IRQL NOT LESS OR EQUAL - Novice Needig Assistance

MSI GS70 2OD-002US  laptop  x64

About 4 yrs old

i7-4700HQ CPU @ 2.40 GHz 2.40 GHz

16 GB ram

O/S SSD and HHD

Came with win 8.0.  Updated to 8.1.  Updated to Win 10 Home during last days of free offer .  No issues at first. Then some occasional BSOD's. Last few days each of 5 boot ups was a BSOD. Today just once and a black screen once in 5 bootups.

Ran chkdsk /f C: , SFC scannow, windows updates, updated whatever needed updating in Device manager....not sure if it's a shell ext. don't which non-MS ones may be a culprit

Get the IRQL NOT LESS OR EQUAL  (once BAD POOL HEADER)

Blue Screen View noted ntoskrnl.exe. not sure if windows Debugger is more reliable. A novice so not secure about testing.

Thanks (and apologies for the typo in Subject)

Edited by chiiibill, 26 August 2016 - 04:24 PM.

Not sure if this is significant, but I have 2 VPN apps recently installed on my laptop. (PIA and AirVPN)

Running a bit busy right now.
I'll run an analysis either later today or tomorrow morning.

For now, I wonder about your video.

Start with these free hardware diangostics:  http://www.carrona.org/hwdiag.html

If all of them pass, then run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

I fully understand.

Thanks you for your help.

Will do as you suggested. as a novice it make take some time deciphering the instructions, but should be ok.

Thanks again.

Edited by chiiibill, 27 August 2016 - 08:26 PM.

Perfmon says there are problems with the Bluestacks Android service

Please uninstall it.  If needed, download/install a fresh copy after uninstalling it.

Unfortunately it appears that the system has pirated software.
Please get a legitimate copy installed and we'll be glad to help.

Here's suggestions on how to ensure that your version is legitimate:  http://windows.microsoft.com/en-us/windows/genuine

Please be aware that we may not be able to fix it (as the hacks that were done to activate it will cause the OS to behave differently than we expect it to). If that's the case, our efforts to help may just waste your time. Secondly, the forum rules prohibit assisting with pirated software - so the topic would be closed if that is the case.

As a courtesy, I will offer an analysis of your issues using the reports you provided.
I will not answer any questions about the analysis until the system is made legitimate.
If you do make it legitimate, please submit a new set of reports for us to check.

Just FYI, sometimes the owner won't know about this.  So here's 2 scenarios that might ring a bell:
- if they had a "friend" help with the computer - and the "friend" installed a pirated copy.
- or they used a copy that they had from another OEM computer.  The OEM license is tied to the hardware that it came from - so you can't just use it on another system (that means that it's pirated).

And here's the analysis:

 

Your UEFI/BIOS (version E1771IMS.70C) dates from 2013.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).

Only 8 Windows Update hotfixes installed.  Most build 10586 (TH2/1511) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

3 of the 4 memory dumps blame your Norton protection.
Please uninstall it.  Then use this free Norton tool to remove any remnants that it leaves behind:  http://www.carrona.org/avuninst.html#N

Make sure that you enable Windows Defender while testing.

If this fixes things, and you still want to stay with Norton, download/install a fresh copy from the Norton website.

I notice other traces of antivirus/antimalware programs on the system.

Please only use 1 antivirus and one firewall at a time (this includes Windows Defender and the Windows firewall) - as they can conflict with each other and cause problems with your system.

Also, there is a copy of NTIOLib_X64.sys in the memory dumps. 
This driver is known to cause BSOD's on some Windows systems - so I strongly suggest that you uninstall the program that it's related to.

Here's what information I have on this driver:

 

NTIOLib_X64.sys             Thu Oct 25 06:27:58 2012 (5089142E)
MSI Afterburner driver (known BSOD issues with Windows) Also found to be a part of MSI Live Update 5, MSI Super Charger & MSI Smart Utilities.[br]    [br]  Recently (Nov 2014) there have been numerous instances of this driver in memory dumps.  Analysis reveals that they are scattered throughout the filesystem by the installed MSI command utilities.  For now I suggest uninstalling them all. http://event.msi.com/vga/afterburner/download.htm
http://www.carrona.org/drivers/driver.php?id=NTIOLib_X64.sys

There are a lot of file system drivers in the stack text.  This makes me suspect that Norton isn't alone in the problems here.
The Folder Lock program has drivers that date from 2012 - so I'd suggest uninstalling that also.

