35 replies to this topic

[Jkc73]

Hello Peoples

Originally I received a STOP screen message stating: IRQL_NOT_LESS_OR_EQUAL
0x0000000A: (0x000000E8,0x00000002,0x00000001,0x806E6A16)

I then Restarted my machine and checked for malware with 'malwarebytes' anti-malware and scanned with AVG for virus' and so forth.
Following this I run CCleaner by Piriform, then ATF_Cleaner.

Then I Restarted the system with no problems.
Later I used Windows Media Player, during which I got, you know what! (BSoD)
Same message~ IRQL_NOT_LESS_OR_EQUAL

Restarted and run HD Tune Pro to view the temperature of the hard disk, then tried the media player again, 5 minutes in and BSoD.
Same message~ IRQL_NOT_LESS_OR_EQUAL

So now I would run Verifier.exe to find the following:-

STOP screen message.

A Device driver attempting to corrupt the system has been caught. The faulty driver currently on the Kernel Stack must be replaced with a working version.
0x000000C4: (0x00001003,0x8A45AE48,0x8A4339D0,0x8A3DDE68)
EDIT:The DRIVER_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000C4
Unexpected release: A resource has been released out of the proper order. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active.
Address of the resource that is being released deadlocked
Address of the resource which should have been released first
Reserved
(EDIT: Info found here)
~~~~~~~~~~~~~~~~~~~~
Note: I have no more restore points left and I need my machine to be stable for the classroom.

Please assist from here
Thanks Guys
Jkc73

Edited by Jkc73, 09 February 2009 - 08:10 AM.

[John B..]

Hi,

Originally I received a STOP screen message stating: IRQL_NOT_LESS_OR_EQUAL
0x0000000A: (0x000000E8,0x00000002,0x00000001,0x806E6A16)

Do you still have SP2? Make sure you are up-to-date, because you may get this error if you are outdated:
http://support.microsoft.com/kb/929338

A Device driver attempting to corrupt the system has been caught. The faulty driver currently on the Kernel Stack must be replaced with a working version.
0x000000C4: (0x00001003,0x8A45AE48,0x8A4339D0,0x8A3DDE68)
EDIT:The DRIVER_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000C4
Unexpected release: A resource has been released out of the proper order. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active.
Address of the resource that is being released deadlocked
Address of the resource which should have been released first
Reserved

Do you have Norton Antivirus installed?
http://support.microsoft.com/kb/325672

It would be great if you could supply us with the names of drivers which should be mentioned when you get one of those BSODs (both the IRQL and the other one). Also, do you get those BSODs at specific moments? When you open IE or access a network location for instance.

Please let us know.

Regards,
John.

[Jkc73]

Hi John B..

Do you still have SP2? Make sure you are up-to-date, because you may get this error if you are outdated

I have SP3 updated always.

Do you have Norton Antivirus installed?

No. I have AVG, also updated always.

It would be great if you could supply us with the names of drivers which should be mentioned when you get one of those BSODs (both the IRQL and the other one). Also, do you get those BSODs at specific moments?

The IRQL happened twice while using windows media player 11. I then runVerifier.exe which after a Restart shows a bugcheck using a bluescreen, that is the 2nd one. See this site here to view the results of the bug check.

Thanks

Jkc73

[Jkc73]

Not sure how much this counts, though in Device Manager I have noticed that in Non-Plug and Play Drivers after I received the 1st BSOD, the Serial Device had a yellow tab beside it. After using system restore to try and correct the problem and after the BSOD's , I now have it running in safe mode, which in turn shows no yellow tab. Also there is no parallel that I can see, which I do remember seeing there before.

[Doug]

Hey Jkc73,

I don't have time to follow up with you immediately right now, due to being at work.
You may find useful information about your warned Device Driver, in the MS KB linked below.
http://support.microsoft.com/kb/314464

