DRIVER_IRQL_NOT_LESS_OR_EQUAL

mykyta · Apr 29, 2014

have this error DRIVER_IRQL_NOT_LESS_OR_EQUAL caused driver by usbuhci.sys
or UNEXPECTED_KERNEL_MODE_TRAP caused by driver xNtKrnl.exe
what i need to add?

Shintaro · Apr 30, 2014

Welcome to the W7Forums.

Could you please start out doing the following:

Download and run TDSSKiller.
Install Malwarebytes (Free Version) and scan your computer.
Please download and run Windows Defender Offline. It will create a CD / DVD / USB and will boot and scan your hard drive offline.
Download CPU-Z and run it. Go to the "About" tab and save it as a txt (text) file. Upload the text file to the forum.

Also what do you have plugged in to your USB ports? Are you using a USB hub?

Please Uninstall any ASUS Utilities for example Asus ATK0110 ACPI Utility.

mykyta · Apr 30, 2014

Shintaro said:
Welcome to the W7Forums.

Could you please start out doing the following:

Download and run TDSSKiller.

Install Malwarebytes (Free Version) and scan your computer.

Please download and run Windows Defender Offline. It will create a CD / DVD / USB and will boot and scan your hard drive offline.

Download CPU-Z and run it. Go to the "About" tab and save it as a txt (text) file. Upload the text file to the forum.

Also what do you have plugged in to your USB ports? Are you using a USB hub?

Please Uninstall any ASUS Utilities for example Asus ATK0110 ACPI Utility.

i plugged only mouse and web-cam in usb
TDSSkiller and Malwarebytes killed some virus

Shintaro · Apr 30, 2014

Please upload the log file from TDSSKiller. It is in C:\ It will start with TDSSKiller.
For example TDSSKiller.2.8.16.0_01.05.2014_03.19.22_log.txt

Have you had any more crashes?

mykyta · May 1, 2014

Shintaro said:
Please upload the log file from TDSSKiller. It is in C:\ It will start with TDSSKiller.
For example TDSSKiller.2.8.16.0_01.05.2014_03.19.22_log.txt

Have you had any more crashes?

last crash today

Shintaro · May 1, 2014

You have a rootkit, which means that you might get rid of it or maybe you will not.

Code:

16:17:15.0412 0x0948  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
16:17:15.0417 0x0948  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:17:15.0424 0x0948  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
16:17:17.0235 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:17:19.0072 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:17:20.0149 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:17:21.0079 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:17:23.0790 0x0948  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:17:25.0506 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:17:28.0502 0x0948  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:17:29.0671 0x0948  \Device\Harddisk0\DR0\TDLFS - deleted
16:17:29.0671 0x0948  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
16:17:31.0175 0x0948  KLMD registered as C:\Windows\system32\drivers\08827882.sys
16:17:55.0580 0x0bd8  Deinitialize success

So you need to run those scans again and post the log files.

There is no point proceeding until we are sure that the rootkit is removed.

mykyta · May 3, 2014

Shintaro said:

You have a rootkit, which means that you might get rid of it or maybe you will not.

Code:

16:17:15.0412 0x0948  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
16:17:15.0417 0x0948  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:17:15.0424 0x0948  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
16:17:17.0235 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:17:19.0072 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:17:20.0149 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:17:21.0079 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:17:23.0790 0x0948  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:17:25.0506 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:17:28.0502 0x0948  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:17:29.0671 0x0948  \Device\Harddisk0\DR0\TDLFS - deleted
16:17:29.0671 0x0948  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
16:17:31.0175 0x0948  KLMD registered as C:\Windows\system32\drivers\08827882.sys
16:17:55.0580 0x0bd8  Deinitialize success

So you need to run those scans again and post the log files.

There is no point proceeding until we are sure that the rootkit is removed.

Shintaro · May 3, 2014

Thanks for that, but when you run TDSSKiller, click on "Change Parameters" and select the additional options:

Verify file digital signatures
Detect TDLFS file system.

Then please post the log file to the forum.

mykyta · May 4, 2014

Shintaro said:
Thanks for that, but when you run TDSSKiller, click on "Change Parameters" and select the additional options:

Verify file digital signatures

Detect TDLFS file system.

Then please post the log file to the forum.

Shintaro · May 5, 2014

Alright that looks better.

Open a command prompt as Administrator and type in:

Code:

wmic recoveros set DebugInfoType = 2

Please post a screen shot when it completes.
Then reboot.

Any crashes after that please upload them to the forum.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

mykyta

Attachments

Shintaro

mykyta

Attachments

Shintaro

mykyta

Attachments

Shintaro

mykyta

Attachments

Shintaro

mykyta

Attachments

Shintaro