IRQL_NOT_LESS_OR_EQUAL

Chikita413
Chikita413 used Ask the Experts™
on
I am having an issue with my Compaq SR1511NX. I keep getting the BSOD with the message "IRQL_NOT_LESS_OR_EQUAL". Have run many different virus/spyware/malware scans and keep coming up clean. Have uninstalled/reinstalled lots of programs. System restore also does not work. Not extremely computer literate, but do know a thing or two. Would appreciate any help given. Thanks :)

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
BSOD usually stems from a memory issue. You can try doing a memory diagnostic test using memtest86
found here with install/cd creation instructions:http://www.memtest.org/

Another possible reason is the cpu overheating but you would probably notice other symptoms first.

Here is more information regarding the BSOD
http://www.tweaksforgeeks.com/IRQL_NOT_LESS_OR_EQUAL.html

Commented:
This is a fairly common error that is often due to a bad driver, or faulty or incompatible hardware or software .. so it can be caused for a range of reasons.  <quote>Technically, this error condition means that a kernel-mode process or driver tried to access a memory location to which it did not have permission, or at a kernel Interrupt ReQuest Level (IRQL) that was too high ... <unquote>

More detail>
0x0000000A: IRQL_NOT_LESS_OR_EQUAL:
http://aumha.org/win5/kbestop.htm

Commented:
To find out more accurately which driver (or which component), there should be a dump of the state of your system at the time it crashed.
The dumps are normally located in c:\windows\minidump\    
or  %systemroot%\minidump\

Can you paste the latest dump(s) in the "Attach Code Snippet" box and i'll take a look.  You'll need to rename single minidump files first with a .txt extension, (do not rename the contents of the file).  Alternatively zip them before attaching, and rename the .zip to .txt for the attaching (the upload).

You may need to disable auto restart, to keep the laptop booted:
Right click My Computer > Properties > Advanced > Startup and Recovery Settings and uncheck Automatically Restart.

If you cannot reach Windows, you can turn off the 'Automatic reboot on error' option by selecting the Advanced Options Menu at bootup.  Keep press/releasing the F8 function key and you'll reach a menu where you can select the option "Disable Automatic restart on system failure".

If you see no minidump>
Enable Minidump's in Windows XP:
http://www.cakewalk.com/Support/ProblemReporter/minidump.asp


<System restore also does not work>
We can look at this later .. can be from various causes.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
When I open the text file that I create from the .dmp file, all I get is a bunch of characters... I must be doing something wrong?

Commented:
Thats okay, often opening the .txt files will corrupt them.   Best not to attempt opening them before posting.    An alternative would be to collect them and zip them, then post them.

Author

Commented:
Ok, I'll try attaching it...
Mini072009-01.txt

Commented:
Yes thats okay.   It looks like a driver update is needed.   The WinDbg analysis states>
Probably caused by : ntkrnlpa.exe ( nt!IopGetDeviceAttachmentBase+12 )

Commented:
Chikita413,
It's still possible that the problem is RAM, or even motherboard.    An underated or suspect power supply unit is also a possibility.
 
Although not essential, ideally we could use three minidumps.  
Still investigating ...

Author

Commented:
No problem, I can attach a few more files.
Mini071909-06.txt
Mini071909-07.txt
Mini071909-08.txt

Commented:
Getting three different results with those dumps ... this is often indicative of memory failure  ...
Suggest you check RAM, as first suggested by tsptech.  

If there's more than one RAM stick(module), suggest removing all but one good one.  Swop them around even ... but just keep ONE in situ at any one time ... see if that fixes the error.

Your results>
IMAGE_NAME:  ntkrnlpa.exe
FAILURE_BUCKET_ID:  0x50_W_nt!ObpRemoveObjectRoutine+e0

IMAGE_NAME:  ntkrnlpa.exe
FAILURE_BUCKET_ID:  0xA_nt!IopGetDeviceAttachmentBase+12

IMAGE_NAME:  Unknown_Image
FAILURE_BUCKET_ID:  0xD1_ANALYSIS_INCONCLUSIVE

Author

Commented:
Thanks for your help. I'll check the RAM and post back with my findings.