You should also realize that when you invoke driver verifier.exe.... It is "doing its assigned job" by delivering BSOD and dumpfiles for your additional investigation.

Read up about how to turn-off verifier.exe after you have used it.
It puts a heavy load on the machine resources "intentionally".
And should be properly disabled after use.
If you don't know how, then ask... and wait for an answer before acting, even though you are in a bind to get on with your PL.

Best Regards

[Jkc73]

Read up about how to turn-off verifier.exe after you have used it.
It puts a heavy load on the machine resources "intentionally".
And should be properly disabled after use.
If you don't know how, then ask... and wait for an answer before acting

I have read about disabling the Driver Verifier tool, and found different responses.
1 Says Use the "Last Known Good Configuration" feature, whilst another says, To deactivate all options and clear the verified driver list, use the /reset parameter. Not sure so not doing
I thought maybe /reset and then last known good config, though that sounds to simple.
Time to be patient

Thanks for your help

Jkc73

Edited by Jkc73, 09 February 2009 - 12:29 PM.

[Doug]

Hi Jkc73,

Since I don't know what you may have done in since you last reported your progress, I'll confine myself to general recommendations.

To discontinue driver verifier from running....
Reboot into SAFE Mode
Start - Run (type)verifier /reset

_____________

Let's list what I think you've told us
You are receiving: STOP screen message stating: IRQL_NOT_LESS_OR_EQUAL 0x0000000A
You have not identified the specific Driver(s) associated with this Stop Code
You are running XP (some flavor) SP3
You are confident that your machine is malware free due to good maintenance practices and onboard scans
The BSOD first occurred at some time during which you have not yet described what functions/applications you were using
The BSOD later occured again when running Windows Media Player
For some reason you ran HD Tune Pro to determine the HD Temperature (since you didn't report results, I'll assume all is well)
You discovered via Driver Verifier that at least one faulty driver is detected STOP 0x000000C4
You do not have Norton Antivirus installed on this machine
You have already read and followed instructions at: http://support.microsoft.com/kb/929338
Device Manager Warns - Non-Plug and Play Drivers - Serial Device had a yellow tab beside it <-- may not be a "serial device" (may be USB)
You may or may not have followed the MS KB guide: http://support.microsoft.com/kb/314464
__________________

Let's see if your XP will give up any useful information the easy way...

System Informtion Tool

Start - Run - (type)msinfo32 - Enter
Expand - Components - Double-click Problem Devices

Edit - Select all
File - Export

Name file you are exporting as SysInfoProblemDevices.txt
Save to Desktop or some other location easy to remember.

Post using copy/past the entire text of the SysInfoProblemDevices file into your next Thread reply.
_________________

The above may or may not provide us with usable information
You can investigate further by looking into Event Viewer for Errors associated with any Problem Device identified via System Information


We will benefit from knowing:
Have you installed any Software Recently
Have you installed any Hardware Recently.

Consider reading HERE for other general guidelines for reporting important information when asking for assistance.

The more complete you make your description (per the above guide) the more likely we will be able to identify something and offer assistance.

Best Regards

[Jkc73]

Here you go DaveDoug
Edit:----------------^
This I hope works out better then the last time, still have that hard drive ready to plug in as a slave. See here for details.

SYSTEM SEEMS TO BE RUNNING OK TO DATE, THOUGH STOP SCREENS HAPPEN FOR A REASON, RIGHT!

System Information report written at: 02/11/09 12:39:14
System Name: LEO
[Problem Devices]

Device PNP Device ID Error Code
~~~ No Problem Devices ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
These events start when I had to reinstall Windows OS XP Home Edition SP2, Now Updated to SP3.

