|
|
#1
18th Mar 2009, 04:10
|
|||
|
|||
|
Please help,
I've having problems with windows crashing now for a few months. I've reinstalled drivers, taken out hardware etc. I simply do not have the time to do the systematic uninstalling of drivers/hardware that MS suggest. I would like to be able to quickly interpret the minidump files. I have the minidump files but I can't seem to upload them?? Can anyone help?? Please! Cheers, ron |
|
#2
21st Mar 2009, 07:30
|
||||||||||||
|
||||||||||||
|
What's the hex code on the BSOD? That can usually help to figure out what's wrong.
(Blue screen with lots of white writing, the top line should have an alphanumerical string - that's the bit needed.)
__________________
__________________
"Why did they [PS3 Slim] stick with the UFO landing on a rectangle look" --- Nilay Patel; Engadget Ep. 160 My System: FordyPC
|
|
#3
23rd Mar 2009, 04:33
|
|||
|
|||
|
Thanks for getting back to me. Here's the bugcheck analysis:
IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: ff90020c, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 804ed444, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: ff90020c CURRENT_IRQL: 2 FAULTING_IP: nt!CcGetVacbLargeOffset+71 804ed444 8b3486 mov esi,dword ptr [esi+eax*4] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: explorer.exe LAST_CONTROL_TRANSFER: from 804ed48a to 804ed444 STACK_TEXT: b9f06104 804ed48a 8a443000 00000000 00000000 nt!CcGetVacbLargeOffset+0x71 b9f06138 8056d6de 00443000 00000000 00000000 nt!CcGetVirtualAddress+0x70 b9f061a0 f7b78a6e 8a4eed60 b9f061d0 00001000 nt!CcMapData+0x8b b9f061c0 f7b7945f b9f065bc e1966b70 00000000 Ntfs!NtfsMapStream+0x46 b9f061f0 f7b79ace b9f065bc 0000000c 00000000 Ntfs!ReadIndexBuffer+0x8a b9f06220 f7b7b55e b9f065bc e16f0a88 e1fe76a8 Ntfs!FindFirstIndexEntry+0x191 b9f06348 f7b7b6f4 b9f065bc e1966d08 e1966b70 Ntfs!NtfsRestartIndexEnumeration+0x6c b9f0656c f7b7a2e8 b9f065bc 8a274e00 8a626100 Ntfs!NtfsQueryDirectory+0x54a b9f065a0 f7b7a253 b9f065bc e1966b70 8a62c2b0 Ntfs!NtfsCommonDirectoryControl+0xbc b9f06718 804e37f7 8a626020 8a274e00 8a6622e8 Ntfs!NtfsFsdDirectoryControl+0xad b9f06728 f7468459 b9f0676c 804e37f7 8a6277d8 nt!IopfCallDriver+0x31 b9f06730 804e37f7 8a6277d8 8a274e00 8a274e00 sr!SrPassThrough+0x31 b9f06740 f747e09e 8a274e00 8a664f38 00000000 nt!IopfCallDriver+0x31 b9f0676c 804e37f7 8a62c2b0 8a274e00 8a274e00 fltmgr!FltpDispatch+0x152 b9f0677c f7658539 8a590560 8a274e00 8a274e00 nt!IopfCallDriver+0x31 WARNING: Stack unwind information not available. Following frames may be wrong. b9f067b0 f765862c 8a663370 8a274e00 0000000c avgntmgr+0x1539 b9f067c8 804e37f7 8a663370 8a274e00 806f02d0 avgntmgr+0x162c b9f067d8 80567f81 b9f06844 0150ce64 80572111 nt!IopfCallDriver+0x31 b9f067ec 8057216e 8a663370 8a274e00 8a590560 nt!IopSynchronousServiceTail+0x70 b9f06810 804de7ec 00000298 00000000 00000000 nt!NtQueryDirectoryFile+0x5d b9f06810 7c90e4f4 00000298 00000000 00000000 nt!KiFastCallEntry+0xf8 0150d13c 00000000 00000000 00000000 00000000 0x7c90e4f4 STACK_COMMAND: kb FOLLOWUP_IP: avgntmgr+1539 f7658539 ?? ??? SYMBOL_STACK_INDEX: f SYMBOL_NAME: avgntmgr+1539 FOLLOWUP_NAME: MachineOwner MODULE_NAME: avgntmgr IMAGE_NAME: avgntmgr.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4730827c FAILURE_BUCKET_ID: 0xA_avgntmgr+1539 BUCKET_ID: 0xA_avgntmgr+1539 Followup: MachineOwner |
|
#4
23rd Mar 2009, 06:07
|
||||||||||||
|
||||||||||||
|
Have you uninstalled AVG by any chance and/or added a later version or a new AV Program ?
__________________
I notice one of the files mentioned in your post is avgntmgr, so it might be worth running the AVG Removal Tool, to get rid of any remnants of old AVG files and if you still use AVG, reinstall it again. My System: Home Build
|
|
#5
23rd Mar 2009, 07:22
|
|||
|
|||
|
I had AVG installed a while ago but have been using Antivir recently. I've had this file avgntmgr.sys come up before in the crash dump so I've temporarily unistalled AV programs. I've just used the AVG removal tool as suggested an restarted the computer and BAM!! I get another BSOD when logging into windows. It seems that avgntmgr.sys is mentioned again. A virus maybe??? PC otherwise running fine and Safe Mode is never a problem. Any thoughts????