Commented:
Jonvee had good input on removing sticks of ram to narrow down a possible bad stick. Memtest or a similiar program should tell you if you have bad memory but it won't tell you which stick usually.

Commented:
      >System restore also does not work<

Once the BSOD issue is resolved you'll want to have a look at System Restore.   Although jumping the gun a bit i'll be logging off for the night soon, & have to ask, are you sure it's enabled?  
http://www.pchell.com/virus/systemrestore.shtml

If yes, maybe the _Restore folder has been corrupted by Malware.  
Try this repair>  
http://windowsxp.mvps.org/repairsr.htm


Reinstalling the System Restore program should not delete existing Restore points which are
stored in a hidden folder.     Probably in C:\System Volume Information

See >"How to gain access to the System Volume Information folder":
http://support.microsoft.com/kb/309531

To reduce possibility of losing the restore points you may wish to backup the folder.
If you get an access denied error, run this command>
cacls "C:\System Volume Information" /E /G %username%:F

Commented:
@ tsptech  ... thank you.

Author

Commented:
Well, a friend happened to have some extra RAM that was the right stuff for my comp, so I swapped it out - only had one stick installed. Booted up and... same BSOD. :( I'm attached the latest minidump files.
Mini072109-01.txt
Mini072109-02.txt

Commented:
Well, at least we're getting consistancy using different RAM  :)

WinDbg analysis almost the same as before>

IMAGE_NAME: ntkrnlpa.exe
FAILURE_BUCKET_ID: 0xA_nt!IopGetDeviceAttachmentBase+c
IMAGE_NAME: Unknown_Image
FAILURE_BUCKET_ID: 0xD1_ANALYSIS_INCONCLUSIVE


WinDbg analysers have been quoted to be no more than ~50% successful.  
Perhaps time to take a look at Driver updates again.  

One option may be this "free to try" link>
http://driveragent.com/index_b.php?q=driveragent

Also suggest testing your Hard drive, choosing the appropriate manufacturer from here>
"Hard Drive Diagnostics Tools and Utilities":
http://tacktech.com/display.cfm?ttid=287

Commented:
You could scan the Hard disk for errors running the command chkdsk /r        

If you need to find HDD details use one of these>

EVEREST Free Edition 2.20
http://www.majorgeeks.com/EVEREST_Free_Edition_d4181.html

Belarc Advisor                      
http://www.belarc.com/free_download.html


For information:  A good article although you may have already seen it>
"Windows system crashes":
http://www.networkworld.com/news/2005/041105-windows-crash.html

Commented:
Before you use DriverAgent you could try the XP in-built Driver Verifier to isolate and troubleshoot a driver>
"Using Driver Verifier to identify issues with Windows drivers for advanced users":
http://support.microsoft.com/kb/244617/en-us

Author

Commented:
I tried Driver Agent and found that quite a few drivers could use an update. Without paying for that subscription, what's the best way to go about finding updates for these drivers?

Commented:
To ensure you get the latest drivers its probably best to check the manufacturers web site.  This Tutorial can be useful although you may well find it too basic>

How to update a Windows hardware driver
http://www.bleepingcomputer.com/tutorials/tutorial119.html

Author

Commented:
What is the general consensus on programs such as 'Driver Agent' or 'Driver Detective'? Is it worth $30 to  have one-click downloading of drivers instead of having to search? Or am I just setting myself up for trouble?
Top Expert 2013

Commented:
personally i have never used any of those, nor did i need  to use one.
As Jonvee said, i find all drivers at the manufacturer's site.
i hope this helps you a bit !