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6009
Date: 29/11/2008
Time: 3:21:15 AM
User: N/A
Computer: MACHINENAME
Description:
Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6005
Date: 29/11/2008
Time: 3:21:15 AM
User: N/A
Computer: MACHINENAME
Description:
The Event log service was started.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
These are the Events leading up to the 1st STOP screen message stating: IRQL_NOT_LESS_OR_EQUAL 0x00000

(This Event has regularly continued to appear up to this date)
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 36
Date: 8/02/2009
Time: 12:35:33 AM
User: N/A
Computer: LEO
Description:
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp.
The system clock is unsynchronized.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 2:49:02 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The Universal Plug and Play Device Host service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 2:49:02 PM
User: N/A
Computer: LEO
Description:
The Universal Plug and Play Device Host service entered the running state.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 2:53:51 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 2:53:51 PM
User: N/A
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service entered the running state.

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 8/02/2009
Time: 3:04:56 PM
User: N/A
Computer: LEO
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Data:
0000: 00 00 00 00 01 00 54 00
0008: 00 00 00 00 82 10 00 80
0010: 01 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00

Event Type: Warning
Event Source: AvgTdiX
Event Category: None
Event ID: 54
Date: 8/02/2009
Time: 3:12:16 PM
User: N/A
Computer: LEO
Description:
The description for Event ID ( 54 ) in Source ( AvgTdiX ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Data:
0000: 00 00 00 00 01 00 58 00
0008: 00 00 00 00 36 00 04 80
0010: 00 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00

Event Type: Warning
Event Source: AvgTdiX
Event Category: None
Event ID: 54
Date: 8/02/2009
Time: 3:12:16 PM
User: N/A
Computer: LEO
Description:
The description for Event ID ( 54 ) in Source ( AvgTdiX ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Data:
0000: 00 00 00 00 01 00 58 00
0008: 00 00 00 00 36 00 04 80
0010: 00 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00
(This same Event repeats several times until the following Event)
Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6009
Date: 8/02/2009
Time: 3:21:23 PM
User: N/A
Computer: LEO
Description:
Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6005
Date: 8/02/2009
Time: 3:21:23 PM
User: N/A
Computer: LEO
Description:
The Event log service was started.

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 8/02/2009
Time: 3:21:25 PM
User: N/A
Computer: LEO
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000000a (0x000000e8, 0x00000002, 0x00000001, 0x806e6a16). A dump was saved in: C:\WINDOWS\Minidump\Mini020809-01.dmp.

I have tried to access this "C:\WINDOWS\Minidump\Mini020809-01.dmp" with a result of " Windows cannot open this file: To open this file, Windows needs to know what program created it.Windows can go online to look it up automatically, or you can manually select from a list of programs on your computer.
(At this point I cancelled the request to open, until further advice.)

There are 2 similar files in the Minidump Folder,Mini020809-02.dmp and Mini020809-03.dmp.

The following Events will show similar Events leading up to them being created.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 3:22:15 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:22:15 PM
User: N/A
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service entered the running state.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 3:22:15 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The SSDP Discovery Service service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:22:19 PM
User: N/A
Computer: LEO
Description:
The SSDP Discovery Service service entered the running state.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 3:22:19 PM
User: LEO\Owner
Computer: LEO
Description:
The Remote Access Connection Manager service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:22:21 PM
User: N/A
Computer: LEO
Description:
The Remote Access Connection Manager service entered the running state.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:22:25 PM
User: N/A
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service entered the stopped state.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:22:37 PM
User: N/A
Computer: LEO
Description:
The Google Software Updater service entered the stopped state.

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 8/02/2009
Time: 3:23:13 PM
User: N/A
Computer: LEO
Description:
Error code 1000000a, parameter1 000000e8, parameter2 00000002, parameter3 00000001, parameter4 806e6a16.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 65 38 2c 20 0000e8,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 31 2c 20 38 30 36 65 01, 806e
0050: 36 61 31 36 6a16
(No user action is required.)---> http://go.microsoft....link/events.asp.
(Possible Variant of Sdbot Virus)??? requires more research!(On my part)

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 3:37:07 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The Universal Plug and Play Device Host service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:37:07 PM
User: N/A
Computer: LEO
Description:
The Universal Plug and Play Device Host service entered the running state.

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 8/02/2009
Time: 3:38:12 PM
User: N/A
Computer: LEO
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Data:
0000: 00 00 00 00 01 00 54 00
0008: 00 00 00 00 82 10 00 80
0010: 01 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 3:38:30 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:38:30 PM
User: N/A
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service entered the running state.

Event Type: Warning
Event Source: AvgTdiX
Event Category: None
Event ID: 54
Date: 8/02/2009
Time: 3:46:41 PM
User: N/A
Computer: LEO
Description:
The description for Event ID ( 54 ) in Source ( AvgTdiX ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Data:
0000: 00 00 00 00 01 00 58 00
0008: 00 00 00 00 36 00 04 80
0010: 00 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00

Event Type: Warning
Event Source: AvgTdiX
Event Category: None
Event ID: 54
Date: 8/02/2009
Time: 3:46:41 PM
User: N/A
Computer: LEO
Description:
The description for Event ID ( 54 ) in Source ( AvgTdiX ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Data:
0000: 00 00 00 00 01 00 58 00
0008: 00 00 00 00 36 00 04 80
0010: 00 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6009
Date: 8/02/2009
Time: 3:49:09 PM
User: N/A
Computer: LEO
Description:
Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6005
Date: 8/02/2009
Time: 3:49:09 PM
User: N/A
Computer: LEO
Description:
The Event log service was started.

