windows 'stop' error

purujitb · Feb 19, 2007

Hi,

whenever i try to log into windows this strange error comes up:

stop:0x0000008E(0xC0000005,0x80579217,0xF86F099c,0x00000000)
beginning dupm physical process...

i am using a p4 3.0 ghz, 512mb ram

please help

AshishSharma · Feb 19, 2007

Looks like u have the HaxDoor virus on ur machine, here is ur solution :

*support.microsoft.com/kb/903251

purujitb · Feb 19, 2007

thanks, i think this the problem...i had avg installed on my pc but it doesn't know about this virus.

do u know any good free antivirus software.

thunderbird.117 · Feb 19, 2007

purujitb said:
thanks, i think this the problem...i had avg installed on my pc but it doesn't know about this virus.

do u know any good free antivirus software.

Calm Anti-Virus.

*www.clamav.net/

purujitb · Feb 19, 2007

thats for unix can u suggest anything for windows

47shailesh · Feb 19, 2007

I don't think it a virus related problem...
code [SIZE=-1]STOP: 0x0000008E [/SIZE] has n number of errors assosiated with depending on the params inside the braces... read this it would be helpfull in your case...

This KB article may be of use. If you are still running SP1, you'll want to upgrade regardless of whether that is the cause of this stop error, as support for XP SP1 is being stopped this month.

Otherwise, 8E's are Kernel Mode errors. These are usually cause by hardware conflicts/incompatability. Anything new there? You could try reinstalling or updating all you drivers.

If you aren't running SP1, and you haven't added hardware recently (or you upgraded your drivers and it didn't work) then I'd start looking at your RAM

Source

s18000rpm · Feb 19, 2007

use Kaspersky Anti Virus (trial edition) for one time scanning & there after you can use Active Virus Shield [free] (uses KAV's engine)

thunderbird.117 · Feb 19, 2007

purujitb said:
thats for unix can u suggest anything for windows

It is also for windows.

Can you see win32?. That is windows.

*www.clamav.net/download/packages/packages-win32
__________

s18000rpm said:
use Kaspersky Anti Virus (trial edition) for one time scanning & there after you can use Active Virus Shield [free] (uses KAV's engine)

/me slaps s18000rpm. He asked for free. Not some trial version stuff.

s18000rpm · Feb 19, 2007

dude, read the later part of my post :wink:

KAV will clean his PC off the virus/trojan (if any present), & after the Cleaning, uninstall KAV & use its free bro

purujitb · Feb 19, 2007

i think it is the virus as i haven't installed any new new hardware and also the virus generates the same error.

anandk · Feb 19, 2007

the only way 2 b sure is to post ur hjt logfile here, this way we can check up if ur pc is malware infected. do also scan ur pc in safe mode with ur updated av ans as and also run ccleaner.

meanwhile, check The "Blue Screen Of Death".

s18000rpm · Feb 20, 2007

dude's help me here, KIS detects a Trojan in "explorer" @ every boot.

every time it deletes it, but still the problem persists :-|

*img465.imageshack.us/img465/4760/kisfl4.th.jpg

Logfile of HijackThis v1.99.1
Scan saved at 12:03:53 AM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F89701-D12E-476F-8E9F-7FC2471BCACD}: NameServer = 61.1.96.69,61.1.96.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

btw i also tried sfc /scannow & safemode scan.

AshishSharma · Feb 20, 2007

Your HJT logs look very clean to me.

Just search your computer for the file omkdulmb.dll (thats what I could collect from the pic) and see where it resides on your machine.

Also search your registry for referenses to this file and let us know ...

s18000rpm · Feb 20, 2007

*img91.imageshack.us/img91/5199/exdo6.th.jpg
when i open "Search" then this msg pops up :-|

& yeah that file is present, i'm not able to delete it.
*img91.imageshack.us/img91/5472/ex1dr6.th.jpg

KIS says that file is fine.

thunderbird.117 · Feb 20, 2007

Rich click on that dll. Then go to properties abd theb go to version and see what the file is about. It will shed more light on what the file is about.

s18000rpm · Feb 20, 2007

no such info in properties window, then its confirmed its a trojan still lurking

trojans wont damage other datas - right?
coz i'll be formatting this xp again

thunderbird.117 · Feb 20, 2007

s18000rpm said:
no such info in properties window, then its confirmed its a trojan still lurking

trojans wont damage other datas - right?
coz i'll be formatting this xp again

It depends which trojan it is. From the look of the trojan you have. Some sites say it dangerous and some say it is low.

If you want to format XP go do it

.

s18000rpm · Feb 20, 2007

i dont have any top secret stuffs in me PC, so no worry on spy thiingy of trojan, but i wanna know whther or not it will damage other files, like videos, photos, game files

...(like a virus)

if not then i'm formattin this xp

Arsenal_Gunners · Feb 20, 2007

No..trojans "only" send your personal info out to hackers

thunderbird.117 · Feb 20, 2007

s18000rpm said:
i dont have any top secret stuffs in me PC, so no worry on spy thiingy of trojan, but i wanna know whther or not it will damage other files, like videos, photos, game files...(like a virus)

if not then i'm formattin this xp

NO

windows 'stop' error

Broken In

Livin' in the ghetto

Broken In

thunderbird.117

Guest

Broken In

Security Exp

ಠ_ಠ

thunderbird.117

Guest

ಠ_ಠ

Broken In

Distinguished Member

ಠ_ಠ

Livin' in the ghetto

ಠ_ಠ

thunderbird.117

Guest

ಠ_ಠ

thunderbird.117

Guest

ಠ_ಠ

Human Spambot

thunderbird.117

Guest