Windows 7: Will someone look at my minidump file please!

stinman · 04 Mar 2010

About 5days ago zigzag looked at a dump file for me,I ran memorytest86+ for about 3hrs and all was well.I did some test with prime95 also.All is well.I am not overclocked.I did have perfectdisk 10 until a few minutes ago,zigzag told me that I had a memory corruption at the same time Perfectdisk screwed up.Can someone look at this new mini dump to tell me what happened.I was on firefox,I went into the other room for a bit and left the page loaded,when I came back it had rebooted.Thankyou all here at Windows 7 Forum

stin

Jonathan_King · 04 Mar 2010

Well this one looks like it was caused by your anti-virus Kaspersky. I would recommend disabling or uninstalling it.

A good replacement is Microsoft Security Essentials, for free.

You can also do a system files check. Open an elevated command prompt and enter sfc /scannow.

I also strongly recommend testing your hard drive. See this list here: Hard Drive Diagnostics Tools and Utilities (Storage) - TACKtech Corp.

Download the appropriate diagnostics for your drive, and run a scan.

For anyone interested:

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Jonathan\Desktop\030410-19952-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02e10000 PsLoadedModuleList = 0xfffff800`0304de50
Debug session time: Thu Mar  4 20:33:29.696 2010 (GMT-5)
System Uptime: 0 days 3:30:51.991
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff88003c85718, fffff88003c84f70, fffff880012c9c50}

Probably caused by : Ntfs.sys ( Ntfs!NtfsFindPrefixHashEntry+227 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88003c85718
Arg3: fffff88003c84f70
Arg4: fffff880012c9c50

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff88003c85718 -- (.exr 0xfffff88003c85718)
ExceptionAddress: fffff880012c9c50 (Ntfs!NtfsFindPrefixHashEntry+0x0000000000000227)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff88003c84f70 -- (.cxr 0xfffff88003c84f70)
rax=0000000000000054 rbx=fffff8a009437730 rcx=0000000000000734
rdx=0000000000000001 rsi=fffff8a0001dabc0 rdi=fffffa8004b5a350
rip=fffff880012c9c50 rsp=fffff88003c85950 rbp=0000000000009330
 r8=00000000318ffb9a  r9=0000000000000000 r10=000000000000000e
r11=fffff88003c85998 r12=ff7ff8a00945dac8 r13=fffff88002ae8490
r14=000000000000039a r15=0000000000003b9a
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
Ntfs!NtfsFindPrefixHashEntry+0x227:
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h] ds:002b:ff7ff8a0`0945dae0=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b80e0
 ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

FAULTING_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff880012cace2 to fffff880012c9c50

STACK_TEXT:  
fffff880`03c85950 fffff880`012cace2 : fffffa80`0924a010 fffffa80`04b5a350 fffff8a0`001dabc0 00000000`00000701 : Ntfs!NtfsFindPrefixHashEntry+0x227
fffff880`03c85a80 fffff880`012c528d : fffffa80`0924a010 fffffa80`076ff010 fffff880`03c85c60 fffff880`03c85ca8 : Ntfs!NtfsFindStartingNode+0x452
fffff880`03c85b50 fffff880`0122ec0d : fffffa80`0924a010 fffffa80`076ff010 fffff880`02ae8490 fffffa80`07404b00 : Ntfs!NtfsCommonCreate+0x3dd
fffff880`03c85d30 fffff800`02e79d87 : fffff880`02ae8400 00000000`7e677000 00000000`7e675000 00000000`0565f6c4 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`03c85d60 fffff800`02e79d41 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KySwitchKernelStackCallout+0x27
fffff880`02ae82d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsFindPrefixHashEntry+227

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc14f

STACK_COMMAND:  .cxr 0xfffff88003c84f70 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88003c85718
Arg3: fffff88003c84f70
Arg4: fffff880012c9c50

