Driver? IRQL_NOT_LESS_OR EQUAL on bootup

[Girgle]

Hello and thanks in advance for your help.

My computer has recently succumbed to some Malware (Fraud.XPAntivirus, Win32 Trojan, and Trojan.Agent to be exact). I have used MalWareBytes, Ad-Aware AE, and SearchBot S+D, and SmitFraudFix to remove most of the problems, but no matter what, Fraud.XPAntivirus and Trojan.Agent immediately return.

However, the bigger issue is this:

Ever since I ran these scans, my computer cannot load at all. Once I click on a user it immediately goes to the BSOD with the message:

Driver_IRQL_NOT_LESS_OR_EQUAL

STOP: 0x000000D1 (0xE1EC5000, 0x00000002, 0x00000000, 0xF3A23D00)

In fact, I am only able to post this through Safe Mode w/ networking. I'm pretty sure this doesn't have anything to do with faulty hardware or RAM. Possibly something to do with BIOS? Does any body have any ideas of what is wrong and how I could possibly fix the problem? Thanks again!

 

[Route44]

Not with BIOS. 0xD1 errors are predominantly due to a faulty driver or it can be due to faulty memory.

However, it sounds like you are still significantly infected and therein is your main problem. Go to the Virus and Malware removal forum here at TechSpot. Read this link https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ and then follow it step by step. Do it in the order it gives you even if you have already done some steps previously. post the results there.

You'll be able to do this in Safe Mode.

 

[rev_olie]

I think the virus has damaged your boot/ windows install and this is causing instability. If you can maybe try and scan your registry, CC leaner has a scanner and see if that comes back with anything.

As for the virus Malwarebytes and Smitfraud should have removed this. You did run SmitFraud in safe mode didn't you?
If so try and do a manual removal
http://fix-computer-problem.com/rogue-antispyware/xp_antivirus_2008/xp_antivirus_2008.html

CC leaner may take care of some of this. Try and end the processes etc and then use CC leaner to see if it removes them.

 

[Girgle]

Thanks for all of the help.

Route 44: I followed all of the steps that the link you sent me gave. I had the .txt files ready to show you; however, once I restarted I was unable to log in at all (I am writing this from another computer). Now, regardless if I am in safe mode or in normal mode an error occurs. When I click on any user, it starts logging me in, but 3 seconds later I am immediately logged out. I have tried every option from the special startup menu (F8 menu) and the result is always the same.

For what it is worth, after running all of the scanning programs you directed me to, MalWareBytes found 0 files. I could not run SuperAnitSpyWare while receiving a message like: "System Administator does not allow the use of this program." I tried saving it under a different file name, but still the same result. So I could not get a log of that. I also apologize that I do not recall any info from the HiJackThis Log.

So, at this point in the game, unless you see a potential fix I am perfectly fine with wiping everything away and reinstalling windows. However, I'm kind of stuck as I can't run anything until I can log in (I think). Do you have any suggestions? Thanks!

Rev_Ollie:

Yes, I did run SmitFraudfix in safe mode as I couldn't log in normally. If I can get back on the computer I will definitely try out some of those things you mentioned. Thank you.

 

[Route44]

Okay, here is another way of tackling this issue. Do you know someone who has some tech experience? One way to access your harddrive is to slave it in another system and run all of the diagnostics, etc., that way from the main harddrive.

Also, if you are able to do this then post over in the Virus & Malware removal forum and give a brief descritption of the steps you have taken, the results, and the required logs.

 

[Girgle]

Unfortunately, the computer I am trying to fix is my Grandfather's and I do not know anybody tech savy enough in his area (I am just visiting) to do what you have suggested. He really doesn't have any files worth saving, so I'm totally cool with wiping it clean. If I can't find anybody to access my HD, is there anyway I can reinstall Windows in my computer's current state?

 

[rev_olie]

Some one may disagree (with the option of reformatting usually a last step) but i may suggest that seeing as though you said there is not much worth saving them maybe reinstall windows.

A reinstall will not require the computer to boot so in its current state should be fine. You must have a Windows CD/DVD to hand to complete the reformat (or even start it for that matter). This will have either come with the computer or have been purchased at some point. It depends on the age it could be a floppy disk of a CD/DVD but will have something about Windows written on it.

If you find it an think a re format would be the best option then take a look at the link below for instructions.
http://helpdesk.its.uiowa.edu/windows/instructions/reformat.htm

However if you feel there is a slim chance of getting the files/ PC back i would wait. Its all gone as soon as you start the re format so its not something to rush into but your choice.

OOO had a thought. Knoppix.
This is basically a operating system on a CD. You load the files onto a CD put it in your CD drive and it will boot the Knoppix operating system. This was you will be able to load it to the PC and using a memory stick or something transfer the files you want to keep to another PC and THEN re format.

Read this guide to tell you how
http://www.shockfamily.net/cedric/knoppix/

Read everything. The download link is on there to.
Then you have your files and a shine new reformatted PC.

Post back if you have trouble etc

 

[Girgle]

Thanks for your help everyone! I just ended up reinstalling windows. It sucks that "the bad guys" won, but I don't think my grandfather was running any antivirus software, so something bad was bound to happen. Thank you for the quick and helpful responses; it made this annoying situation bearable.