shanenin Posted December 24, 2008 Report Share Posted December 24, 2008 I am trying to make some sence out of reading a .dmp file. Below is the output I am getting. Any thoughts to what this error means?I am not sure if the .dmp file loaded properly. Does the error below refer to the memory dump or an improperly loaded .dmp file?Microsoft (R) Windows Debugger Version 6.10.0003.233 X86Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\WINDOWS\Minidump\Mini121808-03.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: C:\WINDOWS\SymbolsExecutable search path is: C:\Windows\I386Unable to load image ntoskrnl.exe, Win32 error 0n2Loading symbols for 804d7000 ntoskrnl.exe -> ntoskrnl.exe*** WARNING: Unable to verify timestamp for ntoskrnl.exeModLoad: 804d7000 806cf680 ntoskrnl.exeWindows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSMachine Name:Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040Debug session time: Thu Dec 18 20:34:10.353 2008 (GMT-6)System Uptime: 0 days 5:09:37.046Unable to load image ntoskrnl.exe, Win32 error 0n2Loading symbols for 804d7000 ntoskrnl.exe -> ntoskrnl.exe*** WARNING: Unable to verify timestamp for ntoskrnl.exeModLoad: 804d7000 806cf680 ntoskrnl.exeLoading Kernel Symbols.ModLoad: 806d0000 806f0300 hal.dll .ModLoad: bada8000 bada9b80 kdcom.dll.ModLoad: bacb8000 bacbb000 BOOTVID.dll.ModLoad: ba779000 ba7a6d80 ACPI.sys.ModLoad: badaa000 badab100 WMILIB.SYS.ModLoad: ba768000 ba778a80 pci.sys .ModLoad: ba8a8000 ba8b1180 isapnp.sys.ModLoad: bae70000 bae70d00 pciide.sys.ModLoad: bab28000 bab2e180 PCIIDEX.SYS.ModLoad: ba8b8000 ba8c2580 MountMgr.sys.ModLoad: ba749000 ba767880 ftdisk.sys.ModLoad: badac000 badad700 dmload.sys.ModLoad: ba723000 ba748700 dmio.sys.ModLoad: bab30000 bab34d00 PartMgr.sys.ModLoad: ba8c8000 ba8d4c80 VolSnap.sys.ModLoad: ba70b000 ba722900 atapi.sys.ModLoad: ba6f1000 ba70ac00 nvata.sys.ModLoad: ba8d8000 ba8e0e00 disk.sys.ModLoad: ba8e8000 ba8f4180 CLASSPNP.SYS.ModLoad: ba6d1000 ba6f0b00 fltMgr.sys.ModLoad: ba6bf000 ba6d0f00 sr.sys .ModLoad: ba6a8000 ba6be880 KSecDD.sys.ModLoad: ba695000 ba6a7f00 WudfPf.sys.ModLoad: ba608000 ba694600 Ntfs.sys.ModLoad: ba5db000 ba607980 NDIS.sys.ModLoad: ba5c1000 ba5dab80 Mup.sys .ModLoad: baa78000 baa86000 AmdK8.sys.ModLoad: baa88000 baa97c00 serial.sys.ModLoad: bad5c000 bad5fd80 serenum.sys.ModLoad: ba565000 ba578900 parport.sys.ModLoad: baa98000 baaa4d00 i8042prt.sys.ModLoad: bac70000 bac76000 kbdclass.sys.ModLoad: bac78000 bac7c300 usbohci.sys.ModLoad: ba541000 ba564200 USBPORT.SYS.ModLoad: bac80000 bac87600 usbehci.sys.ModLoad: bac88000 bac8d200 RTL8139.SYS.ModLoad: ba519000 ba541000 HDAudBus.sys.ModLoad: baaa8000 baab2480 imapi.sys.ModLoad: baab8000 baac5440 AFS2K.SYS.ModLoad: baac8000 baad7600 cdrom.sys.ModLoad: baad8000 baae6100 redbook.sys.ModLoad: ba4f6000 ba518700 ks.sys .ModLoad: baae8000 baaf2000 nvnetbus.sys.ModLoad: ba41b000 ba4f5b00 NVNRM.SYS.ModLoad: ba03c000 ba403d60 nv4_mini.sys.ModLoad: ba028000 ba03bf00 VIDEOPRT.SYS.ModLoad: baf1a000 baf1ac00 audstub.sys.ModLoad: ba938000 ba944880 rasl2tp.sys.ModLoad: bad6c000 bad6e780 ndistapi.sys.ModLoad: ba011000 ba027580 ndiswan.sys.ModLoad: