DRIVER_IRQL_NOT_LESS_OR_EQUAL


Joined
Apr 29, 2014
Messages
5
Reaction score
0
have this error DRIVER_IRQL_NOT_LESS_OR_EQUAL caused driver by usbuhci.sys
or UNEXPECTED_KERNEL_MODE_TRAP caused by driver xNtKrnl.exe
what i need to add?
 

Attachments

Ad

Advertisements

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,135
Reaction score
252
Welcome to the W7Forums.

Could you please start out doing the following:
  1. Download and run TDSSKiller.
  2. Install Malwarebytes (Free Version) and scan your computer.
  3. Please download and run Windows Defender Offline. It will create a CD / DVD / USB and will boot and scan your hard drive offline.
  4. Download CPU-Z and run it. Go to the "About" tab and save it as a txt (text) file. Upload the text file to the forum.

Also what do you have plugged in to your USB ports? Are you using a USB hub?

Please Uninstall any ASUS Utilities for example Asus ATK0110 ACPI Utility.
 
Joined
Apr 29, 2014
Messages
5
Reaction score
0
Welcome to the W7Forums.

Could you please start out doing the following:
  1. Download and run TDSSKiller.
  2. Install Malwarebytes (Free Version) and scan your computer.
  3. Please download and run Windows Defender Offline. It will create a CD / DVD / USB and will boot and scan your hard drive offline.
  4. Download CPU-Z and run it. Go to the "About" tab and save it as a txt (text) file. Upload the text file to the forum.

Also what do you have plugged in to your USB ports? Are you using a USB hub?

Please Uninstall any ASUS Utilities for example Asus ATK0110 ACPI Utility.
i plugged only mouse and web-cam in usb
TDSSkiller and Malwarebytes killed some virus
 

Attachments

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,135
Reaction score
252
Please upload the log file from TDSSKiller. It is in C:\ It will start with TDSSKiller.
For example TDSSKiller.2.8.16.0_01.05.2014_03.19.22_log.txt

Have you had any more crashes?
 

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,135
Reaction score
252
You have a rootkit, which means that you might get rid of it or maybe you will not.

Code:
16:17:15.0412 0x0948  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
16:17:15.0417 0x0948  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:17:15.0424 0x0948  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
16:17:17.0235 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:17:19.0072 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:17:20.0149 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:17:21.0079 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:17:23.0790 0x0948  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:17:25.0506 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:17:28.0502 0x0948  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:17:29.0671 0x0948  \Device\Harddisk0\DR0\TDLFS - deleted
16:17:29.0671 0x0948  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
16:17:31.0175 0x0948  KLMD registered as C:\Windows\system32\drivers\08827882.sys
16:17:55.0580 0x0bd8  Deinitialize success
So you need to run those scans again and post the log files.

There is no point proceeding until we are sure that the rootkit is removed.
 
Ad

Advertisements

Joined
Apr 29, 2014
Messages
5
Reaction score
0
You have a rootkit, which means that you might get rid of it or maybe you will not.

Code:
16:17:15.0412 0x0948  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
16:17:15.0417 0x0948  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:17:15.0424 0x0948  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
16:17:17.0235 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:17:19.0072 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:17:20.0149 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:17:21.0079 0x0948  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:17:23.0790 0x0948  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:17:25.0506 0x0948  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:17:28.0502 0x0948  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:17:29.0671 0x0948  \Device\Harddisk0\DR0\TDLFS - deleted
16:17:29.0671 0x0948  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
16:17:31.0175 0x0948  KLMD registered as C:\Windows\system32\drivers\08827882.sys
16:17:55.0580 0x0bd8  Deinitialize success
So you need to run those scans again and post the log files.

There is no point proceeding until we are sure that the rootkit is removed.
 

Attachments

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,135
Reaction score
252
Thanks for that, but when you run TDSSKiller, click on "Change Parameters" and select the additional options:
  • Verify file digital signatures
  • Detect TDLFS file system.

Then please post the log file to the forum.
 
Last edited:
Ad

Advertisements

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,135
Reaction score
252
Alright that looks better.

Open a command prompt as Administrator and type in:

Code:
wmic recoveros set DebugInfoType = 2
Please post a screen shot when it completes.
Then reboot.

Any crashes after that please upload them to the forum.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top