Will someone look at my minidump file please!

S

stinman

New member
About 5days ago zigzag looked at a dump file for me,I ran memorytest86+ for about 3hrs and all was well.I did some test with prime95 also.All is well.I am not overclocked.I did have perfectdisk 10 until a few minutes ago,zigzag told me that I had a memory corruption at the same time Perfectdisk screwed up.Can someone look at this new mini dump to tell me what happened.I was on firefox,I went into the other room for a bit and left the page loaded,when I came back it had rebooted.Thankyou all here at Windows 7 Forum

stin
 

My Computer

Computer Manufacturer/Model Number
self built and Gateway GM5664, 2 toshiba laptops XP&Win 7
OS
windows 7 ultimate 64bit, Win 7 Ul x86, XP
CPU
Phenom 955BE 3.2 C3
Motherboard
GA-MA790GPT-UD3H
Memory
8GBs corsair DDR3 1600 805mhz
Graphics Card(s)
ATI XFX HD6950
Sound Card
Realtek ALC889A HD Audio ATI HDMI Audio
Monitor(s) Displays
Samsung LN46A650 & LN46C630 & syncMaster 23.5
Screen Resolution
1920 1080
Hard Drives
5 1tb Seagate 7200rpms
PSU
BFG 650
Case
Antec 900II
Cooling
ZalmanLED9900A
Keyboard
logitech , Gateway
Mouse
same
Internet Speed
50.0 Cable service
Well this one looks like it was caused by your anti-virus Kaspersky. I would recommend disabling or uninstalling it.

A good replacement is Microsoft Security Essentials, for free.

You can also do a system files check. Open an elevated command prompt and enter sfc /scannow.

I also strongly recommend testing your hard drive. See this list here: Hard Drive Diagnostics Tools and Utilities (Storage) - TACKtech Corp.

Download the appropriate diagnostics for your drive, and run a scan.

For anyone interested:

Code: 
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Jonathan\Desktop\030410-19952-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02e10000 PsLoadedModuleList = 0xfffff800`0304de50
Debug session time: Thu Mar  4 20:33:29.696 2010 (GMT-5)
System Uptime: 0 days 3:30:51.991
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff88003c85718, fffff88003c84f70, fffff880012c9c50}

Probably caused by : Ntfs.sys ( Ntfs!NtfsFindPrefixHashEntry+227 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88003c85718
Arg3: fffff88003c84f70
Arg4: fffff880012c9c50

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff88003c85718 -- (.exr 0xfffff88003c85718)
ExceptionAddress: fffff880012c9c50 (Ntfs!NtfsFindPrefixHashEntry+0x0000000000000227)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff88003c84f70 -- (.cxr 0xfffff88003c84f70)
rax=0000000000000054 rbx=fffff8a009437730 rcx=0000000000000734
rdx=0000000000000001 rsi=fffff8a0001dabc0 rdi=fffffa8004b5a350
rip=fffff880012c9c50 rsp=fffff88003c85950 rbp=0000000000009330
 r8=00000000318ffb9a  r9=0000000000000000 r10=000000000000000e
r11=fffff88003c85998 r12=ff7ff8a00945dac8 r13=fffff88002ae8490
r14=000000000000039a r15=0000000000003b9a
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
Ntfs!NtfsFindPrefixHashEntry+0x227:
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h] ds:002b:ff7ff8a0`0945dae0=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

[COLOR=Red]PROCESS_NAME:  avp.exe[/COLOR]

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b80e0
 ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

FAULTING_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff880012cace2 to fffff880012c9c50

STACK_TEXT:  
fffff880`03c85950 fffff880`012cace2 : fffffa80`0924a010 fffffa80`04b5a350 fffff8a0`001dabc0 00000000`00000701 : Ntfs!NtfsFindPrefixHashEntry+0x227
fffff880`03c85a80 fffff880`012c528d : fffffa80`0924a010 fffffa80`076ff010 fffff880`03c85c60 fffff880`03c85ca8 : Ntfs!NtfsFindStartingNode+0x452
fffff880`03c85b50 fffff880`0122ec0d : fffffa80`0924a010 fffffa80`076ff010 fffff880`02ae8490 fffffa80`07404b00 : Ntfs!NtfsCommonCreate+0x3dd
fffff880`03c85d30 fffff800`02e79d87 : fffff880`02ae8400 00000000`7e677000 00000000`7e675000 00000000`0565f6c4 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`03c85d60 fffff800`02e79d41 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KySwitchKernelStackCallout+0x27
fffff880`02ae82d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsFindPrefixHashEntry+227

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc14f

STACK_COMMAND:  .cxr 0xfffff88003c84f70 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88003c85718
Arg3: fffff88003c84f70
Arg4: fffff880012c9c50

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff88003c85718 -- (.exr 0xfffff88003c85718)
ExceptionAddress: fffff880012c9c50 (Ntfs!NtfsFindPrefixHashEntry+0x0000000000000227)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff88003c84f70 -- (.cxr 0xfffff88003c84f70)
rax=0000000000000054 rbx=fffff8a009437730 rcx=0000000000000734
rdx=0000000000000001 rsi=fffff8a0001dabc0 rdi=fffffa8004b5a350
rip=fffff880012c9c50 rsp=fffff88003c85950 rbp=0000000000009330
 r8=00000000318ffb9a  r9=0000000000000000 r10=000000000000000e
r11=fffff88003c85998 r12=ff7ff8a00945dac8 r13=fffff88002ae8490
r14=000000000000039a r15=0000000000003b9a
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
Ntfs!NtfsFindPrefixHashEntry+0x227:
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h] ds:002b:ff7ff8a0`0945dae0=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS:  ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

