Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen of Death - DRIVER_IRQL_NOT_LESS_OR_EQUAL


  • Please log in to reply
3 replies to this topic

#1 blackvinyl

blackvinyl

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 August 2009 - 05:31 PM

Hi BC -

My 3-year old Dell XPS 400 desktop with XP SP 3 goes to BSOD immediately after regular Windows boot up. I can operate Windows in safe mode. A run of memtest resulted in errors about 8 minutes in and the motherboard fan took off into hyperspace - I had to shut the machine down before I could analyze the memtest output.


Here is the analysis of my minidmp file:


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Computer\My Documents\Desktop Dump Files\Mini071609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Jul 16 19:07:00.828 2009 (GMT-4)
System Uptime: 0 days 0:01:02.531
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {e1aa3000, 2, 0, b00a0e85}

Unable to load image sthda.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sthda.sys
*** ERROR: Module load completed but symbols could not be loaded for sthda.sys
Probably caused by : sthda.sys ( sthda+4de3 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: e1aa3000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: b00a0e85, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: e1aa3000

CURRENT_IRQL: 2

FAULTING_IP:
+4de3
b00a0e85 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from b00a29f9 to b00a0e85

SYMBOL_ON_RAW_STACK: 1

STACK_ADDR_RAW_STACK_SYMBOL: fffffffff79e5dfc

STACK_COMMAND: dds F79E5DFC-0x20 ; kb

STACK_TEXT:
f79e5ddc 00000000
f79e5de0 805460ee nt!KiThreadStartup+0x16
f79e5de4 8053868e nt!ExpWorkerThread
f79e5de8 00000001
f79e5dec 00000000
f79e5df0 0000027f
f79e5df4 00000000
f79e5df8 edbd2de3 sthda+0x4de3
f79e5dfc 00000008
f79e5e00 86250c04
f79e5e04 00000023
f79e5e08 00001f80
f79e5e0c 0000ffff
f79e5e10 00000000
f79e5e14 00000000
f79e5e18 00000000
f79e5e1c 00000000
f79e5e20 00000000
f79e5e24 00000000
f79e5e28 00000000
f79e5e2c 00000000
f79e5e30 00000000
f79e5e34 00000000
f79e5e38 00000000
f79e5e3c 00000000
f79e5e40 aa218800
f79e5e44 88bd2d69
f79e5e48 00003ffe
f79e5e4c 00000000
f79e5e50 f427f800
f79e5e54 91b380d3
f79e5e58 00003ffb


FOLLOWUP_IP:
sthda+4de3
edbd2de3 ?? ???

SYMBOL_NAME: sthda+4de3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: sthda

IMAGE_NAME: sthda.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42a4c336

FAILURE_BUCKET_ID: 0xD1_sthda+4de3

BUCKET_ID: 0xD1_sthda+4de3

Followup: MachineOwner
---------

Sounds like a hardware failure?

Thanks,

Blackvinyl

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:14 AM

Posted 11 August 2009 - 05:38 PM

Well...any errors in Memtest86+ is not a good thing. At the least, it means that you have to do some analysis and experimentation.

Take a look at:

Basic Methodology for Testing RAM (Outdated but provides methodology): MemTest Manual - http://hcidesign.com/memtest/manual.html

Icrontic Diagnose with Memtest86+ - http://icrontic.com/articles/diagnose_with_memtest86

I hope that you used Memtest86+ and not an older version.

Louis

#3 blackvinyl

blackvinyl
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 12 September 2009 - 08:56 AM

As info for others, after much investigation, the problem turned out to be deteriorated thermal grease on the CPU heatsink. After cleaning and reapplying the heatsink grease, the machine operates.

There are several rootkits and cryp_vundo-18 infecting the machine, which may have exacerbated the CPU issue. I'll start another thread to get those evaluated and removed.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:14 AM

Posted 12 September 2009 - 09:38 AM

Feedback appreciated, good luck with the other issues :thumbsup:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users