bsod after login

JimJoe

Vista Guru
My Vista home premium computer works fine until I log into any of the accounts.

Windows desktop starts to show up, then bsod.

The error is one of 2: 'irq less than or equal' or 'irq not less than or equal'. Sorry, I was half-asleep this morning, and just shut it off after the third bsod. I had to get to work.

The only thing I can think of are the security patches I installed via Windows update 2 days ago.

Any suggestions or other ideas ?

Thanks.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
Every time one of those crashes occurs, a DMP file describing the circumstances of the crash is created in the \windows\minidump folder. If you can zip up and upload a few of those (latest) dump files here, one of the regulars might be able to analyse them for you and tell you why the machine is crashing.

If you can't get the dumps because none of the accounts get past logon, try what happens when you boot to safe mode (hold F8 during boot). Otherwise, if safe mode also leads to a BSOD on logon, you might be able to get the dump files by accessing this box across the network from another machine, or even with a parallel (second) OS instance to read the disk.
 

My Computer

I'll see what I can do after I get home tonight.

I don't remember it bosding in safe mode.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
Hmm. Almost forgot. When I use a browser and look at web pages, either IE or FF, it works for a few minutes. Then the browser I am using hangs. Lower left on the status bar is says 'stopped' and on the upper right the connect circle just spins and spins. I have to do a restart to get browser funtionality back.

Doesn't matter which browser I use. Nor which sequence i use them in. FF first or IE first.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
Hi -

It was probably a bugcheck 0x0000000a = 0xa = IRQL_NOT_LESS_OR_EQUAL - a kernel mode driver accessed paged memory (or invalid memory) when it should not have (IRQL too high).

0xa usually caused by a bad driver - one that is conflicting with others (e.g., driver may be older and new Windows Updates came in); could be new system service or possibly hardware - like RAM. Let's check the software end 1st.

Please also run msinfo32 and save as an NFO file
START | type msinfo32 | save in default NFO file format (NFO = file extension)

You'll probably have to copy the dumps out from c:\windows\minidumps to another folder like documents. Add the msinfo32 NFO file to them, zip up and attach to next post.

Regards. . .


jcgriff2
.

.
 

My Computer

System One

  • Manufacturer/Model
    HP dv7-1020us
    CPU
    Intel P7350 Core2 Duo @2GHz
    Memory
    4096mb DDR2 SDRAM
    Graphics Card(s)
    NVIDIA GeForce 9600M GT
    Sound Card
    IDT
    Hard Drives
    Fujitsu 320gb SATA HDD 5400RPM
    Mouse
    Logitech USB
    Internet Speed
    Intel 5100
Yeah, thats the error message. It will be around 7-8 hours before I can get home and do this.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
I think I have the zip file on here.

I did the F8, and tried 'last known good configuration'. Still bsod upon login.
 

Attachments

  • jimjoe_dmp_nfo_files.zip
    83.9 KB · Views: 39
Last edited:

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
Your crashes are being caused by Avast drivers:

Image path: \SystemRoot\System32\Drivers\aswTdi.SYS
Image name: aswTdi.SYS
Timestamp: Fri Feb 06 08:06:19 2009 (498B54CB)
That's Avast's TDI (Transport Driver Interface) filter driver. The second suspect driver is this one:

Image path: \SystemRoot\System32\Drivers\aswRdr.SYS
Image name: aswRdr.SYS
Timestamp: Fri Feb 06 08:06:09 2009 (498B54C1)
Based on its name, that's a "redirector" monitor of some sort.

You might be able to update the Avast package to a newer version which hopefully won't have this problem. Otherwise, if you remove Avast the crashes will stop.
 

My Computer

Interesting.

My crashes happened after I did the Windows updates. I think I found the one of those that was causing the conflict. I removed several with a certain install date on them and the crash didn't happend on Wednesday night after I got done. Evidently Avast and one of the Windows updates is conflicting with each other. I'll work on it this weekend. I might change to another one of the anti-virus programs mentioned here.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
Glad you got it working. I'm 99% certain that your crashes were due to Avast (I'm never 100% on anything, by definition), so if uninstalling some Windows update seems to have bypassed the issue that would only be because of a different codepath taken. I'd still suggest you apply the Windows patch (might need it) after you update Avast.
 

My Computer

I was going to add them back in one at a time, use the computer, etc. then apply another one, until it stops working. Maybe a period of time apart, so I don't get the wrong one.

