TechSpot

Stop 0x0000000a Irql_not_less_equal

By allegra31707
Apr 9, 2008
  1. Multiple people in our organization (20 of 100) are reporting the BSoD STOP 0X0000000A IRQL_NOT_LESS_EQUAL. We have run memtest, scannow /sfc, the PSTAT command line process, we've run windows updates and Thinkpad driver updates. Virus scan finds nothing. I do not understand the messages in the event log or the minidump.

    These are all IBM T42's
    RAM=512MB
    1.7GHz Intel Pentium M processor
    network card= Intel Pro

    Thanks for your help.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hi allegra31707 :wave: and welcome to Techspot

    Due to the multitude of possibilities, please attach [​IMG] some of the Minidumps to a new reply.

    Also are all your computers running the same OS ?
    And are all computers connected directly to one Server ? (Being a domain or workgroup)

    I am asking these questions, because you have said that multiple computers are having the same fault. Which leads me to think it is a network (Printer; router; ..or other hardware.) issue.
     
  3. allegra31707

    allegra31707 TS Rookie Topic Starter

    mini dump files

    Wow that was quick!

    Forgot to mention that they are all running Windows XP SP2

    See attached dump files 3 of the 9 that I have. I can send more though.
     
  4. allegra31707

    allegra31707 TS Rookie Topic Starter

    more dump files

    Computers are on a Novell network and authenticate to one of 4 servers upon login. Users experience the blue screen randomly.

    More dump files attached.
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes but analyzing takes a lot more time!

    Inside the first 3 MiniDumps:
    w29n51.sys: IntelĀ® Wireless LAN Driver

    Please update the drivers for your Wireless card drivers
    http://www-307.ibm.com/pc/support/site.wss/MIGR-42683.html

    I confirm this driver is very old, so it may be bios related
    If you are not using your wireless hardware, try disabling it in CMOS

    Please reply back, once trying the above (Driver; Bios; Disable)
     
  6. allegra31707

    allegra31707 TS Rookie Topic Starter

    Wireless Network Driver

    The driver that you linked to is different than what is showing up in our device manager. We are showing the Intel Pro Wireless 2200 BG driver version 9.0.4.37 with a date of 7/25/07. We found a newer driver dated dec 07. Should we install that one instead of the Cisco one that you referred us to?
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sorry for the delay.

    Yes
     
  8. allegra31707

    allegra31707 TS Rookie Topic Starter

    To correct our previous entry: After researching our driver and driver version we are on the latest version. Do you have any other suggestions for us. What did you mean when you said it might be bios related? Also we are using the wireless driver, so disabling it unfortunately is not an option.

    Thank you
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please check your IBM T42's driver support page for any bios firware update

    I am actually rattling my head over this one.

    I am wondering if it may have been caused by any security update from MS or your system security Antivirus.

    Do you carry images for these computers?
    ie complete re-install disks

    If so, I'm wondering if restoring one computer (that is presently faulty)
    And then re-confirming if the fault has gone.

    Basically I'm trying to get back to the single computer fix, then apply to all others, once the issue is known.

    Is there anything that you are aware of that has changed recently?
    A new program, or release of new updated software?

    I may need to revisit this thread a bit later too. Sadly
    I must step out for a few hours, but I have another 5 or so mins left!
     
  10. allegra31707

    allegra31707 TS Rookie Topic Starter

    More about my setup

    I have tried reimaging multiple machines. It always seems to comeback. With that said my image is constantly being updated with current updates from Lenovo and windows. Could it be that this is a hardware issue? As far recent changes adobe is constantly updating... so is Java. We use Sophos Anti Virus...
    I ran the PSTAT command line for this machine and if I am reading it correctly the address points to NDIS.SYS . Here is the file. The error message is as follows

    Technical Info
    stop: 0x000000D1 (0x00440070, 0x00000002, 0x00000000, 0xF744202c)

    NDIS.Sys - Address F744202c base at F743e000, Datestamp 41107ec3
    Beginng Dump of Physical Memory
    Physical Memory of Dump Complete
     

    Attached Files:

  11. allegra31707

    allegra31707 TS Rookie Topic Starter

    Virus scan

    A virus scan today found Troj/Badsrc -A. I was able to delete the file using Sophos.
     
  12. allegra31707

    allegra31707 TS Rookie Topic Starter

    More about my setup

    I have tried reimaging multiple machines. It always seems to comeback. With that said my image is constantly being updated with current updates from Lenovo and windows. Could it be that this is a hardware issue? As far recent changes adobe is constantly updating... so is Java. We use Sophos Anti Virus...
    I ran the PSTAT command line for this machine and if I am reading it correctly the address points to NDIS.SYS . Here is the file. The error message is as follows

    Technical Info
    stop: 0x000000D1 (0x00440070, 0x00000002, 0x00000000, 0xF744202c)

    NDIS.Sys - Address F744202c base at F743e000, Datestamp 41107ec3
    Beginng Dump of Physical Memory
    Physical Memory of Dump Complete
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hooray I'm back !

    So this may be Malware related, usually if you have one infection there may be others as well. In a large network it is difficult to isolate the infection, especially if there is file and data sharing happening.

    I've gone back over the original posts and found a lot of information on Server 2003; security updates; network packets; even a small update called afsinst.exe

    But the Trojan issue must be addressed first. Otherwise we might be chasing our tail a bit.

    From what I gather, if you isolate one computer with a clean image, everything is fine. But once connected back to the network, after some time interval, eventually you start receiving these errors.

    Have you run CCleaner and removed all temporary files on all computers?
    Temporary files not only take up space, but can also slow networks down, due to the increase in single computer processing of cache and updating logs and eventually replying back with information themselves.
    Therefore you first need to clean all computers out of junk files.

    Have all computers completed all Windows Security Updates, and are all computers fully protected by virus (are they running their own AntiVirus)
    You may need to run a full scan of Antivirus on all computers, ideally at the same time. (only after doing the previous paragraph first)

    I needed to this myself once, trying to chase a virus on a large network. I eventually came in on a day when the computers were not required (usually a Sunday) and started all computers scanning in Safe mode (updated first)
    I was able to remove one single virus, and all was then ok.
    There are a number of free tools to use including SuperAntiSpyware Ad-aware and others (x a lot !) I think this is your first approach.

    In simpler terms:
    1. Clean (not just the standard Windows clean!)
    2. Update (including Antivirus and Window security)
    3. Scan (from Safe mode; multiple tools)

    Is this possible?
    If not. I really am unsure of what steps to take.
    How long have you been aware of this issue for anyway?
     
  14. allegra31707

    allegra31707 TS Rookie Topic Starter

    virus

    OK thanks for all of your suggestions. It sounds like you are out of suggestions now.

    We ran virus scans on the other computers in question this morning and no viruses were found by Sophos. Sophos also has an enterprise console that is constantly updating the clients and reports viruses via email to our admins (me!).

    We started hearing about the blue screen issue about 2 weeks ago but more people report it every day.

    Thanks anyway for trying to help us.
     
  15. allegra31707

    allegra31707 TS Rookie Topic Starter

    more help???

    Just curious if the other member ever came up with any ideas. We have not heard from him yet.

    Thanks
     
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Good point hang on...
     
  17. jobeard

    jobeard TS Ambassador Posts: 9,315   +618

    the IRQL_NOT_LESS_EQUAL come from two notable conditions:
    1. bad memory
    2. bad code (ie beta stuff)
    as the drivers have been updated, I'm left with buffer overrun exploits.

    *IF* a buffer overflows, code or control data above that buffer get corrupted.
    That memory corruption will impact something, somewhere, sometime.

    IRQL_NOT_LESS_EQUAL. Bad Pool.. all are signs of corruptions.

    suggestion:
    start to monitor and restrict the websites being accessed.
    Start simple, eg yahoo and google.
    Then try the MS Support or MS Update pages.

    Lastly, try Youtub , MySpace, & Facebook.

    IF your system is current for MS Updates, then you should have little exposure
    to buffer overflow (at least in theory as MS has spent $10^6 to fix this stuff).
     
  18. allegra31707

    allegra31707 TS Rookie Topic Starter

    thanks

    Thanks for your time. We cannot restrict those popular websites or there will be a major uproar from the natives! We'll try replacing memory I guess.

    This is driving us crazy! Our most recent attempt was to put a GOOD hard drive from a machine that NEVER blue-screened in a machine that was frequently blue-screening and put the "blue screen machine's hard drive" in a good machine. The GOOD hard drive with the frequently blue screen-ing laptop blue screened within 12 hours.

    ARGH
     
  19. jobeard

    jobeard TS Ambassador Posts: 9,315   +618

    you need a controlled environment to find the cause.

    it is looking more and more like a USAGE issue and not a machine issue.

    12hours, hum; are you sure the fan is operating? get a copy of Everest Home
    and monitor the temperature.
     
  20. allegra31707

    allegra31707 TS Rookie Topic Starter

    hardware

    We ended up convincing the manufacturer that it is a hardware problem and we're sending a few out for repair. We'll see what they say!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...