ba948000 ba952200 raspppoe.sys.ModLoad: ba958000 ba963d00 raspptp.sys.ModLoad: bac90000 bac94a80 TDI.SYS .ModLoad: ba000000 ba010e00 psched.sys.ModLoad: ba968000 ba970900 msgpc.sys.ModLoad: bac98000 bac9c580 ptilink.sys.ModLoad: baca0000 baca4080 raspti.sys.ModLoad: b9fd0000 b9fffe80 rdpdr.sys.ModLoad: ba978000 ba981f00 termdd.sys.ModLoad: baca8000 bacada00 mouclass.sys.ModLoad: badee000 badef100 swenum.sys.ModLoad: b9f4a000 b9fa7f00 update.sys.ModLoad: bad88000 bad8bc80 mssmbios.sys.ModLoad: ba988000 ba991e80 NDProxy.SYS.ModLoad: ba998000 ba9a6880 usbhub.sys.ModLoad: badf2000 badf3280 USBD.SYS.ModLoad: ba9a8000 ba9b6400 NVENETFD.sys.ModLoad: b7412000 b788b000 RtkHDAud.sys.ModLoad: b73ee000 b7411a80 portcls.sys.ModLoad: ba9d8000 ba9e6b00 drmk.sys.ModLoad: badf8000 badf9f00 Fs_Rec.SYS.ModLoad: baf23000 baf23b80 Null.SYS.ModLoad: badfa000 badfb080 Beep.SYS.ModLoad: bab68000 bab6d200 vga.sys .ModLoad: badfc000 badfd080 mnmdd.SYS.ModLoad: badfe000 badff080 RDPCDD.sys.ModLoad: bab70000 bab74a80 Msfs.SYS.ModLoad: bab78000 bab7f880 Npfs.SYS.ModLoad: bad40000 bad42280 rasacd.sys.ModLoad: b737a000 b738c600 ipsec.sys.ModLoad: b7321000 b7379380 tcpip.sys.ModLoad: b72f9000 b7320c00 netbt.sys.ModLoad: b72d7000 b72f8d00 afd.sys .ModLoad: ba9e8000 ba9f0780 netbios.sys.ModLoad: b72ac000 b72d6e80 rdbss.sys.ModLoad: b723c000 b72ab780 mrxsmb.sys.ModLoad: baa08000 baa12e00 Fips.SYS.ModLoad: b7216000 b723b500 ipnat.sys.ModLoad: baa18000 baa20700 wanarp.sys.ModLoad: baa38000 baa47900 Cdfs.SYS.ModLoad: bab80000 bab87d80 usbccgp.sys.ModLoad: b9fb8000 b9fba880 hidusb.sys.ModLoad: baa48000 baa51000 HIDCLASS.SYS.ModLoad: bab88000 bab8e180 HIDPARSE.SYS.ModLoad: baa68000 baa70900 LVUSBSta.sys.ModLoad: b7922000 b7925b00 usbscan.sys.ModLoad: bab90000 bab96500 usbprint.sys.ModLoad: bab98000 bab9d440 HPZius12.sys.ModLoad: b791e000 b7920f80 mouhid.sys.ModLoad: baaf8000 bab04600 HPZid412.sys.ModLoad: b7912000 b7915dc0 HPZipr12.sys.ModLoad: b70f7000 b7110c00 dump_nvata.sys.ModLoad: bae04000 bae05100 dump_WMILIB.SYS.ModLoad: bf800000 bf9c2c80 win32k.sys.ModLoad: bad9c000 bad9e900 Dxapi.sys.ModLoad: babc0000 babc4500 watchdog.sys.ModLoad: bf9c3000 bf9d4600 dxg.sys .ModLoad: bafae000 bafaed00 dxgthk.sys.ModLoad: bf9d5000 bfe1e280 nv4_disp.dll.ModLoad: b6576000 b6579900 ndisuio.sys.ModLoad: b5ae4000 b5b10180 mrxdav.sys.ModLoad: bae38000 bae39a80 ParVdm.SYS.ModLoad: b5a42000 b5a93800 srv.sys .ModLoad: bac58000 bac5ca00 LVPr2Mon.sys.ModLoad: b566d000 b5681480 wdmaud.sys.ModLoad: b56b2000 b56c0d80 sysaudio.sys.ModLoad: b5384000 b53c4a80 HTTP.sys.ModLoad: b4ef9000 b4f23180 kmixer.sysLoading User SymbolsLoading unloaded module list..............................................Loaded dbghelp extension DLLLoaded ext extension DLLLoaded exts extension DLLLoaded kext extension DLLLoaded kdexts extension DLL******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 19, {20, 8894a000, 8894a138, a270000}Probably caused by : ntoskrnl.exe ( nt!KeContextToKframes+1eb )Followup: MachineOwner------------------ Quote Link to post Share on other sites