Author

Commented:
I am attaching the results of the Driver Agent Scan. Perhaps someone can help me figure out which are the most important/most likely to be causing my problem? These drivers seem to be harder to find than I anticipated, hence the thought of using Driver Detective.
Driver-Agent-Scan.doc
Top Expert 2013

Commented:

Author

Commented:
Hmmm, most of those driver updates were for components that I don't have. I am not having much luck finding the drivers I supposedly need. I'm afraid to download the wrong ones! Anyone have any other advice?
Top Expert 2013

Commented:
>>  most of those driver updates were for components that I don't have    <<   how do you know?
those drivers are for Compaq SR1511NX, if that is correct, the drivers should be ok too

Author

Commented:
When I installed them, I got an error message saying that update was for something not on my computer.

Commented:
You could re-run Driver Verifier again to see which(if any) Driver is the incorrect type >
http://support.microsoft.com/kb/244617/en-us

Are you still getting the same BSOD with the error "IRQL_NOT_LESS_OR_EQUAL" ?

Author

Commented:
I attempted to use Driver Verifier butI am unsure of how to use it. That article is not clear to me.

Yes, still getting the same BSOD.

Commented:
Okay, well try running the following command from a command prompt to verify all the drivers in your System, and see what you get>

verifier.exe /all

Commented:
See if these instructions on how to run the Driver Verifier are helpful>

<quote>  Here's how to use it to troubleshoot a driver problem:

Access the Run dialog box by pressing the [Windows]-R keyboard shortcut.
In the Open text box, type the command Verifier.
On the Select A Task page, leave the default Create Standard Settings as-is.
On the next page, choose the Select Driver Name From A List.
Select the check boxes next to the driver files that you want to verify.
Click Finish and then reboot the system.   <unquote>

Extracted from >
"Troubleshooting drivers with XP's hidden Driver Verifier Manager":
http://articles.techrepublic.com.com/5100-10878_11-5714091.html

Commented:
More beneficial if i include the complete instruction>>

<quote>   If the driver(s) that you selected are causing a problem, the system will halt and display a BSOD (Blue Screen Of Death) along with an error message. If the selected drivers aren't the cause of the problem, the system will start up normally.

Keep in mind that once you enable the Driver Verifier Manager it stays active until you disable it. To do so, follow these steps:
Access the Run dialog box by pressing the [Windows]-R keyboard shortcut.
In the Open text box, type the command Verifier /reset.
Note: For more detailed information about using the Driver Verifier Manager, read the Knowledge Base article Q244617
<unquote>

Commented:
Another link on The Driver Verifier Manager usage.  To play safe, please note that it's recommended that you should consider making sure that you have created a backup of important documents, before using it.

The Driver Verifier Manager:
http://smallvoid.com/article/winnt-driver-verifier.html

Author

Commented:
I guess I'm not really sure which drivers I should be verifying... None of the ones from the Driver Agent/Driver Detective scans were on the list.

Author

Commented:
Still having the same problem. Have tried updating a few different drivers. Have uninstalled most non-essential programs. I'm not sure if I should post a new question or if this is somehow related, but I uninstalled and reinstalled spybot, and scanned my computer finding a trojan: Win32.TDSS.rtk

I'm also gonna attach the latest minidump files.
Mini072609-03.txt
Mini082609-02.txt
Mini082709-04.txt

Author

Commented:
I forgot to mention that Spybot will remove the entries, but they always reappear after I restart.
Commented:
Okay, then try downloading then updating Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
When updated, reboot into Safe Mode by selecting F8 at bootup & run a scan.

Tutorial available, if you require >
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t169669.html

If you cannot run MBAM, try downloading a new MBAM and rename it BEFORE saving it to your desktop, then try again.

Worth viewing>
"Trojan called Win32.TDSS.rtk":
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t189751.html


If MBAM doesn't remove the trojan, try running Combofix.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running, and remember to re-enable them later, upon completion.

Also it may be necessary to rename ComboFix.exe to Combo-Fix.exe (for example), before saving it to your desktop.  If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick (or equivalent).  Rename it and connect to the problematic machine.

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.

Ideally ComboFix should be run in normal mode.

Will analyse your dumps later ...

Commented:
Analysis, virtually same as before ...

