TechSpot

BSOD windows server 2003 error code 1000008e

By JamesDW
Jul 30, 2007
Topic Status:
Not open for further replies.
  1. Hello,

    I'm new to this forum and hope somebody will help me.
    We have on our HP server for the last 2 weeks a lot of BSOD.
    Never occured before. (We run terminal server applications on this server.)

    No hardware nor software changes made prior to these problems.

    The dumpfiles are all the same and :


    Microsoft (R) Windows Debugger Version 6.7.0005.1
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\Minidump\Mini073007-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path. *
    * Use .symfix to have the debugger choose a symbol path. *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is:
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
    Product: LanManNt, suite: TerminalServer
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
    Debug session time: Mon Jul 30 18:38:19.796 2007 (GMT+2)
    System Uptime: 0 days 3:55:05.805
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    ...................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    .......
    Unable to load image \??\C:\WINDOWS\system32\vdo_1040-78f4.sys, Win32 error 0n2
    *** ERROR: Module load completed but symbols could not be loaded for vdo_1040-78f4.sys
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000008E, {c0000005, 8081bbd5, f3cb3c98, 0}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***

    ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    Probably caused by : vdo_1040-78f4.sys ( vdo_1040_78f4+641 )

    Followup: MachineOwner
    ---------


    What is this vdo...sys

    I have read somewhere this is an infection.

    On the other hand I have found in the windows observer one error linked to the driver/ATI2MPAD.

    What can be the problem ?
    Wa have changed our ram, put a new motheboard, downladed servicepack 2.

    The problems subsits?

    Anyone ?

    Thnaks,

    But
  2. peterdiva

    peterdiva TechSpot Ambassador Posts: 1,202

    Vdo_1040-78f4.sys is an infection. You can find the same problem HERE. They didn't say which program found it (post #10).
  3. JamesDW

    JamesDW Newcomer, in training Topic Starter

    vdo_1040-78f4.sys

    Thanks for the info.
    The link is not much help since it does not explain how to remove the infection.
    Our AVG Anti spyware can not find anything.
    Sophor antiroot kit did find some hidden files inregistrey keys : vdo* and vdo_g.ini.
    My question is if I may remove these files :

    c:\windows\system32\vdo_g.ini
    c:\windows\system32\vdo_1040-78f4.sys

    Sophomor does not recognise these and therefor does not recommend to delete.
    Or what other things should I precisely do ?

    Thanks for the help !
  4. peterdiva

    peterdiva TechSpot Ambassador Posts: 1,202

    I think they are safe to delete. As spyware isn't my thing, you can always ask in the security forum. I also found THIS, which pretty much confirms it's a rootkit.
  5. JamesDW

    JamesDW Newcomer, in training Topic Starter

    Thanks for the reply.
    I have deleted them, rebooted the computer without problem.
    I will post the outcome later.
    Thanks,
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.