I did try an update on Avast, but it said it was at its newest version.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
OK I checked it out.
I analyzed them and here is what I got:

DMP FILE 1
*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
*** WARNING: Unable to verify timestamp for aswRdr.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswRdr.SYS
Probably caused by : tdx.sys ( tdx!TdxIssueQueryAddressRequest+202 )

DMP FILE 2
*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
*** WARNING: Unable to verify timestamp for aswRdr.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswRdr.SYS
Probably caused by : tdx.sys ( tdx!TdxIssueQueryAddressRequest+202 )

I looked in your sys info:
tdx NetIO Legacy TDI Support Driver c:\windows\system32\drivers\tdx.sys Kernel Driver Yes System Running OK Normal No Yes

That is causing the BSOD. I would do a SFC in Safe Mode.

Command Prompt:
sfc /scannow
 

My Computer

System One

  • Manufacturer/Model
    Apple MacBook Pro 13inch
    CPU
    Intel Core 2 Duo @ 2.26GHz
    Motherboard
    ?
    Memory
    2GB DDR3 RAM
    Graphics Card(s)
    NVIDIA GeForce 9400M @256MB Dedicated DDR3 VRAM
    Sound Card
    Intel High Definition Audio
    Monitor(s) Displays
    Laptop: 32 bit Color LCD
    Screen Resolution
    1280x800
    Hard Drives
    HITACHI HTS545025B9SA02 250GB (Internal)
    IOMEGA PRESTIGE PORTABLE 500GB (External)
    PSU
    N/A
    Case
    N/A
    Cooling
    N/A
    Keyboard
    Black Chiclet-Style Keyboard (Standard US) with Backlight
    Mouse
    No-Button Aluminum Trackpad w/ Mouse Gestures
    Internet Speed
    T1
I uninstalled avast. Computer was still bsoding. I'll put back the patches. I put a different anti-vir on my computer.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire X1700
    Motherboard
    ASUS
    Memory
    3 gigs
    Graphics Card(s)
    EVGA 1 gig GeForce 210
    Monitor(s) Displays
    Vizio 21" tv
    Screen Resolution
    1920x1080 resolution
    Hard Drives
    1 terabyte sata in 1 partition
    Cooling
    fans that came with it
    Keyboard
    basic USB
    Mouse
    basic USB
    Internet Speed
    3 megabits on a cable modem, wired
JimJoe, do a SFC, it will repair the BSODing file, I would suppose.
 

My Computer

System One

  • Manufacturer/Model
    Apple MacBook Pro 13inch
    CPU
    Intel Core 2 Duo @ 2.26GHz
    Motherboard
    ?
    Memory
    2GB DDR3 RAM
    Graphics Card(s)
    NVIDIA GeForce 9400M @256MB Dedicated DDR3 VRAM
    Sound Card
    Intel High Definition Audio
    Monitor(s) Displays
    Laptop: 32 bit Color LCD
    Screen Resolution
    1280x800
    Hard Drives
    HITACHI HTS545025B9SA02 250GB (Internal)
    IOMEGA PRESTIGE PORTABLE 500GB (External)
    PSU
    N/A
    Case
    N/A
    Cooling
    N/A
    Keyboard
    Black Chiclet-Style Keyboard (Standard US) with Backlight
    Mouse
    No-Button Aluminum Trackpad w/ Mouse Gestures
    Internet Speed
    T1
Hi -

Bugchecks on the 2 dumps were nearly identical - 0xa -

0xa (0x0, 0x2, 0x1, 0x821d0ede), probable cause = MS TDI translation driver tdx.sys
0xa (0x0, 0x2, 0x1, 0x821c2ede), p/c = tdx.sys

This is what I would be looking at first - it needs to go away -
Code:
[FONT=Lucida Console][B]2xExplorer[/B] 1.4.1.12 [COLOR=red]10/2/2002[/COLOR] 9:21 AM [/FONT]
[FONT=Lucida Console]Varate Vgiolitzndes Records c:\2xexplorer\2xexplorer.exe[/FONT]

Get these updated; specifically the Ethernet - it has more of a connection to tdx.sys
Code:
[FONT=Lucida Console]NVidia nForce NIC driver[/FONT]
[FONT=Lucida Console]nvmfdx32.sys Sat Nov 17 18:46:42 2007 (473F7D62)[/FONT]
[FONT=Lucida Console] [/FONT]
[FONT=Lucida Console]NVidia video [/FONT]
[FONT=Lucida Console] nvlddmkm.sys Thu Oct 16 19:26:05 2008 (48F7CD8D)[/FONT]

