Question

Minidump Crash Dump File Help!

Asked by: alcoahd

Could someone take a look at this interesting crash dump file?  I'm a little stumped on my next move.  The customer recently got an iPhone so I'm thinking that's the culprit...any help is appreciated!


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\symbols
Executable search path is:
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 14 09:49:21.979 2009 (GMT-4)
System Uptime: 0 days 23:53:31.107
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
..................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, 8acf5da0, 8acf5f14, 805d297c}

*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** WARNING: Unable to verify timestamp for TfSysMon.sys
*** ERROR: Module load completed but symbols could not be loaded for TfSysMon.sys
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 8acf5da0, Terminating object
Arg3: 8acf5f14, Process image file name
Arg4: 805d297c, Explanatory message (ascii)

Debugging Details:
------------------

unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase

PROCESS_OBJECT: 8acf5da0

EXCEPTION_RECORD:  000000f4 -- (.exr 0xf4)
Cannot read Exception record @ 000000f4

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xF4

STACK_TEXT:  
a60754e8 805d1ac5 000000f4 00000003 8acf5da0 nt!KiDispatchException+0x1c7
a607550c 805d2a27 805d297c 8acf5da0 8acf5f14 nt!SeCaptureSecurityDescriptor+0x301
a607552c ba0feadc 8acf5da0 01075584 a6075574 nt!SeValidSecurityDescriptor+0x75
WARNING: Stack unwind information not available. Following frames may be wrong.
a607553c ba0feb32 8acf5fe8 c0000006 a6075604 TfSysMon+0x6adc
a6075574 8054162c ffffffff c0000006 a60759b0 TfSysMon+0x6b32
a6075584 80501161 badb0d00 a60755fc 00000000 nt!RtlpRangeListEntryLookasideList+0x62c
a6075a20 00000000 a60759d8 8aea6bc8 ffffffff nt!MmProtectMdlSystemAddress+0x8b


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  0xF4_ANALYSIS_INCONCLUSIVE

BUCKET_ID:  0xF4_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------

0: kd> .exr 0xf4
Cannot read Exception record @ 000000f4
0: kd> !process ffffffff8acf5da0 3
GetPointerFromAddress: unable to read from 80562134
TYPE mismatch for process object at 8acf5da0

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-07-14 at 14:03:31ID24570253
Tags

blue screen of death

,

windows xp

,

iphone

,

debugging

Topics

Management & Debugging Software

,

Windows XP Operating System

Participating Experts
2
Points
500
Comments
2

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. BSOD - Minidumps
    Trying to diagnose a computer that ocassionally blue screens. Can someone tell me what these minidumps will reveal? http://home.earthlink.net/~asmb/minidumps/
  2. minidump problem
    Can anyone help me with this. my Server automatically rebooted itself giving me this error message: Error code 1000008e, parameter1 c0000005, parameter2 8095891c, parameter3 ba5274f8, parameter4 00000000. here is the debug: Microsoft (R) Windows Debugger Version 6.7.0005.1 ...
  3. Minidump Mystery
    This computer was infected with several trojans, including a few back doors and other various malwares. We removed everything we could find with various scanners and tools and I'm pretty sure everything is gone now. Ever since the disinfection, the system has been subject t...
  4. Can smoeone help to interpret this minidump file?
    I ran windbg and came up with this. Can someone assist in interpreting this? It appears to be from a hardware driver, but I'd like a second opinion. Loading Dump File [C:\WINDOWS\Minidump\Mini011409-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available...
  5. BSOD and MINIDUMP help
    I have a computer that's randomly crashing. I have some minidumps from the crashes but no idea how to analyze them. I'm attaching minidumps (as .txt, you'll have to rename to .dmp). Any help is appreciated.

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: johnb6767Posted on 2009-07-14 at 14:20:54ID: 24854200

Ultimate Boot CD - Overview
http://www.ultimatebootcd.com/

Scan your HDD for errors with the MFGR utility. Also, let MemTest run for a few hours.

TfSysMon appears to be from an app called ThreatFire System Monitor? Perhaps you can get to Safe Mode, and uninstall that?

 

by: JonveePosted on 2009-07-15 at 00:23:25ID: 24856982

Cannot find any connection between iPhone and the BSOD, but *as johnb6767 has already said there is a Tfsysmon.sys which is related to ThreatFire antiviral software.

Perhaps the customer found that it occured after a ThreatFire AV update?

From your Minidump>
>> ... Following frames may be wrong.
a607553c ba0feb32 8acf5fe8 c0000006 a6075604 TfSysMon+0x6adc     <<

tfsysmon.sys Information:
http://www.greatis.com/appdata/a/t/tfsysmon.sys.htm

You may also want to run the System File Checker>
Start>Run       .. and then type SFC /scannow
http://www.updatexp.com/scannow-sfc.html

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...