How do I diagnose my minidump file

[dawn]

I have downloaded and installed MS Debugging Tools for Windows, opened the minidump file and ran the !anyalyze -v command on the dump file, but I don't know what exactly is the error in the Bug Analysis. Can anyone tell me what to look for so I know which device is faulting?

Thanks,
dawn

 

[howard_hopkinso]

Hello and welcome to Techspot.

You might want to take a look at this short tutorial HERE.

If that doesn`t help, attach 5 or 6 of your latest minidumps here and I`ll take a look for you.

Regards Howard :wave: :wave:

 

[dawn]

Thanks! That was helpful. It looks like the culprit is ntoskrnl.exe, but what does that mean?? I've attached the minidump from yesterday. There were two, but they were exactly the same.

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\New Folder\Mini081006-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\I386
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Thu Aug 10 09:19:49.718 2006 (GMT-7)
System Uptime: 0 days 4:16:21.264
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {c007b904, 2, 0, 804e91b7}

Probably caused by : ntoskrnl.exe ( nt!IoSetThreadHardErrorMode+16 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: c007b904, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804e91b7, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: c007b904

CURRENT_IRQL: 2

FAULTING_IP:
nt!IoSetThreadHardErrorMode+16
804e91b7 f60301 test byte ptr [ebx],1

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: mcinsupd.exe

LAST_CONTROL_TRANSFER: from 804ebace to 804e91b7

STACK_TEXT:
f7906e80 804ebace cff2ba55 00000023 83dff890 nt!IoSetThreadHardErrorMode+0x16
f7906fa4 804dc378 cff2ba55 00000023 ffdff000 nt!MiInsertVad+0x36
f7906fd0 804dbbd4 80559280 00000000 000f0550 nt!KiWaitTest+0x56
f7906fd4 80559280 00000000 000f0550 00000000 nt!ExReleaseResourceLite+0x4
f7906fd8 00000000 000f0550 00000000 00000000 nt!VdmStringIoBuffer+0x3a0


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!IoSetThreadHardErrorMode+16
804e91b7 f60301 test byte ptr [ebx],1

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!IoSetThreadHardErrorMode+16

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9

FAILURE_BUCKET_ID: 0xA_nt!IoSetThreadHardErrorMode+16

BUCKET_ID: 0xA_nt!IoSetThreadHardErrorMode+16

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806eb100 nt M (pdb symbols) C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Tue Mar 01 16:59:37 2005 (42250FF9)
CheckSum: 002198AF
ImageSize: 00214100
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
WARNING: Whitespace at end of path element

 

[howard_hopkinso]

While your minidump crashes at ntoskrnl.exe, it references mcinsupd.exe as the owning process. This is the McAfee VirusScan Daily Update Module.

In other words, it possible your crash is caused by McAfee. Uninstalling and reinstalling McAffe may help. You should also check for any Mcafee updates that may be available.

If you would like to post the actual minidumps, I`ll take a look at them and see what I can find.

Regards Howard

 

[dawn]

Thanks again. Really appreciate your replying right back. I can't get back to that computer until Tuesday afternoon. I just copied the minidump to a cd and brought it with me. Are you referring to the actual minidump as the file that says mini081006-2.dmp? If so, how do I attach it? When I open it its all greek and could only read them through the Windbg program from MS.

 

[howard_hopkinso]

To attach your minidumps do the following.

Click the reply button and scroll down and click on the manage attachments button. Click the browse button and browse to where your minidumps are. Click open and then click upload. Do this for each minidump you would like to attach.

Once done, close the attachments window and continue your post, then click the submit button.

Regards Howard

 

[dawn]

Okay. Here it is.

Thanks, Dawn

 

[howard_hopkinso]

Your minidump crashes with memory corruption. The owning process is mcinsupd.exe, which is your McAfee again.

I believe you problem is either caused by McAfee or a possible ram problem.

Disconnect from the net and completely uninstall McAfee. See if you still get BSOD`s. Don`t reconnect to the net, untill you have reinstalled McAfee.

Let me know the results.

Regards Howard

 

[dawn]

Thanks, Howard. I will do just that on Tuesday and get back to you with the results. I appreciate all of your assistance.

Have a good day,

Dawn

 

[dawn]

Hi Howard,

I got the McAfee uninstalled and I did not have any sudden restarts. I did not reinstall it yet because I found a few more dmp files and if I'm reading them the way you are I'm thinking there are a few other problems. I attached a few more that I found. If you wouldn't mind looking at them I'd appreciate it.

Thanks,

Dawn:wave:

 

[howard_hopkinso]

Your minidumps are crashing with various culprits. However, since you`re no longer getting any crashes, I`d say we`ve probably found the culprit, namely Mcafee.

Download the free AVG antivirus programme from HERE. If you also require a good free firewall programme, then the free Zonealarm, or Kerio firewalls are a good choice. You can get them HERE and HERE.

Once you`ve installed whatever Firewall you chose, install AVG and run the AVG updates. See if your system is still stable.

Regards Howard

 

[dawn]

Thanks. I was considering AVG, thought I'd wait until tomorrow to see if I have any more crashes, and I'll check out those firewalls too.

Have a good day,
Dawn