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff88003c85718 -- (.exr 0xfffff88003c85718)
ExceptionAddress: fffff880012c9c50 (Ntfs!NtfsFindPrefixHashEntry+0x0000000000000227)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff88003c84f70 -- (.cxr 0xfffff88003c84f70)
rax=0000000000000054 rbx=fffff8a009437730 rcx=0000000000000734
rdx=0000000000000001 rsi=fffff8a0001dabc0 rdi=fffffa8004b5a350
rip=fffff880012c9c50 rsp=fffff88003c85950 rbp=0000000000009330
 r8=00000000318ffb9a  r9=0000000000000000 r10=000000000000000e
r11=fffff88003c85998 r12=ff7ff8a00945dac8 r13=fffff88002ae8490
r14=000000000000039a r15=0000000000003b9a
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
Ntfs!NtfsFindPrefixHashEntry+0x227:
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h] ds:002b:ff7ff8a0`0945dae0=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS:  ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

FAULTING_IP: 
Ntfs!NtfsFindPrefixHashEntry+227
fffff880`012c9c50 498b7c2418      mov     rdi,qword ptr [r12+18h]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff880012cace2 to fffff880012c9c50

STACK_TEXT:  
fffff880`03c85950 fffff880`012cace2 : fffffa80`0924a010 fffffa80`04b5a350 fffff8a0`001dabc0 00000000`00000701 : Ntfs!NtfsFindPrefixHashEntry+0x227
fffff880`03c85a80 fffff880`012c528d : fffffa80`0924a010 fffffa80`076ff010 fffff880`03c85c60 fffff880`03c85ca8 : Ntfs!NtfsFindStartingNode+0x452
fffff880`03c85b50 fffff880`0122ec0d : fffffa80`0924a010 fffffa80`076ff010 fffff880`02ae8490 fffffa80`07404b00 : Ntfs!NtfsCommonCreate+0x3dd
fffff880`03c85d30 fffff800`02e79d87 : fffff880`02ae8400 00000000`7e677000 00000000`7e675000 00000000`0565f6c4 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`03c85d60 fffff800`02e79d41 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KySwitchKernelStackCallout+0x27
fffff880`02ae82d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsFindPrefixHashEntry+227

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc14f

STACK_COMMAND:  .cxr 0xfffff88003c84f70 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

BUCKET_ID:  X64_0x24_Ntfs!NtfsFindPrefixHashEntry+227

Followup: MachineOwner
---------

stinman · 04 Mar 2010

What a bummer,I paid good money for this.Perfect disk 10 and Kaspersky 2010 never did play nice.KIS 2010 always stopped it from defragging with stealth patrol.Plus KIS 2010 always loads custom dynamic link libaries,I get a warning about this everyday,I tracked it down and it is from KIS.On their forum they said this is normal.Well thanks!

I gave you a rep for helping me,Thanks again

stin

Jonathan_King · 04 Mar 2010

Well we can't be sure it is your anti-virus. It's just our best guess. Keep the license key, in case you want to reinstall it.

stinman · 04 Mar 2010

May I ask how you came to this conclusion,you know how to read the numbers to text?Isn't there a tool that will tell you what all that means above in your post?
stin

Jonathan_King · 05 Mar 2010

Well if you look in the code above (I have highlighted the part), you will see that avp.exe was running during the crash. A Google search reveals that process belongs to Kaspersky.

You can also look here and look up the bugcheck, in this case, 24.

Since we only have 1 dmp, that's the best we can guess.

No, there is no tool to interpret that code, except your brain and Google. That is the output of a tool, Microsoft Windows Debugger.

zigzag3143 · 06 Mar 2010

Quote: Originally Posted by stinman

May I ask how you came to this conclusion,you know how to read the numbers to text?Isn't there a tool that will tell you what all that means above in your post?
stin

Hey Stin

There are several tools when used in conjunction will yield the cause of a crash. the easiest to use but not most accurate is called blue screen view.

Windows 7: Will someone look at my minidump file please!

Will someone look at my minidump file please! problems?