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 8/02/2009
Time: 3:49:10 PM
User: N/A
Computer: LEO
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000000a (0x000000e8, 0x00000002, 0x00000001, 0x806e6a16). A dump was saved in: C:\WINDOWS\Minidump\Mini020809-02.dmp.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 3:49:38 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The Network Location Awareness (NLA) service was successfully sent a start control.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:50:17 PM
User: N/A
Computer: LEO
Description:
The IMAPI CD-Burning COM Service service entered the stopped state.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:50:21 PM
User: N/A
Computer: LEO
Description:
The Remote Access Connection Manager service entered the running state.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 3:50:23 PM
User: N/A
Computer: LEO
Description:
The Google Software Updater service entered the stopped state.

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 8/02/2009
Time: 3:50:59 PM
User: N/A
Computer: LEO
Description:
Error code 1000000a, parameter1 000000e8, parameter2 00000002, parameter3 00000001, parameter4 806e6a16.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 65 38 2c 20 0000e8,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 31 2c 20 38 30 36 65 01, 806e
0050: 36 61 31 36 6a16

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 4:04:43 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The Universal Plug and Play Device Host service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 8/02/2009
Time: 4:04:43 PM
User: N/A
Computer: LEO
Description:
The Universal Plug and Play Device Host service entered the running state.

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 8/02/2009
Time: 4:05:23 PM
User: N/A
Computer: LEO
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Data:
0000: 00 00 00 00 01 00 54 00
0008: 00 00 00 00 82 10 00 80
0010: 01 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00

Event Type: Warning
Event Source: AvgTdiX
Event Category: None
Event ID: 54
Date: 8/02/2009
Time: 4:13:51 PM
User: N/A
Computer: LEO
Description:
The description for Event ID ( 54 ) in Source ( AvgTdiX ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Data:
0000: 00 00 00 00 01 00 58 00
0008: 00 00 00 00 36 00 04 80
0010: 00 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6009
Date: 8/02/2009
Time: 6:15:58 PM
User: N/A
Computer: LEO
Description:
Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6005
Date: 8/02/2009
Time: 6:15:58 PM
User: N/A
Computer: LEO
Description:
The Event log service was started.

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 8/02/2009
Time: 6:15:59 PM
User: N/A
Computer: LEO
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000000a (0x000000e8, 0x00000002, 0x00000001, 0x806e6a16). A dump was saved in: C:\WINDOWS\Minidump\Mini020809-03.dmp.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 8/02/2009
Time: 6:16:44 PM
User: NT AUTHORITY\SYSTEM
Computer: LEO
Description:
The Fast User Switching Compatibility service was successfully sent a start control.

A few attempts at a system restore failed until the following event.(This happened to be the only restore point left to try)
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 110
Date: 8/02/2009
Time: 7:49:10 PM
User: N/A
Computer: LEO
Description:
A restoration to "cleaned before HJT" restore point occurred successfully.

Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 35
Date: 8/02/2009
Time: 7:49:20 PM
User: N/A
Computer: LEO
Description:
The time service is now synchronizing the system time with the time source time.windows.com (ntp.m|0x1|

Spoiler

2X0.XXX.67X.XXX:1X3->XXX.X46.XXX.X32:XXX).

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Everything in the log from 12:10pm 11-02-09 AEST(Australian Eastern Standard Time) is without Error.(After the verifier /reset)

Hope this will help you, help me.
Many Thanks in Advance
Jkc73

Edited by Jkc73, 11 February 2009 - 10:08 AM.

[Doug]

sysinfo32 reports no Device conflicts -- OK no information of use there.

Manually set a fresh Restore Point <-- Right Now.

C:\Windows\System32\drivers\w29n51.sys <-- upload to Jotti..... If problem identified then post a New Topic in Malware Removal
if Jotti detects a problem, then we will put our work on hold until you complete any necessary work in Malware Removal.
__________________----

Problem is alerting relative to
Time sync
Use of CD Burning
Multiple instances of access to network

I'm no wizard when it comes to analysing MiniDumps but I'm willing to take a look on a "no promises" basis.
Upload as Attached File: C:\WINDOWS\Minidump\Mini020809-03.dmp <-- please only upload this one and not all minidump files
__________________________

Temporarily disable "all" auto-update processes (google notifier, realtek, AVG, etc. )
Run for a couple of days without autoupdaters.... Update your AntiVirus manually on a daily basis. (we just passed update Tuesday, manually update at MS Updates)
__________________________

Your machine's problem is still most likely to be:
Heat or Power fluctuations
Faulty RAM
Faulty Video adapter
Faulty Video Driver
__________________________

Download and Run Everest 2.20
http://majorgeeks.co...wnload4181.html
Navigate to Computer - Sensor
Use Report - create a QuickReport - Senor
Post QuickReport - Sensor in your next reply
______________________________

Create a floppy or bootable CD version of Memtest86
Run about 4 full passes.
"Any" errors will indicate faulty RAM
Report results in your next Reply (ie: no problem or yes problem detected)
______________________________

Review steps you may already have taken to:
Update Chipset Drivers (directly from Manufacturer site)
Update Video Card Driver
______________________________

Run a PCPitstop Full Tests http://www.pcpitstop.com (Use IE when running the Full Tests, register, create a password, accept the ActiveX)
Post the TechExpress Link into your next Reply.

