ItsGeekToMe.co

Q: We enjoy reading your column each week and hope you will have more words of wisdom to help us with a problem. Several weeks ago we started experiencing the BSOD at random times, maybe just once, or several times a day, or maybe skip a day. The first part of the message is always the same. “IRQL NOT LESS OR EQUAL“. That is followed by a line of characters which have some variation each time. Here are two examples:

0x0000000A (0x8C25CE58, 0x00000002, 0x00000000,0x82CE17A4)
0x0000000A (0x8C39A0F0, 0x00000002, 0x00000000,0x82CD97A4)

It then indicates a memory dump and freezes so that we have to restart the machine. We have made no hardware changes and to my knowledge, no driver changes. I sure could use some help with the Geek speak.

– Richard T.
Crestview, Florida

A: What you’re describing is a typical BSOD (that’s “Blue Screen of Death” for those of you not up on your Microsoft smack-talk). The bad news is that a BSOD is Windows’s absolute last resort when something has gone awry. Unfortunately, this is such a vague error that it’s impossible to tell just from the error message what actually went wrong. (Really, Bill? “IRQL NOT LESS OR EQUAL”? REALLY?!?) The “Geek Speak” translation of this horrid message requires a bit of background. First of all, there is a portion of the operating system called the “Kernel”, which is responsible for managing all the computer’s hardware resources. It is the most trusted portion of software on the entire system, and has access to all processes, hard drive space, and memory. Certain software runs in Kernel Mode to get system access at a higher level than User Mode. This error occurred because a process running in Kernel Mode attempted to access memory that it did not have permission to access. The problem was detected, and the system BSOD’d to protect itself.

BSODs in general, and this kind in particular are typically caused by a device driver problem; a “device driver” being a piece of software that sits between Windows and any given hardware device, which allows Windows to communicate with it, or “drive” it. Device drivers can become outdated or corrupted, and can even malfunction after being updated to a newer version. Or, the driver could be fine and something is wrong with the hardware it is trying to drive. Again, it’s impossible to tell from this message. There might be more information in the memory dump, but I doubt it would be meaningful to you. There also might be information in the System Logs, but describing how to get into them and look would take more space than I have available.

So, let’s talk about some generic things you can try that will fit in my column space. I recommend booting in Safe Mode to do these actions, so you don’t wind-up in BSOD land right in the middle of working on it.

Let’s start with the simplest fix. You said the problem started a couple of weeks ago. Is there a System Restore Point that pre-dates the issue? If so, restore back to that point. If the problem goes away for a while and then returns, that would indicate an update the system is installing is causing the problem. Check Windows Update’s installation history to narrow it down.

If you can’t simply restore your way out of the problem, you can have Windows verify the integrity of its own files with the Windows System File Checker. It shakes down the critical operating system files to verify that they have not been somehow compromised. To use it, run a command prompt window by pressing [WinKey]+R and typing CMD in the “Run” box. At the command prompt, enter sfc /scannow. If it says it found and fixed something, run it again. Keep running it until it says it didn’t find anything to fix.

You should also know that this problem can be caused by malware. If the system Kernel gets infected, or if malware manages to run in Kernel Mode, it can wreak all sorts of havoc. Make sure you’ve thoroughly scanned your system using the tools mentioned in previous columns.