FAULTING_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff880012cace2 to fffff880012c9c50

STACK_TEXT:  
fffff880`03c85950 fffff880`012cace2 : fffffa80`0924a010 fffffa80`04b5a350 fffff8a0`001dabc0 00000000`00000701 : Ntfs!NtfsFindPrefixHashEntry+0x227
fffff880`03c85a80 fffff880`012c528d : fffffa80`0924a010 fffffa80`076ff010 fffff880`03c85c60 fffff880`03c85ca8 : Ntfs!NtfsFindStartingNode+0x452
fffff880`03c85b50 fffff880`0122ec0d : fffffa80`0924a010 fffffa80`076ff010 fffff880`02ae8490 fffffa80`07404b00 : Ntfs!NtfsCommonCreate+0x3dd
fffff880`03c85d30 fffff800`02e79d87 : fffff880`02ae8400 00000000`7e677000 00000000`7e675000 00000000`0565f6c4 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`03c85d60 fffff800`02e79d41 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KySwitchKernelStackCallout+0x27
fffff880`02ae82d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsFindPrefixHashEntry+227

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc14f

STACK_COMMAND:  .cxr 0xfffff88003c84f70 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

Followup: MachineOwner
---------
 
Last edited:

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
well

What a bummer,I paid good money for this.Perfect disk 10 and Kaspersky 2010 never did play nice.KIS 2010 always stopped it from defragging with stealth patrol.Plus KIS 2010 always loads custom dynamic link libaries,I get a warning about this everyday,I tracked it down and it is from KIS.On their forum they said this is normal.Well thanks!

I gave you a rep for helping me,Thanks again

stin
 

My Computer

Computer Manufacturer/Model Number
self built and Gateway GM5664, 2 toshiba laptops XP&Win 7
OS
windows 7 ultimate 64bit, Win 7 Ul x86, XP
CPU
Phenom 955BE 3.2 C3
Motherboard
GA-MA790GPT-UD3H
Memory
8GBs corsair DDR3 1600 805mhz
Graphics Card(s)
ATI XFX HD6950
Sound Card
Realtek ALC889A HD Audio ATI HDMI Audio
Monitor(s) Displays
Samsung LN46A650 & LN46C630 & syncMaster 23.5
Screen Resolution
1920 1080
Hard Drives
5 1tb Seagate 7200rpms
PSU
BFG 650
Case
Antec 900II
Cooling
ZalmanLED9900A
Keyboard
logitech , Gateway
Mouse
same
Internet Speed
50.0 Cable service
Well we can't be sure it is your anti-virus. It's just our best guess. Keep the license key, in case you want to reinstall it.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
May I ask how you came to this conclusion,you know how to read the numbers to text?Isn't there a tool that will tell you what all that means above in your post?
stin
 

My Computer

Computer Manufacturer/Model Number
self built and Gateway GM5664, 2 toshiba laptops XP&Win 7
OS
windows 7 ultimate 64bit, Win 7 Ul x86, XP
CPU
Phenom 955BE 3.2 C3
Motherboard
GA-MA790GPT-UD3H
Memory
8GBs corsair DDR3 1600 805mhz
Graphics Card(s)
ATI XFX HD6950
Sound Card
Realtek ALC889A HD Audio ATI HDMI Audio
Monitor(s) Displays
Samsung LN46A650 & LN46C630 & syncMaster 23.5
Screen Resolution
1920 1080
Hard Drives
5 1tb Seagate 7200rpms
PSU
BFG 650
Case
Antec 900II
Cooling
ZalmanLED9900A
Keyboard
logitech , Gateway
Mouse
same
Internet Speed
50.0 Cable service
Well if you look in the code above (I have highlighted the part), you will see that avp.exe was running during the crash. A Google search reveals that process belongs to Kaspersky.

You can also look here and look up the bugcheck, in this case, 24.

Since we only have 1 dmp, that's the best we can guess.

No, there is no tool to interpret that code, except your brain and Google. That is the output of a tool, Microsoft Windows Debugger.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
stinman said:
May I ask how you came to this conclusion,you know how to read the numbers to text?Isn't there a tool that will tell you what all that means above in your post?
stin
Click to expand...

Hey Stin

There are several tools when used in conjunction will yield the cause of a crash. the easiest to use but not most accurate is called blue screen view.
 

My Computer

Computer Manufacturer/Model Number
HP Pavillion dv-7 1005 Tx
OS
Win 8 Release candidate 8400
CPU
[email protected]
Memory
4 gigs
Graphics Card(s)
Nvidia 9600M
Sound Card
HD built-in
Monitor(s) Displays
17" Wxga
Screen Resolution
1440x900
Cooling
none
Internet Speed
45Mb down 5Mb up
You must log in or register to reply here.
Back
Top