Best Regards,

p.s. Who is DAVE?

[Doug]

You replied to me via PM inquiring about jotti and stating that C:\Windows\System32\drivers\w29n51.sys ....file doesn't exist. It would be better for you to post those replies here in this Thread. That way others, who may be available to help, will see the entire sequence of recommendations and results. Therefore will see what has been tried and not have to cover the same ground again. As to "w2951.sys" not existing.... That's just fine. In fact, that's a good thing. Please complete the other recommendations and post the reports and an update on how your machine seems to be performing. Best Regards

[Jkc73]

Hi Doug,
Here is the QuickReport

--------[ EVEREST Home Edition (c) 2003-2005 Lavalys, Inc. ]------------------------------------------------------------

	Version										   EVEREST v2.20.405
	Homepage										  http://www.lavalys.com/
	Report Type									   Quick Report
	Computer										  LEO
	Generator										 Owner
	Operating System								  Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)
	Date											  2009-02-12
	Time											  03:51


--------[ Sensor ]------------------------------------------------------------------------------------------------------

	Sensor Properties:
	  Sensor Type									   HDD


--------[ Debug - PCI ]-------------------------------------------------------------------------------------------------

	B00 D00 F00:  Intel 82915GV Memory Controller Hub [B-1]
				

	B00 D02 F00:  Intel 82910GL/915G/915GL/915GV Graphics Controller 0
				  
	 
	B00 D1B F00:  Intel 82801FB ICH6 - High Definition Audio Controller [B-2]
				  
	  
	B00 D1C F00:  Intel 82801FB ICH6 - PCI Express Port 1 [B-2]
				  
	  
	B00 D1C F01:  Intel 82801FB ICH6 - PCI Express Port 2 [B-2]
				  
	  
	B00 D1D F00:  Intel 82801FB ICH6 - USB Universal Host Controller [B-2]
				  
	  

	B00 D1D F01:  Intel 82801FB ICH6 - USB Universal Host Controller [B-2]
				  
	  
	B00 D1D F02:  Intel 82801FB ICH6 - USB Universal Host Controller [B-2]
				  
	 

	B00 D1D F03:  Intel 82801FB ICH6 - USB Universal Host Controller [B-2]
				  
	 

	B00 D1D F07:  Intel 82801FB ICH6 - Enhanced USB2 Controller [B-2]
				  
	  
	B00 D1E F00:  Intel 82801FB I/O Controller Hub 6 (ICH6) [B-2]
				  
	  

	B00 D1F F00:  Intel 82801FB ICH6 - LPC Bridge [B-2]
				  
	  

	B00 D1F F01:  Intel 82801FB ICH6 - ATA-100 IDE Controller [B-2]
				  
	  
	B00 D1F F02:  Intel 82801FB ICH6R - Serial-ATA/150 IDE RAID Controller [B-2]
				  
	  
	B00 D1F F03:  Intel 82801FB ICH6 - SMBus Controller [B-2]
				  
	  

	B03 D02 F00:  Conexant D850 56k V.9x DFVc Modem
				  
	  
	B03 D08 F00:  Intel ICH6 PRO/100 VE Network Connection
				  
	 
	PCI-8086-2580:  Intel i910/915/925/945/955/E7221/E7230 MMR
				  
	  

	PCI-8086-2580:  Intel i910/915/925/945/955/E7221/E7230 MMR
	

	PCI-8086-2580:  Intel i910/915/925/945/955/E7221/E7230 MMR
				  
	  