 

WinVDEdrv6.sys              Wed Aug  3 00:38:39 2011 (4E38D0CF)
File System Filter driver for Folder Lock from NewSoftwares.net http://www.newsoftwares.net/folderlock/
http://www.carrona.org/drivers/driver.php?id=WinVDEdrv6.sys
 
WinFPdrv.sys                Fri Sep 28 00:44:33 2012 (50652B31)
NewSoftwares.net Folder Protect Driver.[br][br]Driver is located at "C:\Windows\SysWoW64\". http://www.newsoftwares.net/download/
http://www.carrona.org/drivers/driver.php?id=WinFPdrv.sys

Finally, your SuperAntiSpyware drivers date from 2011.  Uninstall it also.

Analysis:

The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Fri Aug 26 08:12:07.134 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\082616-9375-01.dmp]
Windows 10 Kernel Version 10586 MP (8 procs) Free x64
Built by: 10586.545.amd64fre.th2_release.160802-1857
System Uptime:0 days 0:08:21.845
*** ERROR: Module load completed but symbols could not be loaded for fastfat.SYS
*** WARNING: Unable to verify timestamp for SRTSP64.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS
Probably caused by :SRTSP64.SYS ( SRTSP64+9308f )
BugCheck A, {0, 2, 0, fffff803c68de628}
BugCheck Info: IRQL_NOT_LESS_OR_EQUAL (a)
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff803c68de628, address which referenced memory
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  ns.exe
FAILURE_BUCKET_ID: AV_SRTSP64!unknown_function
CPUID:        "Intel® Core™ i7-4700HQ CPU @ 2.40GHz"
MaxSpeed:     2400
CurrentSpeed: 2394
  BIOS Version                  E1771IMS.70C
  BIOS Release Date             10/01/2013
  Manufacturer                  Micro-Star International Co., Ltd.
  Product Name                  GS70 2OD
  Baseboard Product             MS-1771
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 26 08:03:24.353 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\082616-9734-01.dmp]
Windows 10 Kernel Version 10586 MP (8 procs) Free x64
Built by: 10586.545.amd64fre.th2_release.160802-1857
System Uptime:0 days 6:42:41.063
*** ERROR: Module load completed but symbols could not be loaded for fastfat.SYS
Probably caused by :ntkrnlmp.exe ( nt!KiTryUnwaitThread+31 )
BugCheck A, {40, 2, 1, fffff8025fad8a91}
BugCheck Info: IRQL_NOT_LESS_OR_EQUAL (a)
Arguments:
Arg1: 0000000000000040, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8025fad8a91, address which referenced memory
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID: AV_nt!KiTryUnwaitThread
CPUID:        "Intel® Core™ i7-4700HQ CPU @ 2.40GHz"
MaxSpeed:     2400
CurrentSpeed: 2394
  BIOS Version                  E1771IMS.70C
  BIOS Release Date             10/01/2013
  Manufacturer                  Micro-Star International Co., Ltd.
  Product Name                  GS70 2OD
  Baseboard Product             MS-1771
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 26 01:20:22.147 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\082616-18875-01.dmp]
Windows 10 Kernel Version 10586 MP (8 procs) Free x64
Built by: 10586.545.amd64fre.th2_release.160802-1857
System Uptime:0 days 0:07:45.857
*** ERROR: Module load completed but symbols could not be loaded for fastfat.SYS
*** WARNING: Unable to verify timestamp for SRTSP64.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS
Probably caused by :SRTSP64.SYS ( SRTSP64+9308f )
BugCheck A, {ffffffff00000006, 2, 0, fffff80387edf628}
BugCheck Info: IRQL_NOT_LESS_OR_EQUAL (a)
Arguments:
Arg1: ffffffff00000006, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80387edf628, address which referenced memory
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  ns.exe
FAILURE_BUCKET_ID: AV_SRTSP64!unknown_function
CPUID:        "Intel® Core™ i7-4700HQ CPU @ 2.40GHz"
MaxSpeed:     2400
CurrentSpeed: 2394
  BIOS Version                  E1771IMS.70C
  BIOS Release Date             10/01/2013
  Manufacturer                  Micro-Star International Co., Ltd.
  Product Name                  GS70 2OD
  Baseboard Product             MS-1771
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 26 01:01:12.077 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\082616-23265-01.dmp]
Windows 10 Kernel Version 10586 MP (8 procs) Free x64
Built by: 10586.545.amd64fre.th2_release.160802-1857
System Uptime:0 days 3:23:03.788
*** ERROR: Module load completed but symbols could not be loaded for fastfat.SYS
*** WARNING: Unable to verify timestamp for SRTSP64.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS
Probably caused by :SRTSP64.SYS ( SRTSP64+9308f )
