Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer won't run in regular mode and gives me an "driver_irql_not_less_or_equal" error


  • Please log in to reply
59 replies to this topic

#1 rangersmith1123

rangersmith1123

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 04 August 2009 - 12:08 AM

Hi all!

I seem to be having a problem where, whenever I start up my computer, I can log in, but just as it starts to load the desktop, it switches to a blue error screen with the error, "driver_irql_not_less_or_equal". The technical information is, "STOP: 0x000000D1(0xE24B6000,0x00000002,0x00000000,0xF2095A4B)"

The computer seems to work in safe mode, however.

This error could (possibly) have something to do with a few viruses malwarebytes recently removed. The problems seemed to oly start after the viruses were removed, though that might only be a coincedence. I have included the malwarebytes log just in case.


Malwarebytes' Anti-Malware 1.39
Database version: 2542
Windows 5.1.2600 Service Pack 3

8/1/2009 7:09:17 PM
mbam-log-2009-08-01 (19-09-17).txt

Scan type: Quick Scan
Objects scanned: 157551
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{286285b1-a276-436b-be9c-b01d1fe9cbbb} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
c:\WINDOWS\Temp\659.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\file.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.


Hopefully someone will be able to help.
Thanks in advance!

Edited by rangersmith1123, 04 August 2009 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 04 August 2009 - 01:21 AM

In Safe Mode, right click on the C drive in Explorer and go Properties > Tools > Check Now (under Error Checking). Check both boxes then click "Start Now". A message will pop up saying that Error Checking will run after you restart the computer. Restart the computer and Error Checking will run automatically after the restart. After itís finished it will restart into Windows automatically.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 rangersmith1123

rangersmith1123
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 04 August 2009 - 11:51 AM

After following the steps, I got a message saying "Windows was unable to complete the dick check".

Edited by rangersmith1123, 04 August 2009 - 12:05 PM.


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 04 August 2009 - 04:13 PM

What is the make and model number of your computer?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 rangersmith1123

rangersmith1123
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 04 August 2009 - 06:48 PM

Dell XPS 400
Dell DXP051

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 04 August 2009 - 06:54 PM

Try running a diagnostic test on your hard drive:

http://supportapj.dell.com/support/topics/...mp;toggle=false
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 rangersmith1123

rangersmith1123
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 04 August 2009 - 09:18 PM

I followed the instructions, but it got stuck at "Loading DRMK Version 8.00", and after waiting a half hour, I gave up and restarted in safe mode.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 05 August 2009 - 12:35 AM

Did you do the "Boot to Utility Partition" option or create the CD?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 kituhi1234

kituhi1234

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 05 August 2009 - 02:52 AM

hello buddy here s ma solution

I have had this exact problem in two different cases.


Computer #1. I flashed the BIOS and it fixed the problem.
Computer #2. I removed one of the RAM sticks and it fixed the problem - turns out the RAM was bad...


i think tis wil make yur system again working fine..

also wen doin tis, remove all d expansion slot devices f yu hav..follow d above 2 steps. i am sure tis wil work out...

#10 kituhi1234

kituhi1234

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 05 August 2009 - 02:54 AM

also i cheked tis error wid microsoft..

here s their solution http://support.microsoft.com/kb/835166

#11 rangersmith1123

rangersmith1123
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 05 August 2009 - 08:50 AM

Did you do the "Boot to Utility Partition" option or create the CD?

I used the "Boot to Utility Partition" option. I will look into trying kituhi1234's suggestions in a moment.

The microsoft soluton only mentioned Microsoft Windows Server 2003 and 2000. I have Microsoft Windows XP Media Center Edition

How do I flash my BIOS (It is made by Phoenix and is version A02)

Edited by rangersmith1123, 05 August 2009 - 10:34 AM.


#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 05 August 2009 - 04:44 PM

Do you have a Windows XP disk?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 rangersmith1123

rangersmith1123
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 05 August 2009 - 07:15 PM

Do you have a Windows XP disk?

Yes, I have the original Windows XP Media Center disk

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 05 August 2009 - 07:17 PM

Insert the Windows XP CD into the CD drive, and then restart the computer. Click to select any options that are required to start the computer from the CD drive if you are prompted. When the "Welcome to Setup" screen appears, press R to start the Recovery Console. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

Type: chkdsk /r

It's important to have a space before the "/".

To exit the Recovery Console and restart the computer, type exit at the command prompt, and then press ENTER.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 rangersmith1123

rangersmith1123
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 05 August 2009 - 08:17 PM

Insert the Windows XP CD into the CD drive, and then restart the computer. Click to select any options that are required to start the computer from the CD drive if you are prompted. When the "Welcome to Setup" screen appears, press R to start the Recovery Console. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

Type: chkdsk /r

It's important to have a space before the "/".

To exit the Recovery Console and restart the computer, type exit at the command prompt, and then press ENTER.

How do I start the computer from the CD Drive?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users