NtfsCommonCleanup in crash dump analysis ???

Hello I have a mini dump file from a Windows Vista 32bit,  Ultimate computer.
Intel Core 2 Duo
8GB RAM

I have never understood debugging properly so hence the reason why I am asking the question.
I did however manage to specify a symbol path and then put the crash dump file thru the preverbial "mincer".
Please can somebody help me explain where to begin.

I installed Microsoft WinDbg : 6.11.0001.404 x86
Version 5.1


Below is a copy from the debugger


...many thanks in advance


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\User01\Desktop\Galilieo\Office PC\Mini033011-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at end of path element
Symbol search path is: http://msdl.microsoft.com/download/symbols
;SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6002.18327.x86fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0x82402000 PsLoadedModuleList = 0x82519c70
Debug session time: Wed Mar 30 12:05:45.227 2011 (GMT+2)
System Uptime: 0 days 0:05:27.915
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904aa, c3bc7a30, c3bc772c, 8b2a095a}

Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonCleanup+307f )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904aa
Arg2: c3bc7a30
Arg3: c3bc772c
Arg4: 8b2a095a

Debugging Details:
------------------


EXCEPTION_RECORD:  c3bc7a30 -- (.exr 0xffffffffc3bc7a30)
ExceptionAddress: 8b2a095a (Ntfs!NtfsCommonCleanup+0x0000307f)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000440
Attempt to read from address 00000440

CONTEXT:  c3bc772c -- (.cxr 0xffffffffc3bc772c)
eax=00000400 ebx=00000000 ecx=00000000 edx=00000000 esi=b0f1d008 edi=b12fa794
eip=8b2a095a esp=c3bc7af8 ebp=c3bc7cf0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
Ntfs!NtfsCommonCleanup+0x307f:
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx ds:0023:00000440=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  3

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

PROCESS_NAME:  HelpPane.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000440

READ_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
 00000440

FOLLOWUP_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

FAULTING_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from 8b21e95a to 8b2a095a

STACK_TEXT:  
c3bc7cf0 8b21e95a b12fa794 8579de00 489827bb Ntfs!NtfsCommonCleanup+0x307f
c3bc7d2c 824af218 b12fa744 000008ec ffffffff Ntfs!NtfsCommonCleanupCallout+0x1d
c3bc7d2c 824af311 b12fa744 000008ec ffffffff nt!KiSwapKernelStackAndExit+0x118
b12fa6d4 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCommonCleanup+307f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0192a

STACK_COMMAND:  .cxr 0xffffffffc3bc772c ; kb

FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904aa
Arg2: c3bc7a30
Arg3: c3bc772c
Arg4: 8b2a095a

Debugging Details:
------------------


EXCEPTION_RECORD:  c3bc7a30 -- (.exr 0xffffffffc3bc7a30)
ExceptionAddress: 8b2a095a (Ntfs!NtfsCommonCleanup+0x0000307f)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000440
Attempt to read from address 00000440

CONTEXT:  c3bc772c -- (.cxr 0xffffffffc3bc772c)
eax=00000400 ebx=00000000 ecx=00000000 edx=00000000 esi=b0f1d008 edi=b12fa794
eip=8b2a095a esp=c3bc7af8 ebp=c3bc7cf0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
Ntfs!NtfsCommonCleanup+0x307f:
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx ds:0023:00000440=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  3

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

PROCESS_NAME:  HelpPane.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000440

READ_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
 00000440

FOLLOWUP_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

FAULTING_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from 8b21e95a to 8b2a095a

STACK_TEXT:  
c3bc7cf0 8b21e95a b12fa794 8579de00 489827bb Ntfs!NtfsCommonCleanup+0x307f
c3bc7d2c 824af218 b12fa744 000008ec ffffffff Ntfs!NtfsCommonCleanupCallout+0x1d
c3bc7d2c 824af311 b12fa744 000008ec ffffffff nt!KiSwapKernelStackAndExit+0x118
b12fa6d4 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCommonCleanup+307f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0192a

STACK_COMMAND:  .cxr 0xffffffffc3bc772c ; kb

FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

Followup: MachineOwner
---------

Ingo BrownOwnerAsked:
Who is Participating?
 
nobusCommented:
i would start by testing the ram with memtest86+ from www.memtest.org
or download ubcd -  it has all diags you may need : http://www.ultimatebootcd.com/      
0
 
Ingo BrownOwnerAuthor Commented:
Sorry nobus
I was away for the last few days.
The memtest is one of the things I did and there is faulty memory. Also we have acronis imagages previous stages of the pc which we are able to roll back to.
Thanks for your suggestions
0
 
Ingo BrownOwnerAuthor Commented:
Quick response much appreciated
0
 
nobusCommented:
then i don't quite understand the B grade ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.