Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dumping Physical Memory


  • Please log in to reply
3 replies to this topic

#1 twilldab

twilldab

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 07 November 2009 - 12:06 PM

Hello,

I uploaded a copy of event viewer errors that are happening on this PC. Windows pro XP. Dell Dimension. I have had this issue for a while, and I am not sure what else to do or how it started. It is intermitting though. Sometimes works and sometimes not?? When writing PICS, or copying movies, my system goes to bluescreen. Several errors have occured. 0x0000008E, 0xC0000005, 0x806E694F, 0x985E4ED4, 0x00000000m, 0x00008086. These are random errors and do not always discply together when the physical memory dump begins. Any help would be greatly appreciated!

Regards

David

Attached Files



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:12 AM

Posted 07 November 2009 - 01:03 PM

IMO...the best approach would be to try to see if any clues are in the .dmp files on your system. They will reflect more useful info than just about any other set of procedures that I can foresee as potentially employable.

Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/

Louis

#3 twilldab

twilldab
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 09 November 2009 - 05:50 PM

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini021709-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt
Built by: 2600.xpsp_sp2_qfe.080814-1242
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c720
Debug session time: Tue Feb 17 06:54:54.687 2009 (GMT-6)
System Uptime: 0 days 10:10:34.383
Loading Kernel Symbols
...............................................................
................................................................
.......................................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 806e494f, 9887b624, 0}

*** WARNING: Unable to verify timestamp for bdfsfltr.sys
*** ERROR: Module load completed but symbols could not be loaded for bdfsfltr.sys
Probably caused by : bdfsfltr.sys ( bdfsfltr+1fba4 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806e494f, The address that the exception occurred at
Arg3: 9887b624, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
hal!ExAcquireFastMutex+f
806e494f f0ff09 lock dec dword ptr [ecx]

TRAP_FRAME: 9887b624 -- (.trap 0xffffffff9887b624)
Unable to read trap frame at 9887b624

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from 804ed770 to 806e494f

STACK_TEXT:
9887b694 804ed770 888560c8 00000000 9887b75c hal!ExAcquireFastMutex+0xf
9887b6a8 ba5fcbf8 88a680f0 88683008 00000000 nt!FsRtlLookupPerStreamContextInternal+0x14
9887b70c ba60d9bd 88683008 888560c8 00000000 fltmgr!FltpGetStreamListCtrl+0x5a
9887b728 ba5f9b19 88683008 888560c8 89675020 fltmgr!FltpCleanupStreamListCtrlForFileObjectClose+0x17
9887b744 ba5fa059 9887b75c 888560c8 8aa881c8 fltmgr!FltpPassThrough+0x93
9887b774 804ef199 89675020 885f03e0 885f03e0 fltmgr!FltpDispatch+0x10d
9887b784 80582994 888560b0 00000000 00000000 nt!IopfCallDriver+0x31
9887b7bc 805ba2a1 008560c8 00000000 888560b0 nt!IopDeleteFile+0x132
9887b7d8 8052648c 888560c8 00000000 88d26400 nt!ObpRemoveObjectRoutine+0xdf
9887b7f0 97074ba4 97074b67 0f8f9846 80544d14 nt!ObfDereferenceObject+0x4c
WARNING: Stack unwind information not available. Following frames may be wrong.
9887b8a0 97055f75 89873064 ffffe0c0 0f8f9956 bdfsfltr+0x1fba4
9887b9b0 ba5f7888 89873064 9887b9d0 9887ba00 bdfsfltr+0xf75
9887ba10 ba5f92a0 0087ba54 89873008 8861eb94 fltmgr!FltpPerformPreCallbacks+0x2d4
9887ba24 ba605f17 9887ba54 ba6043aa 00000000 fltmgr!FltpPassThroughInternal+0x32
9887ba3c ba606436 9887ba54 8873b0e8 8861e8d0 fltmgr!FltpCreateInternal+0x63
9887ba70 804ef199 89675020 8861e8c0 8861e8c0 fltmgr!FltpCreate+0x258
9887ba80 80582096 89e77018 89408dcc 9887bc18 nt!IopfCallDriver+0x31
9887bb60 805be184 89e77030 00000000 89408d28 nt!IopParseDevice+0xa12
9887bbd8 805ba80c 00000000 9887bc18 00000040 nt!ObpLookupObjectName+0x53c
9887bc2c 80574f7b 00000000 00000000 97fd5801 nt!ObOpenObjectByName+0xea
9887bca8 805758f2 0097fdb0 00100001 0097fd60 nt!IopCreateFile+0x407
9887bd04 805790b3 0097fdb0 00100001 0097fd60 nt!IoCreateFile+0x8e
9887bd44 805413fc 0097fdb0 00100001 0097fd60 nt!NtOpenFile+0x27
9887bd44 7c90eb94 0097fdb0 00100001 0097fd60 nt!KiFastCallEntry+0xfc
0097fdcc 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
bdfsfltr+1fba4
97074ba4 ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: bdfsfltr+1fba4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: bdfsfltr

IMAGE_NAME: bdfsfltr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0x8E_bdfsfltr+1fba4

BUCKET_ID: 0x8E_bdfsfltr+1fba4

Followup: MachineOwner
---------

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:12 AM

Posted 09 November 2009 - 06:39 PM

Thanks :thumbsup:.

<<Probably caused by : bdfsfltr.sys ( bdfsfltr+1fba4 )>>

That's your Bit Defender AV program. AV programs and various other types of programs...also have drivers, which can cause problems in Windows.

I suggest that you uninstall whatever version of Bit Defender you currently have...then reinstall it or a different AV program and promptly updates/use same.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users