BugCheck A, {40, 2, 1, fffff8006374aa91}
BugCheck Info: IRQL_NOT_LESS_OR_EQUAL (a)
Arguments:
Arg1: 0000000000000040, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8006374aa91, address which referenced memory
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  ns.exe
FAILURE_BUCKET_ID: AV_SRTSP64!unknown_function
CPUID:        "Intel® Core™ i7-4700HQ CPU @ 2.40GHz"
MaxSpeed:     2400
CurrentSpeed: 2394
  BIOS Version                  E1771IMS.70C
  BIOS Release Date             10/01/2013
  Manufacturer                  Micro-Star International Co., Ltd.
  Product Name                  GS70 2OD
  Baseboard Product             MS-1771
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Fri Aug 26 08:12:07.134 2016 (UTC - 4:00)**************************
MBfilt64.sys                Thu Jul 30 23:40:32 2009 (4A7267B0)
LGBusEnum.sys               Mon Nov 23 20:36:48 2009 (4B0B38B0)
clwvd.sys                   Wed Apr 13 23:47:49 2011 (4DA66E65)
SASKUTIL64.SYS              Tue Jul 12 17:00:01 2011 (4E1CB5D1)
SASDIFSV64.SYS              Thu Jul 21 19:03:00 2011 (4E28B024)
WinVDEdrv6.sys              Wed Aug  3 00:38:39 2011 (4E38D0CF)
WinFPdrv.sys                Fri Sep 28 00:44:33 2012 (50652B31)
NTIOLib_X64.sys             Thu Oct 25 06:27:58 2012 (5089142E)
HECIx64.sys                 Mon Dec 17 14:32:21 2012 (50CF7345)
ambakdrv.sys                Tue Dec 25 03:46:35 2012 (50D967EB)
ammntdrv.sys                Tue Dec 25 03:46:37 2012 (50D967ED)
amwrtdrv.sys                Tue Dec 25 03:46:38 2012 (50D967EE)
a2ddax64.sys                Thu Mar  7 23:41:40 2013 (51396C04)
iaStorA.sys                 Mon Mar 18 19:36:36 2013 (5147A504)
RTKVHD64.sys                Tue May 21 09:46:52 2013 (519B7ACC)
a2dix64.sys                 Sat Aug 31 06:34:23 2013 (5221C6AF)
cleanhlp64.sys              Mon Sep 30 06:50:45 2013 (52495785)
a2accx64.sys                Fri May  9 03:06:38 2014 (536C7E7E)
a2util64.sys                Mon May 12 01:18:54 2014 (537059BE)
mwac.sys                    Tue Jun 17 22:07:00 2014 (53A0F444)
debutfilterx64.sys          Mon Jul 14 19:13:58 2014 (53C46436)
tap0901.sys                 Wed Nov  5 08:16:32 2014 (545A2330)
GUBootStartup.sys           Wed Apr 22 22:03:58 2015 (5538530E)
athw8x.sys                  Sun Apr 26 22:56:12 2015 (553DA54C)
gwdrv.sys                   Fri May 29 00:15:40 2015 (5567E7EC)
SbieDrv.sys                 Tue Jun 23 14:13:01 2015 (5589A1AD)
ETD.sys                     Mon Jul 27 22:01:31 2015 (55B6E27B)
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
btfilter.sys                Fri Jul 31 02:11:24 2015 (55BB118C)
mbam.sys                    Tue Aug 11 13:35:19 2015 (55CA3257)
intelppm.sys                Thu Oct 29 22:09:51 2015 (5632D16F)
hiber_storport.sys          Thu Oct 29 22:42:02 2015 (5632D8FA)
e2xw10x64.sys               Tue Jan 26 18:58:16 2016 (56A80818)
mbae64.sys                  Wed Jan 27 11:54:02 2016 (56A8F62A)
mbamchameleon.sys           Wed Jan 27 18:48:35 2016 (56A95753)
nvvad64v.sys                Tue Apr 12 04:46:52 2016 (570CB5FC)
SYMNETS.SYS                 Tue Apr 12 19:47:43 2016 (570D891F)
igdkmd64.sys                Fri Apr 22 16:37:26 2016 (571A8B86)
eeCtrl64.sys                Mon Apr 25 13:47:05 2016 (571E5819)
Ironx64.SYS                 Wed May  4 08:56:49 2016 (5729F191)
BHDrvx64.sys                Wed May  4 22:11:06 2016 (572AABBA)
ccSetx64.sys                Thu May  5 18:33:33 2016 (572BCA3D)
SYMEFASI64.SYS              Thu May 12 15:21:02 2016 (5734D79E)
SYMEVENT64x86.SYS           Mon May 23 16:42:54 2016 (57436B4E)
SRTSPX64.SYS                Wed May 25 23:18:13 2016 (57466AF5)
WiseFs64.sys                Tue Jun 14 06:17:48 2016 (575FD9CC)
IDSvia64.sys                Fri Jul  1 18:14:47 2016 (5776EB57)
SRTSP64.SYS                 Sun Aug  7 16:04:08 2016 (57A79438)
nvlddmkm.sys                Thu Aug 11 07:07:38 2016 (57AC5C7A)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 26 01:20:22.147 2016 (UTC - 4:00)**************************
NvStreamKms.sys             Fri Jun  3 07:28:21 2016 (575169D5)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Aug 26 01:01:12.077 2016 (UTC - 4:00)**************************
EraserUtilRebootDrv.sys     Mon Apr 25 13:47:06 2016 (571E581A)