The stack text shows network activity -
Code:
[FONT=lucida console][B]STACK_TEXT[/B] (edited):  [/FONT]
[FONT=lucida console]0000 81e4bbf9 [COLOR=blue]nt![/COLOR]KiTrap0E+0x2ac[/FONT]
[FONT=lucida console]e4e8 88534c98 hal!KeAcquireSpinLockRaiseToSynch+0xe[/FONT]
[FONT=lucida console]b9fc 8af6ba3c tcpip!TcpIoControlEndpoint+0xb0[/FONT]
[FONT=lucida console]b9fc 875b811c tcpip!TcpTlEndpointIoControlEndpoint+0x81[/FONT]
[FONT=lucida console]e4d0 881ee500 [COLOR=red][COLOR=red]tdx![/COLOR][/COLOR]TdxIssueQueryAddressRequest+0x202[/FONT]
[FONT=lucida console]e490 881ee500 [COLOR=red]tdx![/COLOR]TdxQueryInformationTransportAddress+0x5e[/FONT]
[FONT=lucida console]e490 875b8118 [COLOR=red]tdx![/COLOR]TdxTdiDispatchInternalDeviceControl+0xc5[/FONT]
[FONT=lucida console]8030 87589720 [COLOR=blue]nt![/COLOR]IofCallDriver+0x63[/FONT]
[FONT=lucida console]on not available. Following frames may be wrong.[/FONT]
[FONT=lucida console]e490 875897d8 [COLOR=#990000]aswTdi[/COLOR]+0x8fa[/FONT]
[FONT=lucida console]ffb3 87589720 [COLOR=blue]nt![/COLOR]IofCallDriver+0x63[/FONT]
[FONT=lucida console]e490 ff040000 [COLOR=purple]aswRdr[/COLOR]+0x310[/FONT]
[FONT=lucida console]e490 8838fcb0 [COLOR=#990000]aswTdi[/COLOR]+0x7279[/FONT]
[FONT=lucida console]8050 8af6bb84 [COLOR=#990000]aswTdi[/COLOR]+0x7200[/FONT]
[FONT=lucida console]da54 00000000 [COLOR=#990000]aswTdi[/COLOR]+0x2bc7[/FONT]
[FONT=lucida console]fbf8 8838fcb0 [COLOR=#990000]aswTdi[/COLOR]+0x3ac5[/FONT]
[FONT=lucida console]fbf8 875897d8 [COLOR=#990000]aswTdi[/COLOR]+0x84e[/FONT]
[FONT=lucida console]ffb3 87589720 [COLOR=blue]nt![/COLOR]IofCallDriver+0x63[/FONT]
[FONT=lucida console]85ac 00000000 [COLOR=purple]aswRdr[/COLOR]+0x310[/FONT]
[FONT=lucida console]bc90 0000000c [B]afd![/B]AfdIssueDeviceControl+0xcf[/FONT]
[FONT=lucida console]0002 00000000 [B]afd![/B]AfdSetEventHandler+0x2e[/FONT]
[FONT=lucida console]7de0 885285ac [B]afd![/B]AfdTdiClearVcEventHandlers+0x2d[/FONT]
[FONT=lucida console]b268 8af6bd30 [B]afd![/B]AfdFreeEndpointResources+0x90[/FONT]
[FONT=lucida console]613c 866411f0 [B]afd![/B]AfdFreeEndpointTditl+0x21[/FONT]
[FONT=lucida console]0000 84384ad0 [B]afd![/B]AfdDoWork+0x51[/FONT]
[FONT=lucida console]0000 84384ad0 [COLOR=blue]nt![/COLOR]IopProcessWorkItem+0x23[/FONT]
[FONT=lucida console]f9fe 00000000 [COLOR=blue]nt![/COLOR]ExpWorkerThread+0xfd[/FONT]
[FONT=lucida console]0001 00000000 [COLOR=blue]nt![/COLOR]PspSystemThreadStartup+0x9d[/FONT]
[FONT=lucida console]0000 00000000 [COLOR=blue]nt![/COLOR]KiThreadStartup+0x16[/FONT]

afd! = related to winsock.
nt! = NT Kernel
aswrdr = Avast
aswtdi = Avast
tdx = named probable cause, but I doubt it highly