--------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------

	C000:0000  U.X...000000000000.....9@...00IBM VGA Compatible BIOS. .[.k.y...
	C000:0040  PCIR...%.................g...............u.............0........
	C000:0080  ....................................d......d......d.....0d......
	C000:00C0  d......d......d......d.....0d......d.....0d......d......d......d
	C000:0100  ......d.....0d......d......d.....0$......$......d.......... ....
	C000:0140  `".......N... ....@............ ...88.......... .1X. (.........V
	C000:0180  . .1X. .P.......... .0X.  @........d..@A.&0..6.......... A. 0.`.
	C000:01C0  ........$.`A.(00`........0*..Q.*@0p.........4..Q.*@...........=.
	C000:0200  .Q.0@@.........H?@0b.2@@..........O@0b.2@@..........Y@0b.2@@....
	C000:0240  .....h[..r.<P...........t..r.<P..........0.7..2.m..4....8....:..
	C000:0280  ..<.E..A.7..C.m..E....I....K....M.E..P 7..R m..T ...X ...Z ...\ 
	C000:02C0  E..`....a....b ...c....d....e ...f....g....h ...................
	C000:0300  ................................................................
	C000:0340  ............For Evaluation Use Only....(........c-'(.+..........
	C000:0380  .......................................(........c-'(.+..........
	C000:03C0  .......................................P........c_OP.U..........


------------------------------------------------------------------------------------------------------------------------

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Here is the TechExpress link

I have not been able to Create a floppy or bootable CD version of Memtest86, was able to unzip files and run batch file, though seems to of failed in creating boot disk.

Upload as Attached File: C:\WINDOWS\Minidump\Mini020809-03.dmp

Upload failed. You are not permitted to upload this type of file.

Thanks for your help
Jkc73

Edited by Doug: Purpose to make viewing/reading less cluttered from Everest.

[Jkc73]

Hi Doug,

This is to assist with updating my 'out of date' drivers as shown in my TechExpress link
Please have a look here, my system is as follows~
System: Dimension 3100/E310
BIOS:A04 revised 04/04/06

I am unable to locate the updated driver for "Intel® 82915G/GV/910GL Express Chipset Family" that is recommended by "PCPitstop Full Tests"

Also this link is the closest I can find for a driver for"Intel® PRO/100 VE Network Connection".<--- ( I don't wish to make any mistakes with this one, or you may not hear from me in a while.)

_________________________________________________

Next I intend on updating the BIOS from Version A04 dated 04/04/06,
to Version A04 dated 24/04/06, any advice on this, the dates are only 20 days apart,
and Dell states that "The following changes have been made to BIOS rev A03 to create A04: 1. Add support for new CPU."
Should I just update this version and see if there are any other hidden extras?.

_________________________________________________

I have also run a memory test at boot up, it's not the same 1 you recommended as I stated earlier in this thread

I have not been able to Create a floppy or bootable CD version of Memtest86, was able to unzip files and run batch file, though seems to of failed in creating boot disk.

The name of the program is "Windows Memory Diagnostic" as far as the program states when running.
(I searched for a memory diagnostic tool and selected this 1, don't recall the actual name, I just downloaded straight to floppy)
Memory seems Ok, if you have another memory utility that you would like me to run I am all for it.
( This just in, may be able to run Memtest86, downloaded and saved to disk, will run immediately after posting.)

Thanks for any assistance,

Jkc73

[Doug]

http://support.dell..../...n&TabIndex=

Driver updates via Dell

Please do consider installing the following

• CD/DVD <-- only the one(s) related to hardware you have installed
• Chipset <--yes
• Network <-- only the one(s) related to hardware you have installed
• SATA Drives <-- only the one(s) related to hardware you have installed
• Video <-- only the one(s) related to hardware you have installed

Do not install the BIOS upgrade. <-- would probably do no harm, but more likely no good, therefore don't fix what is not broke.
____________________________________________

Most of the Event ID entries are 7035 & 7036 which is telling you that a service was turned on or off, but does not indicated a problem

Of the others...
ID54 - Your uTorrent is hanging in memory (not completely closing when exiting)
System Error Event ID 1003 - is recognizing incompatible driver or controler <-- Related to RAM, SATA HD, Faulty SATA cable or connector
____________________________

Most suspect in your present situation continues to be

• RAM
• Heat
• Hard Drive
• possibly Video Adapter memory

_________________________________

Let us know what you find from Memtest86 and what Windows Memory Diagnostic reported. (any errors at all is too much)
Update the list of drivers above - from the Dell site

[Jkc73]

Driver updates via Dell
Please do consider installing the following

Chipset <--yes

Downloaded, though had a problem. (Already exists on system)
Tried to update driver via Device manager and message displayed was 'No better match'
Please advise if you are aware of a site I can find this device driver.
(intel®82915G/GV/910GL Express Chipset Family, Current Driver~6.14.10.4410||Proposed Driver~6.14.10.4543)
__________________________________________________________