2 dumps gave>
IMAGE_NAME:  ntkrnlpa.exe
FAILURE_BUCKET_ID:  0xA_nt!IopGetDeviceAttachmentBase+12

3rd dump>
IMAGE_NAME:  Unknown_Image
FAILURE_BUCKET_ID:  0xD1_ANALYSIS_INCONCLUSIVE

Finding that trojan certainly indicates an infected machine(s).  Hopefully, disinfecting will resolve your problem!

Author

Commented:
Here are both the Combofix log and the HijackThis log.
log.txt
hijackthis07-28.log

Commented:
HijackThis log results:    

These two entries should be fixed>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.spysubtract.com/spdbupdcomplete.php?220=7B37333736354541452D393939312D343231312D413230312D4530453032383732454633377D&431=&120=2.65&160=1130294911&170=1&210=Other&310=1012&150=60&155=55&130=t&225=n&215=&430=e0041109&195=2.61&171=&172=&500=2&501=0

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Best though to concentrate on the ComboFix results, which show a large number of "Other Deletions".
It will take me a considerable time to study the Combo log and see whether a Script is needed, and ComboFix re-run, but i'll get back to you asap.

Most importantly, are you still getting a BSOD ?      Or any other symptoms?

Commented:
ComboFix log:   Have scrutinised the log and can see no serious infection left.  
However, there are a *small* number of suspicious entries such as these two >

c:\windows\system32\ChCfg.exe

CHCFG.EXE:  Cloaked Malware
http://www.prevx.com/filenames/X1670636528577557541-X1/CHCFG.EXE.html

and ...

PROGRESS.EXE:  Malicious Software:
http://www.prevx.com/filenames/X2196811121502909354-X1/PROGRESS.EXE.html

Also, this entry looks suspicious>
c:\windows\system32\E9B6ECDEDB.dll

For now i'll await your feedback.  We may not require a Script.

Author

Commented:
Ok, bear with me... what exactly should my next steps be? Run Prevx? How would I remove those entries you suggested from the Hijack This log?

As far as a BSOD, have not had one again yet, but when they did come up,  they were very intermittent.

I did have a new error message today though that read: "Script has been stopped due to low memory condition." Don't know if that's related or something new...

Thanks again for all your help... feels like we might be close to a solution :)

Author

Commented:
Went ahead and ran a scan with Prevx - found 2 infections:

sispower.dll in c:\windows\system32\      High Risk Fraudulent Security Program

\REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run       Infected Entry: [SiSPower]


I did download a driver from SIS back when I was trying to update drivers...

Commented:
To remove entries from the log you run a Hijackthis scan, save the log file, then copy and paste the logfile to the site below.  
http://www.hijackthis.de/
Select "Short analysis".  
Wait a moment for the analysis, then a list of items for you to scrutinise will appear.  If you're familiar with using HijackThis you'll know what items to FIX.  

Here's also an in-depth Hijackthis tutorial>
http://www.bleepingcomputer.com/tutorials/tutorial42.html

Or maybe you'll prefer this one >
"HijackThis Log Tutorial":
http://www.aumha.org/a/hjttutor.php

Incidently ComboFix & Prevx may already have removed the HJT detected problem.

It was a good idea running Prevx.  
You could also try a-squared Free, and run Malwarebytes again to cleanup:
http://www.emsisoft.com/en/software/free/

You may also like to try Trend Micro's free online virus scanner:            
http://housecall.trendmicro.com/uk/

Also the Kaspersky free online virus scanner>
http://www.kaspersky.co.uk/virusscanner

Commented:
Matter of interest are you running XP SP2 or SP3 ?

>Script has been stopped due to low memory condition<
This link may be of interest>
"A script on this page has been stopped due to a low memory condition":
http://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=287849&forumId=1

You may want to try Safe mode and enable add-ons one by one, if it's relevant.

Author

Commented:
I am running SP3.

Haven't had a BSOD in days... looks like problem solved! Thanks SO MUCH for all the help.

Commented:
You're very welcome.    Thanks for the regular feedback, it helps considerably.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial