1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Bad-pool-caller, physical memory dump

Discussion in 'Windows XP' started by shengxian, 2009/09/12.

  1. 2009/09/12
    shengxian

    shengxian Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    68
    Likes Received:
    0
    Within this week, my lap top keep appear these systems error and is forced to shut down. The blue screen appear with 'physical memory dump' and sometimes 'bad-pool-caller'
    what should i do? sir.
    Occasionally, when im running IE with other program running, my lap top will also appear such problems and are forced to shut down. i know it is damaging my lap top.
    what should i do?
    please help me. thank you
     
    shengxian,
    #1
  2. 2009/09/12
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    This is highly unlikely to be caused by malware - more likely by software you installed recently.

    Set up the computer so that it does not automatically restart on system failure .....

    Control Panel > System > Advanced > Startup and Recovery > Settings ....

    Under System failure uncheck 'Automatically restart' and under Write debugging information select 'Kernel memory dump' from the dropdown list and OK out.

    The computer will now show the BSOD in the event of a System failure giving details of the Stop message and the contents of the memory will be dumped to disk.

    Run the dump data through our Dump Data Collection Tool and post the log here (copy/paste).

    Unfortunately these logs require expert knowledge to analyze and there are currently no members that have the depth of knowledge necessary. Members can only make observations and suggestions as to how you might proceed toward finding the cause .....

    I have removed your log and transferred your thread to the XP forum - if this is not your OS post back.

    We encourage all members to complete their System Specifications which help us to help you :)
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/09/13
    shengxian

    shengxian Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    68
    Likes Received:
    0
    thank you very much.
    hope can find cure for this soon.
     
    shengxian,
    #3
  5. 2009/09/13
    shengxian

    shengxian Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    68
    Likes Received:
    0
    excuse me. i'd downloaded the debugging tools for window*86 but the Debugwiz say it cant detect any debugger. i use the debugging tools to debug (may it is debug, but im not sure) and i have this



    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\Minidump\Mini091309-05.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path. *
    * Use .symfix to have the debugger choose a symbol path. *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is:
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
    Debug session time: Sun Sep 13 17:22:36.734 2009 (GMT+8)
    System Uptime: 0 days 0:12:34.429
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............................................................
    Loading User Symbols
    Loading unloaded module list
    ....................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, cd4, 1dee748, a943ec24}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *** WARNING: Unable to verify timestamp for bzfdjmyz.sys
    *** ERROR: Module load completed but symbols could not be loaded for bzfdjmyz.sys
    *** WARNING: Unable to verify timestamp for sptd.sys
    *** ERROR: Module load completed but symbols could not be loaded for sptd.sys
    *** WARNING: Unable to verify timestamp for klif.sys
    *** ERROR: Module load completed but symbols could not be loaded for klif.sys
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y <symbol_path> argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Probably caused by : bzfdjmyz.sys ( bzfdjmyz+bea )

    Followup: MachineOwner
    ---------
     
    shengxian,
    #4
  6. 2009/09/13
    shengxian

    shengxian Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    68
    Likes Received:
    0
    Opened log file 'c:debuglog.txt'

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\Minidump\Mini091309-07.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
     
    shengxian,
    #5
  7. 2009/09/13
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    That version of the debugging tools is not compatible with our Debug software .....
    Your debug log has a symbol problem - please uninstall the debugging tools and start over ensuring that you download version 6.8.4.0 and remain connected to the internet while debugging.
     
    PeteC,
    #6
  8. 2009/09/13
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Since this random named file doesn't come up in a Google search there's a good chance this is Malware related.


    Read this post, then post the requested log(s) in the Malware and Virus Removal forum.
     
    Admin.,
    #7
  9. 2009/09/14
    shengxian

    shengxian Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    68
    Likes Received:
    0
    THANKS admin. but my this post is transffered from the malware section to here.
    should i repost there?
     
    shengxian,
    #8
  10. 2009/09/14
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    PeteC,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...