Most suspect in your present situation continues to be

RAM
Heat
Hard Drive
possibly Video Adapter memory

Memtest86 and what Windows Memory Diagnostic run with no errors.
My machine has been cleaned of all dust and is running in an air conditioned room.
Hard Drive is new and has been tested using HDTune previously.
__________________________________________________________

Of the others...
ID54 - Your uTorrent is hanging in memory (not completely closing when exiting)
System Error Event ID 1003 - is recognizing incompatible driver or controler <-- Related to RAM, SATA HD, Faulty SATA cable or connector

Have not had this Event occur again, only once in the log can I find this Event.

Could this be related to explorer.exe and power meter not closing on shut down,
I have had to click cancel to go back to try and find out why, with no good result.

My machine also has intermittently started running slower with the graphics being chunky.(Prior to any memory tests)
___________________________________________________________

Upon pasting into the "Google desktop taskbar" and pressing enter, I receive a 'Runtime error 217 at 020A378B', I click 'OK' and IE opens like normal.
___________________________________________________________

I have updated all anti-malware programs and run them, nothing found.
Event Viewer shows no Errors or Warnings since this~
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1007
Date: 16/02/2009
Time: 7:18:41 PM
User: N/A
Computer: LEO
Description:
Your computer has automatically configured the IP address for the Network Card with network address 0016x693E43A. The IP address being used is 1x9.xxx.1xx.xxx.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 ....
___________________________________________________________

Thanks again,

Jkc73

Edited by Jkc73, 16 February 2009 - 07:52 PM.

[Jkc73]

In addition to my last post here is an update on the device driver: Intel® 82915G/GV/910GL Express Chipset Family