BugCheck 1000000A, {ffff00ff, 2, 0, 804ed444} Unable to load image avgntmgr.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for avgntmgr.sys *** ERROR: Module load completed but symbols could not be loaded for avgntmgr.sys Probably caused by : avgntmgr.sys ( avgntmgr+4609 ) Followup: MachineOwner --------- kd> !analyze -v ************************************************** ***************************** * * * Bugcheck Analysis * * * ************************************************** ***************************** IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: ffff00ff, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 804ed444, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: ffff00ff CURRENT_IRQL: 2 FAULTING_IP: nt!CcGetVacbLargeOffset+71 804ed444 8b3486 mov esi,dword ptr [esi+eax*4] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: svchost.exe LAST_CONTROL_TRANSFER: from 804ed48a to 804ed444 STACK_TEXT: b34933e4 804ed48a 8a490000 00000000 00000000 nt!CcGetVacbLargeOffset+0x71 b3493418 8056d6de 00490000 00000000 00000000 nt!CcGetVirtualAddress+0x70 b3493480 f7b78a6e 8a5d83a0 b34934b0 00001000 nt!CcMapData+0x8b b34934a0 f7b7945f b34937cc e18ce810 00000000 Ntfs!NtfsMapStream+0x46 b34934d0 f7b79ace b34937cc 0000000c 00000000 Ntfs!ReadIndexBuffer+0x8a b3493500 f7b7ab95 b34937cc b349360c e1e38e00 Ntfs!FindFirstIndexEntry+0x191 b3493548 f7b7ace8 b34937cc e18ce810 e1e38e00 Ntfs!NtfsFindIndexEntry+0x48 b349357c f7b7aa23 b34937cc e18ce810 00000101 Ntfs!NtfsLookupEntry+0xa2 b34937a8 f7b77042 b34937cc 8a3c15d0 b34938fc Ntfs!NtfsCommonCreate+0x10c3 b3493954 f746ff70 8a3c15d0 b3493c00 8a626020 Ntfs!NtfsNetworkOpenCreate+0x8a b3493974 f747d0e8 8a3c15d0 b3493c00 8a6277d8 sr!SrFastIoQueryOpen+0x40 b3493994 f7489c27 000000f2 00000000 b34939cc fltmgr!FltpPerformFastIoCall+0x300 b34939ec f765b609 8a3c15d0 b3493c00 8a62c2b0 fltmgr!FltpFastIoQueryOpen+0xa1 WARNING: Stack unwind information not available. Following frames may be wrong. b3493a08 805743fd 8a3c15d0 b3493c00 8a663370 avgntmgr+0x4609 b3493af4 80563fec 8a69b900 00000000 8a5b13a8 nt!IopParseDevice+0x916 b3493b7c 805684da 00000000 b3493bbc 00000040 nt!ObpLookupObjectName+0x56a b3493bd0 805745a3 00000000 00000000 8a3c7201 nt!ObOpenObjectByName+0xeb b3493d54 804de7ec 009cefe0 009cefb8 009cf00c nt!NtQueryAttributesFile+0xf1 b3493d54 7c90e4f4 009cefe0 009cefb8 009cf00c nt!KiFastCallEntry+0xf8 009cf00c 00000000 00000000 00000000 00000000 0x7c90e4f4 STACK_COMMAND: kb FOLLOWUP_IP: avgntmgr+4609 f765b609 ?? ??? SYMBOL_STACK_INDEX: d SYMBOL_NAME: avgntmgr+4609 FOLLOWUP_NAME: MachineOwner MODULE_NAME: avgntmgr IMAGE_NAME: avgntmgr.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4730827c FAILURE_BUCKET_ID: 0xA_avgntmgr+4609 BUCKET_ID: 0xA_avgntmgr+4609 Followup: MachineOwner --------- |
|
#6
23rd Mar 2009, 08:49
|
|||
|
|||
|
It definitely sounds like a fragment AVG has left behind.
Have a look at what programs etc. are being called at Start Up, in msconfig. Goto Start/Run type msconfig and hit Enter .... click on the Start Up tab and see if anything there has AVG in it. If so untick the item(s) click Apply & OK, then reboot the system .... you may get a Nag on reboot but just tick up not to be shown again or whatever ..... I forget the exact message. If this doesn't do it, I guess you could uninstall Antivir , then reinstall AVG and remove it again, using the Removal Tool. 
|
|
#7
23rd Mar 2009, 09:02
|
|||
|
|||
|
I'd definitely go with that answer, although you may only have to disable 'Antivir'. Just saying you might be able to save a job.
Couldn't you use hijackthis to remove the offending item? |
|
#9
23rd Mar 2009, 09:22
|
|||
|
|||
|
If it is a virus that is causing the problem with that file or whatever you need it out. I'd get a copy of 'hijack this' just google it and download.
Run it on your machine and look for the file in the list, you should then be able to delete it 'properly' Did you check it was not set to startup in msconfig? Never mind, if you haven't do the hijack thing check the log and remove the offending file. I would then use a couple of virus checkers and spyware cleaners, I have been using malwarebytes as a cleaner amongst other things and it seems to get things others don't, it's free too |
|
#10
23rd Mar 2009, 09:28
|
|||
|
|||
|
One would presume avgntmgr.sys was AVG Net Manager..
However I just googled it and it came up with a lot of malware removal tips etc. it seems it's a nasty little piece of malware.. Download and run Trend Micro Hijack This (HJT) and post a log. I'll have a look, but I'm no expert on malware, we have people here much more knowledgeable on the subject who will be able to examine your log better than I can, it may be blindingly obvious, or it may take hours  it's just the way this works...EDIT* Sorry Communiq, I started posting before yours came up, just took me a while to finish
__________________
"Why did they [PS3 Slim] stick with the UFO landing on a rectangle look" --- Nilay Patel; Engadget Ep. 160 |
