr [rax],al ds:00000000`17851be1=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003ad6469 to fffff80003ad6ec0

STACK_TEXT:  
fffff880`0611a9a8 fffff800`03ad6469 : 00000000`0000000a 00000000`17851be1 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0611a9b0 fffff800`03ad50e0 : 00000050`00000000 fffffa80`14bb8080 fffff880`00000007 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0611aaf0 fffffa80`15426628 : 00000000`00000001 fffff880`06ef9e68 fffffa80`0cb68c38 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0611ac80 00000000`00000001 : fffff880`06ef9e68 fffffa80`0cb68c38 00000000`00000000 00000000`00000000 : 0xfffffa80`15426628
fffff880`0611ac88 fffff880`06ef9e68 : fffffa80`0cb68c38 00000000`00000000 00000000`00000000 fffffa80`17161201 : 0x1
fffff880`0611ac90 fffffa80`0cb68c38 : 00000000`00000000 00000000`00000000 fffffa80`17161201 fffffa80`14bb8080 : aswStm+0x4e68
fffff880`0611ac98 00000000`00000000 : 00000000`00000000 fffffa80`17161201 fffffa80`14bb8080 fffff880`0496d9a0 : 0xfffffa80`0cb68c38


STACK_COMMAND:  kb

FOLLOWUP_IP: 
aswStm+4e68
fffff880`06ef9e68 ??              ???

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  aswStm+4e68

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswStm

IMAGE_NAME:  aswStm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54f45828

FAILURE_BUCKET_ID:  X64_0xD1_aswStm+4e68

BUCKET_ID:  X64_0xD1_aswStm+4e68

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xd1_aswstm+4e68

FAILURE_ID_HASH:  {ea83fbeb-f3c0-af8d-d54a-4d8fc6ac7210}

Followup: MachineOwner
---------

1: kd> lmvm aswStm
start             end                 module name
fffff880`06ef5000 fffff880`06f18000   aswStm   T (no symbols)           
    Loaded symbol image file: aswStm.sys
    Image path: \SystemRoot\system32\drivers\aswStm.sys
    Image name: aswStm.sys
    Timestamp:        Mon Mar 02 18:01:36 2015 (54F45828)
    CheckSum:         00021D72
    ImageSize:        00023000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
      My Computer
    Quote Quote

  4. Rufus2468
    Posts : 3
    Windows 7 Ultimate x64
    Thread Starter
       New #3

    Thanks Arc, that seems to have done the trick with the bluescreens.
    Unfortunately startup and shutdown are still painfully slow. I think this computer has just reached its clutter limit and needs a full reinstall.
      My Computer
    Quote Quote

  6. Arc
    Posts : 35,373
    Microsoft Windows 10 Pro Insider Preview 64-bit
       New #4

    Rufus2468 said:
    Thanks Arc, that seems to have done the trick with the bluescreens.
    Unfortunately startup and shutdown are still painfully slow. I think this computer has just reached its clutter limit and needs a full reinstall.
    Please upload your MSINFO32.nfo file.

    1. Click on the start button
    2. Type "msinfo32" (without quotes) in the search bar of the start menu, click the resulting link. It will open the System Information window.
    3. File>Save. In the "File Name" filed, put "MSINFO32" (without Quote), give the save location to desktop, and click the "save" button.
    4. Give the time for processing, it will save a .nfo file on your desktop.
    5. Zip it, and upload it following the instruction.
      My Computer
    Quote Quote

  7. Rufus2468
    Posts : 3
    Windows 7 Ultimate x64
    Thread Starter
       New #5

    Apologies for the late reply, I was away from my computer over the weekend.

    Attached is my MSINFO32 results, hopefully something in there will give a clue as to what's causing the problem.
      My Computer
    Quote Quote

  8. Arc
    Posts : 35,373
    Microsoft Windows 10 Pro Insider Preview 64-bit
       New #6

    Daemon Tools, Alcohol 120% and Power Archiver Pro uses SCSI Pass Through Direct (SPTD), which is a well known BSOD causer. Uninstall Daemon Tools at first. Then download SPTD standalone installer from Disk-Tools.com, and execute the downloaded file as guided below :

    • Double click to open it.
    • Click this button only:
    • If it is grayed out, as in the picture, there is no more SPTD in your system, and you just close the window.

    Free up the startup. Windows does not need any other program to auto start with it, but the auto start programs often conflicts and causes various problems including BSODs.

    1. Click on the Start button
    2. Type “msconfig (without quotes), click the resulting link. It will open the System Configuration window.
    3. Select the “Startup” tab.
    4. Deselect all items other than the antivirus (you may need ot keep DisplayFusion there, too).
    5. Apply > OK
    6. Accept then restart.

    Let us know if it did any change there.
      My Computer
    Quote Quote

 

  Related Discussions
Hi whenever my pc goes to the shutdown screen the screen goes black then proceeds with the IRQL BSOD, so i have to long press on the power button or remove the plug to shut it down. but im afraid of the effects that might occur from not shutting it down properly. So guys please help :( Posting...
...
Dear SevenForums, For some time now, I have been experiencing infrequent BSODs with the error of IRQL_NOT_LESS_OR_EQUAL when I start / shutdown my PC. I am running windows 7 Ultimate 64-bit, and my SF file is attached to this thread. I should note a few other important details. I tried...
Is Windows 7... - x64 - Windows 7 Ultimate - OEM - System hardware is less than 5 months old During Shutdown/Restart I've got this BSOD: IRQL_NOT_LESS_OR_EQUAL
Hello Forum, Forgive me for my initial post being my problem, but the notebook I'm working on is a gift so I have little time to work with it. The Machine is as follows: HP Pavilion dv7 Notebook AMD Turion Ultra Dual-Core M600 4GB Ram running 64 bi
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:30.
Find Us