Property Value
Device ID PCI\VEN_8086DEV_2582SUBSYS_01C41028REV_04\3172E68DD010
Status 0x0180200a Started
Problem 0x00000000
Service ialm
Capabilities 0x00000000
Config Flags 0x00000000
Class Display
Manufacturer Intel Corporation
Hardware IDs PCI\VEN_8086DEV_2582SUBSYS_01C41028REV_04
PCI\VEN_8086DEV_2582SUBSYS_01C41028
PCI\VEN_8086DEV_2582CC_030000
PCI\VEN_8086DEV_2582CC_0300
Compatible IDs PCI\VEN_8086DEV_2582REV_04
PCI\VEN_8086DEV_2582
PCI\VEN_8086CC_030000
PCI\VEN_8086CC_0300
PCI\VEN_8086
PCI\CC_030000
PCI\CC_0300
Class GUID {4D36E968-E325-11CE-BFC1-08002BE10318}
Location PCI bus 0, device 2, function 0
Bus number 0x00000000
Enumerator name PCI
Description Intel® 82915G/GV/910GL Express Chipset Family
Driver {4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Physical Object Name \Device\NTPNP_PCI0001
Bustype GUID {44203042-2046-4245-2043-382031302042}
Legacy bus type 0x00000005
Install State 0x00000000
Device Address 0x00020000
Device Configuration File c:\windows\inf\oem3.inf
Used Files C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\ialmrnt5.dll
C:\WINDOWS\system32\ialmdnt5.dll
C:\WINDOWS\system32\ialmdev5.dll
C:\WINDOWS\system32\ialmdd5.dll
C:\WINDOWS\system32\igxpxa32.cpa
C:\WINDOWS\system32\igxpxa32.vp
C:\WINDOWS\system32\igxpxk32.vp
C:\WINDOWS\system32\igxpxs32.vp
C:\WINDOWS\system32\hccutils.dll
C:\WINDOWS\system32\igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpph.dll
C:\WINDOWS\system32\igfxcpl.cpl
C:\WINDOWS\system32\igfxcfg.exe
C:\WINDOWS\system32\igfxdev.dll
C:\WINDOWS\system32\igfxdo.dll
C:\WINDOWS\system32\igfxtray.exe <--- This file was disabled in Spybot S&D~Tools~StartUp.
C:\WINDOWS\system32\igfxzoom.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxress.dll
C:\WINDOWS\system32\igfxpers.exe <--- This file was disabled in Spybot S&D~Tools~StartUp.
C:\WINDOWS\system32\igfxrara.lrc
C:\WINDOWS\system32\igfxrchs.lrc
C:\WINDOWS\system32\igfxrcht.lrc
C:\WINDOWS\system32\igfxrdan.lrc
C:\WINDOWS\system32\igfxrdeu.lrc
C:\WINDOWS\system32\igfxrenu.lrc
C:\WINDOWS\system32\igfxresp.lrc
C:\WINDOWS\system32\igfxrfin.lrc
C:\WINDOWS\system32\igfxrfra.lrc
C:\WINDOWS\system32\igfxrheb.lrc
C:\WINDOWS\system32\igfxrita.lrc
C:\WINDOWS\system32\igfxrjpn.lrc
C:\WINDOWS\system32\igfxrkor.lrc
C:\WINDOWS\system32\igfxrnld.lrc
C:\WINDOWS\system32\igfxrnor.lrc
C:\WINDOWS\system32\igfxrplk.lrc
C:\WINDOWS\system32\igfxrptb.lrc
C:\WINDOWS\system32\igfxrptg.lrc
C:\WINDOWS\system32\igfxrrus.lrc
C:\WINDOWS\system32\igfxrsve.lrc
C:\WINDOWS\system32\igfxrtha.lrc
C:\WINDOWS\system32\igfxrcsy.lrc
C:\WINDOWS\system32\igfxrell.lrc
C:\WINDOWS\system32\igfxrhun.lrc
C:\WINDOWS\system32\igfxrtrk.lrc
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxexps.dll
C:\WINDOWS\system32\ialmrem.dll
C:\WINDOWS\system32\iglicd32.dll
C:\WINDOWS\system32\igldev32.dll
C:\WINDOWS\system32\ialmudlg.exe
C:\WINDOWS\system32\ialmuARA.dll
C:\WINDOWS\system32\ialmuARB.dll
C:\WINDOWS\system32\ialmuCHS.dll
C:\WINDOWS\system32\ialmuCHT.dll
C:\WINDOWS\system32\ialmuCSY.dll
C:\WINDOWS\system32\ialmuDAN.dll
C:\WINDOWS\system32\ialmuDEU.dll
C:\WINDOWS\system32\ialmuELL.dll
C:\WINDOWS\system32\ialmuENG.dll
C:\WINDOWS\system32\ialmuESP.dll
C:\WINDOWS\system32\ialmuFIN.dll
C:\WINDOWS\system32\ialmuFRA.dll
C:\WINDOWS\system32\ialmuFRC.dll
C:\WINDOWS\system32\ialmuHEB.dll
C:\WINDOWS\system32\ialmuHUN.dll
C:\WINDOWS\system32\ialmuITA.dll
C:\WINDOWS\system32\ialmuJPN.dll
C:\WINDOWS\system32\ialmuKOR.dll
C:\WINDOWS\system32\ialmuNLD.dll
C:\WINDOWS\system32\ialmuNOR.dll
C:\WINDOWS\system32\ialmuPLK.dll
C:\WINDOWS\system32\ialmuPTB.dll
C:\WINDOWS\system32\ialmuPTG.dll
C:\WINDOWS\system32\ialmuRUS.dll
C:\WINDOWS\system32\ialmuSVE.dll
C:\WINDOWS\system32\ialmuTHA.dll
C:\WINDOWS\system32\ialmuTRK.dll
C:\WINDOWS\system32\iAlmCoIn_v4410.dll
InfPath oem3.inf
InfSection i915G0
ProviderName Intel Corporation
DriverDateData 00 00 47 38 52 D0 C5 01
DriverDate 10-14-2005
DriverVersion 6.14.10.4410
MatchingDeviceId pci\ven_8086dev_2582subsys_01c41028
DriverDesc Intel® 82915G/GV/910GL Express Chipset Family
DeskCheckForDuplicates 1
CoInstallers32 iAlmCoIn_v4410.dll,iAlmMFCoInstaller

Class Display
Display adapters
Installer32 Desk.Cpl,DisplayClassInstaller
TroubleShooter-0 hcp://help/tshoot/tsdisp.htm
Icon -1

No other errors found in the Event Viewer since the warning in my last post.

Please find a very interesting Tech Express link compared with the last one.
Installed Hardware shows a link to here, which relates to "error codes generated by Device Manager in Windows XP". Which states the following "If a device has problems, the device has a red exclamation point next to it. If a device is unknown (usually because of missing drivers), the device has a yellow question mark next to it.
Right-click the device that has the problem, and then click Properties. My Device Manager shows no such red exclamation points or yellow question marks.

This is starting to get a little too strange and is causing more concern.

Please assist when possible.
Jkc73