I have been receiving a lot of blue screens lately saying IRQ not less or equal

Hi,

In order to assist you, we will need the DMP files to analyze what exactly occurred at the time of the crash, etc.

If you don't know where DMP files are located, here's how to get to them:

 1.    Navigate to the %systemroot%\Minidump folder.
 2.    Copy any and all DMP files in the Minidump folder to your Desktop and then zip up these files.
 3.    Upload the zip containing the DMP files to Skydrive or a hosting site of your choice and paste in your reply.

If you are going to use Skydrive but don't know how to upload to it, please visit the following:

http://www.wikihow.com/Use-SkyDrive

Please note that any "cleaner" programs such as TuneUp Utilities, CCleaner, etc, by default will delete DMP files upon use.

If your computer is not generating DMP files, please do the following:

1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.

2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.

3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log'.

Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.

4. Double check that the WERS is ENABLED:

Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.

If you cannot get into normal mode to do any of this, please do this via Safe Mode.

Regards,

Patrick

Here is the mini dump zip folder:

Thanks!

The attached DMP file is of the IRQL_NOT_LESS_OR_EQUAL (a) bugcheck.

A kernel-mode driver or process attempted to access a protected memory location it does not have permission for, or a kernel interrupt request level (IRQL) attempted to access a memory address that is too high.

This bugcheck usually occurs when a driver uses an incorrect memory address. Other possible causes of this error include: bug in a device driver, system service, the BIOS, an old Anti-virus program or backup tool, or possibly memory issues.

Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsInjectTransportSendAsync0+277 )

^^ This is the FWP/IPsec Kernel-Mode API system driver.

1.

Remove and replace avast! with Microsoft Security Essentials for temporary troubleshooting purposes:

avast! removal tool - http://www.avast.com/uninstall-utility

MSE - http://windows.microsoft.com/en-us/windows/security-essentials-download

2.

If after the above you're still crashing, enable Driver Verifier to look for further device driver corruption and or conflicts:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7)
- Concurrentcy Stress Test (Windows 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
 8.    Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:

- Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617

Regards,

Patrick

You have a suspicious driver that is in the call stack.

 

c:\windows\system32\drivers\giomjken.sys

 

Find the file and right click - Properties - Details tab to see what it is.

 

If you want to disable.

 

 

driverquery /v /fo list

 

and get the module name for the above file. Then type

 

sc stop modulename

 

eg

 

sc stop giomjken

 

then

 

sc config giomjken start= disabled

 

 

I took a screenshot of the right-click properties - it says it is from my malware defender program (which I actually thought was a Microsoft issued program):

http://xportcms.com/siteresources/data/images/driver-image.jpg

I also uninstalled the Avast as suggested - so I guess now I wait to see if the blue screen happens again? By the way, thanks you for your help - it is greatly appreciated!

Patrick thanks for your help -I have uninstalled the avast program and I even tried turning on the driver debugger but I kept receiving a blue screen with that so I turned that back off. I hope uninstalling avast did the trick. David said that there was a suspicious program file running so I took a screenshot of it so that you can see if its legit or not - I have no clue if it is or not.

http://xportcms.com/siteresources/data/images/driver-image.jpg

Hi,

If you were blue screening with verifier enabled, that's actually what we want to happen. Please attach the latest DMP files that verifier created here.

Regards,

Patrick

Hi Patrick, after enabling the verifier I had to restart my computer and I didn't even get to login, right before I would get to the login screen after I had rebooted I got a blue screen and the message said something about a driver trying to corrupt files so it shut down again. This was after I had uninstalled Avast completely with your utility so I figured it was the last thing I had done which was enable the driver verifier, so I booted into safe mode and I did a system restore to the restore point you had instructed me to create earlier. Should I turn this back on and see what happens again?