NtfsCommonCleanup in crash dump analysis ???

Hello I have a mini dump file from a Windows Vista 32bit,  Ultimate computer.
Intel Core 2 Duo
8GB RAM

I have never understood debugging properly so hence the reason why I am asking the question.
I did however manage to specify a symbol path and then put the crash dump file thru the preverbial "mincer".
Please can somebody help me explain where to begin.

I installed Microsoft WinDbg : 6.11.0001.404 x86
Version 5.1


Below is a copy from the debugger


...many thanks in advance


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\User01\Desktop\Galilieo\Office PC\Mini033011-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at end of path element
Symbol search path is: http://msdl.microsoft.com/download/symbols
;SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6002.18327.x86fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0x82402000 PsLoadedModuleList = 0x82519c70
Debug session time: Wed Mar 30 12:05:45.227 2011 (GMT+2)
System Uptime: 0 days 0:05:27.915
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904aa, c3bc7a30, c3bc772c, 8b2a095a}

Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonCleanup+307f )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904aa
Arg2: c3bc7a30
Arg3: c3bc772c
Arg4: 8b2a095a

Debugging Details:
------------------


EXCEPTION_RECORD:  c3bc7a30 -- (.exr 0xffffffffc3bc7a30)
ExceptionAddress: 8b2a095a (Ntfs!NtfsCommonCleanup+0x0000307f)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000440
Attempt to read from address 00000440

CONTEXT:  c3bc772c -- (.cxr 0xffffffffc3bc772c)
eax=00000400 ebx=00000000 ecx=00000000 edx=00000000 esi=b0f1d008 edi=b12fa794
eip=8b2a095a esp=c3bc7af8 ebp=c3bc7cf0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
Ntfs!NtfsCommonCleanup+0x307f:
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx ds:0023:00000440=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  3

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

PROCESS_NAME:  HelpPane.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000440

READ_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
 00000440

FOLLOWUP_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

FAULTING_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from 8b21e95a to 8b2a095a

STACK_TEXT:  
c3bc7cf0 8b21e95a b12fa794 8579de00 489827bb Ntfs!NtfsCommonCleanup+0x307f
c3bc7d2c 824af218 b12fa744 000008ec ffffffff Ntfs!NtfsCommonCleanupCallout+0x1d
c3bc7d2c 824af311 b12fa744 000008ec ffffffff nt!KiSwapKernelStackAndExit+0x118
b12fa6d4 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCommonCleanup+307f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0192a

STACK_COMMAND:  .cxr 0xffffffffc3bc772c ; kb

FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904aa
Arg2: c3bc7a30
Arg3: c3bc772c
Arg4: 8b2a095a

Debugging Details:
------------------


EXCEPTION_RECORD:  c3bc7a30 -- (.exr 0xffffffffc3bc7a30)
ExceptionAddress: 8b2a095a (Ntfs!NtfsCommonCleanup+0x0000307f)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000440
Attempt to read from address 00000440

CONTEXT:  c3bc772c -- (.cxr 0xffffffffc3bc772c)
eax=00000400 ebx=00000000 ecx=00000000 edx=00000000 esi=b0f1d008 edi=b12fa794
eip=8b2a095a esp=c3bc7af8 ebp=c3bc7cf0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
Ntfs!NtfsCommonCleanup+0x307f:
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx ds:0023:00000440=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  3

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

PROCESS_NAME:  HelpPane.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000440

READ_ADDRESS: GetPointerFromAddress: unable to read from 82539868
Unable to read MiSystemVaType memory at 82519420
 00000440

FOLLOWUP_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

FAULTING_IP:
Ntfs!NtfsCommonCleanup+307f
8b2a095a 395840          cmp     dword ptr [eax+40h],ebx

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from 8b21e95a to 8b2a095a

STACK_TEXT:  
c3bc7cf0 8b21e95a b12fa794 8579de00 489827bb Ntfs!NtfsCommonCleanup+0x307f
c3bc7d2c 824af218 b12fa744 000008ec ffffffff Ntfs!NtfsCommonCleanupCallout+0x1d
c3bc7d2c 824af311 b12fa744 000008ec ffffffff nt!KiSwapKernelStackAndExit+0x118
b12fa6d4 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCommonCleanup+307f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0192a

STACK_COMMAND:  .cxr 0xffffffffc3bc772c ; kb

FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

BUCKET_ID:  0x24_Ntfs!NtfsCommonCleanup+307f

Followup: MachineOwner
---------

Ingo BrownOwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nobusCommented:
i would start by testing the ram with memtest86+ from www.memtest.org
or download ubcd -  it has all diags you may need : http://www.ultimatebootcd.com/      
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ingo BrownOwnerAuthor Commented:
Sorry nobus
I was away for the last few days.
The memtest is one of the things I did and there is faulty memory. Also we have acronis imagages previous stages of the pc which we are able to roll back to.
Thanks for your suggestions
0
Ingo BrownOwnerAuthor Commented:
Quick response much appreciated
0
nobusCommented:
then i don't quite understand the B grade ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Components

From novice to tech pro — start learning today.