iccaros Posted December 25, 2008 Report Share Posted December 25, 2008 try thishttp://www.iexbeta.com/board/lofiversion/i...php/t48617.htmlare you getting a stop code.. There is no real error in this log. everything is loading, just a kernel stamp issue. The loading of the Kernel is a issue, normally a bad drive (or going bad.. ), strangly MS is reporting a bad keyboard causing this error message also.a blue screen stop code would be better.. Maybe.. Quote Link to post Share on other sites
jcl Posted December 25, 2008 Report Share Posted December 25, 2008 a blue screen stop code would be better.. Maybe..It's there:BugCheck 19, {20, 8894a000, 8894a138, a270000} Quote Link to post Share on other sites
garmanma Posted December 25, 2008 Report Share Posted December 25, 2008 There's a pretty good tutorial for reading BSOD's herehttp://www.bleepingcomputer.com/forums/topic176011.html Quote Link to post Share on other sites
shanenin Posted December 25, 2008 Author Report Share Posted December 25, 2008 I have not been able to get the computer to blue screen while in my possession. That is why I tried reading the .dmp file. This computer is one I have sold to somebody. I have changed every part on it. I also have reloaded it. I am starting to thing they have an environmental problem at their house. Quote Link to post Share on other sites
Pete_C Posted December 27, 2008 Report Share Posted December 27, 2008 a blue screen stop code would be better.. Maybe..It's there:BugCheck 19, {20, 8894a000, 8894a138, a270000}Probably caused by : ntoskrnl.exeBugCheck 19 => Stop error 0x00000019: BAD_POOL_HEADER(actually I think this indicates the bad pool header occurs on startup, but not sure)Sources cited http://www.aumha.org/a/stop.phphttp://msdn.microsoft.com/en-gb/library/ms793223.aspxYour first parameter is 0x208894a000 is The pool entry that should have been found8894a138 is The next pool entryThe cause is The pool block header size is corrupt.A pool header issue is a problem with Windows memory allocation. Device driver issues are probably the most common, but this can have diverse causes including bad sectors or other disk write issues, and problems with some routers. (By theory, RAM problems would be suspect for memory pool issues, but I haven’t been able to confirm this as a cause.)http://support.microsoft.com/?kbid=892260&sd=RMVPhttp://support.microsoft.com/?kbid=925259&sd=RMVPhttp://support.microsoft.com/?kbid=884585&sd=RMVPhttp://support.microsoft.com/?kbid=905795&sd=RMVPAny chance the machine was infected with w32.bolzano or W32.Funlove. ? They can alter ntoskrnl.exe causing these errors.http://www.symantec.com/security_response/...-121515-4146-99The virus modifies only 2 bytes in a security API called SeAccessCheck that is part of ntoskrnl.exe. This way Bolzano is able to give full access to all users to each file regardless of its protection,Try the ntoskrnl.exe fix tool for funlove that symantec provideshttp://www.sarc.com/avcenter/venc/data/dos...9.fix.tool.html Quote Link to post Share on other sites
shanenin Posted December 27, 2008 Author Report Share Posted December 27, 2008 Thanks for all the help. I will check out those links. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.