Get rid of the 2002 exe, update the drivers - specifically Ethernet, then run the Driver Verifier - let it help flush out any 3rd party driver in hiding -
START | type cmd.exe | right-click on cmd.exe uptop under programs | Run as Administrator | type verifier & hit enter - the Verifier screen will appear | do the following:
Code:
[FONT=lucida console]1. Select 2nd option - "Create custom settings (for code developers)"[/FONT]
[FONT=lucida console]2. Select 2nd option - "Select individual settings from a full list"[/FONT]
[FONT=lucida console]3. Check these boxes -[/FONT]
[FONT=lucida console]• Special Pool [/FONT]
[FONT=Lucida Console]• Pool Tracking [/FONT]
[FONT=Lucida Console]• Force IRQL checking[/FONT]
[FONT=Lucida Console]• Deadlock Detection[/FONT]
[FONT=Lucida Console]• Miscellaneous Checks[/FONT]
[FONT=lucida console]4. Select last option - "Select driver names from a list"[/FONT]
[FONT=lucida console]5. Click on the Provider heading - sorts list by Provider[/FONT]
[FONT=lucida console]6. Check ALL boxes where Microsoft is not the Provider[/FONT]
[FONT=lucida console]7. Click on Finish [/FONT]
[FONT=lucida console]8. Re-boot[/FONT]

If the Driver Verifier (DV) finds a violation, it will result in a BSOD. After re-boot, you may not be able to log on. If so, boot into SAFEMODE (select Last Known Good Configuration or System Restore). To see the status of Verifier - type verifier - select the last option on the first screen - "Display information about the currently verified drivers..". To turn Driver Verifier off - verifier /reset then re-boot. Keep the verifier running as long as possible, even if the status screen appears clear.

If you get a BSOD, get the verifier-enabled dump file from c:\windows\minidump, zip it up & attach to next post.

Regards. . .

jcgriff2

.
 

My Computer

System One

  • Manufacturer/Model
    HP dv7-1020us
    CPU
    Intel P7350 Core2 Duo @2GHz
    Memory
    4096mb DDR2 SDRAM
    Graphics Card(s)
    NVIDIA GeForce 9600M GT
    Sound Card
    IDT
    Hard Drives
    Fujitsu 320gb SATA HDD 5400RPM
    Mouse
    Logitech USB
    Internet Speed
    Intel 5100
Anyone who colour-codes the modules in a stack gets rep from me :)

Out of curiosity, do you see anything linking 2xexplorer.exe to the crash other than the age of the binary?

Personally, I'd still be interested to see the dumps corresponding to crashes without the Avast drivers.
 

My Computer

its seems that main culprit is an outdated ethernet drivers as far as i can see from the minidumps...
it just seems that avast gets intangled in this mess...:)
i dont really see 2xexplorer.exe as a cause since this is a file manager and unless he was looking at a network share (which most probably isnt...)
i think we can rule out xplorer²
 

My Computer

The crashes which happened after Avast was removed would be interesting to analyse.

I'm also not seeing the obvious link to 2xexplorer. Unless it's injected its own k-mode driver, it's just an app. Doesn't matter if it's as old as the hills - it's just user-mode code. If it did somehow manage to cause a bugcheck, that would constitute a bug in the OS.
 

My Computer

Hi -

Thank you.

I asked for msinfo32 b/c I like to review the WERCON portion of Software Environment to see appcrashes/ hangs.

WERCON showed this Explorer crash w/ ntdll.dll - but a 0x80000003 exception. To me, that indicates a checked-build. But of what? Both MS modules have the tell-tale SP1 timestamp of Jan 19 2008 and the correct version number for SP1.
Code:
[FONT=lucida console]3/15/2009 1:48 AM       Application Error       Faulting application Explorer.EXE, version 6.0.6001.18000, [/FONT]
[FONT=lucida console]time stamp 0x47918e5d, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, [/FONT]
[FONT=lucida console]exception code [B]0x80000003[/B][/FONT]


So, no - I found no direct 2explorer.exe tie to BSOD - just the 2002 date.

I just noticed while copying the above out, the presence of a BSOD-causing giant -
Code:
[FONT=lucida console][B][SIZE=3][COLOR=red]ZoneAlarm[/COLOR][/SIZE][/B][/FONT]
[FONT=lucida console][SIZE=3]vsdatant.sys Thu Nov 13 18:15:52 2008 (491CB528)[/SIZE][/FONT]

@ darkassain - un-install ZoneAlarm. Otherwise, you will be back for additional BSODs in the near future.

Regards. . .

jcgriff2

.
@ H2SO4 - I really like your how-to on crash dump analysis.
I refer many to them.

I also agree on not seeing Avast in stack text. The purpose of Driver Verifier.

.
 

My Computer

System One

  • Manufacturer/Model
    HP dv7-1020us
    CPU
    Intel P7350 Core2 Duo @2GHz
    Memory
    4096mb DDR2 SDRAM
    Graphics Card(s)
    NVIDIA GeForce 9600M GT
    Sound Card
    IDT
    Hard Drives
    Fujitsu 320gb SATA HDD 5400RPM
    Mouse
    Logitech USB
    Internet Speed
    Intel 5100
Back
Top