TechSpot

Bsod 0x0000008e

By thekhan
Mar 6, 2008
  1. Hi,
    I am using a HP Pavilion dv9074cl. Whenever I tried to use any VOIP application or touch the Volume buttons to up/down the volume or try to mute it I get a BSOD stating only 0X0000008E(0XC0000005, 0X00200020, 0Xrandom, 0X00000000)

    I have PCTOOLS Internet Security installed on my system. It sometime catches Trojan.ProAgent and IRCBot Trojans.

    After studying some forums i get hijackthis and scan my system through it. It gives the following result.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:23:05 AM, on 3/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
    C:\Program Files\PC Tools Internet Security\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Vongo\VongoService.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\PC Tools Internet Security\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\LowRateVoip\LowRateVoip.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
     
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Your error 0x8E: KERNEL_MODE_EXCEPTION_NOT_HANDLED are nearly always hardware compatibility issues (which sometimes means a driver issue or a need for a BIOS upgrade).

    The thing that concerns me though is when you wrote: "I have PCTOOLS Internet Security installed on my system. It sometime catches Trojan.ProAgent and IRCBot Trojans."

    Infections can cause all kinds of crashes. Even though your error code points to a hardware incompatibility issue, it would not suprise me in the least that a trojan is causing havoc.

    Therefore I strongly suggest that you go to TechSpot's Security and the Web forum and post your issues. You don't need to give the running processes at this time. Just tell them what is happening and give them the information that I quoted from you.

    Perhaps you aren't infected but if those trojans have shown up they may very well be embedded. Also, read the stickies in that forum by Julio.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    "It sometime catches Trojan.ProAgent and IRCBot Trojans."

    This sounds like repeated infections. W32.IRCBot.B is a Backdoor Trojan Horse that connects to an IRC server and waits for commands from the hacker. This Trojan is a variant of W32.IRCBot and W32.IRCBot.Gen. Troj/ProAgent-A installs itself in the Registry.

    Sounds like you're living dangerously in those chat rooms.

    If you have these, you are going to have other malware. Suggest you go through the entire malware cleaning process as mentioned:
    http://www.techspot.com/vb/topic58138.html

    You are also running two security suites- Symantec and PC Tools. You have 2 AV programs and 2 firewalls. You should only have one of each. Possibly, these is causing you LACK of protection, not more.
     
  4. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    "You are also running two security suites- Symantec and PC Tools. You have 2 AV programs and 2 firewalls. You should only have one of each. Possibly, these is causing you LACK of protection, not more."

    Nice catch, Bobbye; I obviously didn't see that.

    And, yes, the infections need to be dealt with as well.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks. Although I don't do the malware in the hijack logs, I sometimes take a look. I am amazed at some of the "stuff" I see running! Try to do a heads up when I can.
     
  6. thekhan

    thekhan TS Rookie Topic Starter

    Thanks Bobbye and Route44 for helping me in this problem. i am putting the whole hijackthis log here. If I have 2 Security Suites and 2 Firewalls also 2 AV Programs just let me know how to removes.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:41:00 PM, on 3/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\PC Tools Internet Security\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
    C:\Program Files\PC Tools Internet Security\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Vongo\VongoService.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, here's your "stuff" and my recommendations: You do have only 1 anti-virus, due to folder misnaming. You are have the McAfee Site Advisor. Do you use it> If not, uninstall it.(C:\Program Files\SiteAdvisor\6172\SAService.exe> Part of McAfee's SiteAdvisor Program)

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe> Part of Norton AntiVirus 2004.

    The following are files for Spyware Doctor. See my comment after:
    C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
    C:\Program Files\PC Tools Internet Security\pctsTray.exe- a tray icon for Spyware Doctor
    C:\Program Files\PC Tools Internet Security\pctsSvc.exe

    The startmenu entries are named wrongly. The folder is called PC Tools Internet Security, but the contents are called Spyware Doctor! I suggest you uninstall "PCTools" and install Spyware Doctor as a stand alone of you want that program.
    http://www.pctools.com/forum/archive/index.php/t-49226.html

    These should appear as:
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe- a tray icon for Spyware Doctor

    NONE of the HP programs or processes you show in the log should be on Startup.

    Stop the automatic updates for:
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe> schedules for manual update checks for Real Networks products.
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe> to turn off the process which does automatic checks for Java updates: Control Panel> Java> Update tab> uncheck 'automatically check for updates'

    C:\Program Files\Windows Media Player\WMPNetwk.exe> main executable for Windows Media Player Network Sharing Service. It is used to share Windows Media Player libraries> if would be safe to run this only when you are actively using it. You are file sharing here and that is always a security risk..

    I see a lot of users with HP Systems having this. Please check the site and decide if you are actively using this, if you need this, if you want this. If the answer is NO, uninstall it in Add/Remove Programs in the Control Panel.
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe> a process associated with HP ProtectTools security manager from Hewlett-Packard
    http://h20219.www2.hp.com/services/cache/45782-0-0-225-121.aspx

    Uncheck in Startup:
    C:\Program Files\Vongo\VongoService.exe> a process associated with Vongo from Starz Entertainment Group LLC.
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...