XXXXX

Edited by usasma, 28 August 2016 - 05:31 AM.

First- Thank you so much for the analysis.

This is a company laptop that has changed hands a few times over the years.

I realize any further assistance is 'on hold' until the problem software is removed. As I am not familiar with quite a few of the apps that have been installed on this laptop over the years, how do I determine which is the pirated software?

(I also understand that any future assistance may be impacted by changes made by the problem software)

Of course, I will hold off with questions until the problem software is removed. As far as the O/S, I personally purchased the laptop from an established electronics store. I personally updated to 8.1 via the Windows online store and used the Win 10 nag icon to download 10.

As far as windows updates- I checked yesterday and was informed that there are no new updates...any new ones will d/l automatically. 'Your device is up to date: Last checked today 12:39 PM'

Uninstalled Folder Lock/Folder Protect, updated Superantispyware, uninstalled Norton followed by Norton removal tool, installed KIS (Windows Defender remains on and is grayed out in on position), uninstalled Bluestacks, Eraser. didn't know Emsisoft Antimalware was installed (but not running) so uninstalled it.

While waiting for your reply (re: identifying the pirated software) I'll work on deciphering the ominous-looking analysis.

Thanks

Edited by chiiibill, 28 August 2016 - 05:35 PM.

As I mentioned in my last post, I acted on some of your recommendations, also deleted some programs and the BSOD problem is now gone. Thanks very much, usasma.

However, I was hoping to hear from you as yo whether you are able to determine if the unwanted software was gone as well. This laptop has passed through many hands and I would like it clean.

If you are backlogged with other members' issues, I will gladly wait.

However, if you already consider this 'case' solved  I will have to seek support elsewhere (prefer not to). Please let me know as I would like to resolve this matter. Thanks.

Edited by chiiibill, 11 September 2016 - 03:37 PM.