Wednesday, September 9, 2015

bsod - Blue screen after Windows 7 login, "Driver Irql Not Less Or Equal"



This occurs just after I log into Windows 7 Home Premium.




Does any body what this means and how to resolve the issue?


Answer



This is likely a malfunctioning driver activated as it occurs after login, or do you experience randomness?



Please read this article to troubleshoot your BSOD, try to see if Safe Mode works and check the Event Log.



If you can get there, please upload the dump file so we can analyze for you which driver did this.







Edit:



Not checking the crash dump is trying to fix a problem without knowing what the problem is.



So, you can try to remotely obtain the crash dump file, it is located at one of these two paths:




  1. C:\Windows\MEMORY.DMP


  2. C:\Windows\Minidump\*.DMP





The best way would be to connect the hard drive to another computer...






Edit 2:



The driver that is crashing your computer multiple times is mfehidk.sys, from McAfee, your virus scanner.




SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem.

Probably caused by : mfehidk.sys ( mfehidk+188e9 )


If we list the module, we get:



fffff880`03ab2000 fffff880`03afba00   mfehidk  T (no symbols)           

Loaded symbol image file: mfehidk.sys
Image path: \SystemRoot\system32\drivers\mfehidk.sys
Image name: mfehidk.sys
Timestamp: Fri Jul 31 23:59:58 2009 (4A73695E)
CheckSum: 0004F637
ImageSize: 00049A00
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4


It's April 2011 and that driver dates back to July 2009, that's horribly out of date for a virus scanner.




If you can get into safe mode you can try to remove the virus scanner, if not you could attempt to rename C:\Windows\System32\drivers\mfehidk.sys so that the operating system should not load it anymore.



There are ony two dumps mentioning the iastor.sys driver, which is related to your hard disk. This makes sense as either the virus scanner driver or the hard disk driver is accessing memory in such way that the other one can't write to it, as a virus scanner scans files but this one seems to do it too early...



See how both dumps have problems reading or writing the memory:



ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx.
The memory could not be %s.


DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arg1: 00000000000007e1, memory referenced
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800112a4ff, address which referenced memory


So, the steps to take are:




  • Prevent the virus scanner from loading, with either safe mode or by renaming the driver.




    This will verify if the virus scanner is the culprit.


  • If it's not the virus scanner, do a error scan on your memory and hard disk.







Edit 3:



As you are crashing on the iastor.sys only now, I've looked at its date.




fffff880`010ba000 fffff880`011d6000   iaStor    Fri Jun 05 03:53:40 2009 (4A287AA4)


If I look at mine I see this:



enter image description here



So, updating your Intel Rapid Storage Technology drivers might fix your issue.




Uninstall any Intel Matrix RAID and Intel Rapid Storage Technology drivers first if possible...


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...