TechSpot

Irql less than or equal to, ntfs.sys

By AirChambz
Dec 17, 2008
Topic Status:
Not open for further replies.
  1. Hello everyone, long time fan, first time poster, I have been encountering a system error for awhile event 1003 category 102, the BSOD says IRQL less than or equal to and it happens on random occasions, there is nothing in particular that I am doing when it Shuts down, playing games, surfing the internet, rearranging files, etc. Also 2 Dcom Errors, both event 10016, and 2 Service Control Manager Errors, event 7000 and 7009, always occur before the System Error and a warning on my TCIP, event 4226, occurs after the System Error. I was able to Diagnose my minidump and it looks like the problem is the Ntfs.sys file, however I am not sure and if it is I do not know how to fix it. My computer is running on windows xp 64-bit professional. I also updated all my drivers and none of them have warnings. Any help in fixing this would be much appreciated. Here is my minidump file for the System Error.

    Mini Kernel Dump File: Only registers and stack trace are available

    Executable search path is:
    *** WARNING: Unable to verify checksum for ntkrnlmp.exe
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 3790.srv03_sp2_gdr.080813-1204
    Machine Name:
    Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140
    Debug session time: Tue Dec 16 18:52:32.718 2008 (GMT-5)
    System Uptime: 0 days 0:53:20.505
    *** WARNING: Unable to verify checksum for ntkrnlmp.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .................
    Loading User Symbols
    Loading unloaded module list
    .....
    *** WARNING: Unable to verify checksum for Ntfs.sys
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 24, {19033d, fffffadfbf64c650, fffffadfbf64c060, fffff80001039efa}

    *** WARNING: Unable to verify checksum for fltmgr.sys
    *** WARNING: Unable to verify checksum for sr.sys
    Probably caused by : Ntfs.sys ( Ntfs!NtfsPrepareBuffers+97a )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
    Arguments:
    Arg1: 000000000019033d
    Arg2: fffffadfbf64c650
    Arg3: fffffadfbf64c060
    Arg4: fffff80001039efa

    Debugging Details:
    ------------------


    EXCEPTION_RECORD: fffffadfbf64c650 -- (.exr 0xfffffadfbf64c650)
    ExceptionAddress: fffff80001039efa (nt!ExRemoveHeadNBQueue+0x0000000000000098)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 0000000000000000
    Parameter[1]: 0000000000000008
    Attempt to read from address 0000000000000008

    CONTEXT: fffffadfbf64c060 -- (.cxr 0xfffffadfbf64c060)
    rax=0a6ffadfcedd1350 rbx=ffff000000000000 rcx=fffffadfcedd20e0
    rdx=0000000000000000 rsi=0000ffffffffffff rdi=0001000000000000
    rip=fffff80001039efa rsp=fffffadfbf64c870 rbp=0000000000000003
    r8=0b3cfadfcedd20e0 r9=fffffadfcedd1350 r10=fffffadfcedcef80
    r11=fffffadfbf64c8d8 r12=0000000000000005 r13=fffff80001000000
    r14=fffffadfff6fbe20 r15=0000000000000001
    iopl=0 nv up ei ng nz na pe cy
    cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
    nt!ExRemoveHeadNBQueue+0x98:
    fffff800`01039efa 488b4a08 mov rcx,qword ptr [rdx+8] ds:002b:00000000`00000008=????????????????
    Resetting default scope

    CUSTOMER_CRASH_COUNT: 1

    PROCESS_NAME: avscan.exe

    CURRENT_IRQL: 1

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    EXCEPTION_PARAMETER1: 0000000000000000

    EXCEPTION_PARAMETER2: 0000000000000008

    READ_ADDRESS: 0000000000000008

    FOLLOWUP_IP:
    Ntfs!NtfsPrepareBuffers+97a
    fffffadf`c842a5b4 488bc8 mov rcx,rax

    BUGCHECK_STR: 0x24

    DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

    LAST_CONTROL_TRANSFER: from fffff80001034df1 to fffff80001039efa

    STACK_TEXT:
    fffffadf`bf64c870 fffff800`01034df1 : fffffadf`caec9000 00000000`00000003 fffffadf`ff6fbe50 fffffadf`ff6fbe78 : nt!ExRemoveHeadNBQueue+0x98
    fffffadf`bf64c8a0 fffffadf`c842a5b4 : fffffadf`ff6fbe20 fffffabd`ab2c0000 00000000`00000202 fffff800`0103524c : nt!MmMapLockedPagesSpecifyCache+0x265
    fffffadf`bf64c940 fffffadf`c8424e16 : fffffadf`bf64cef0 00000000`00000000 fffffa80`05042110 fffffadf`00010000 : Ntfs!NtfsPrepareBuffers+0x97a
    fffffadf`bf64cab0 fffffadf`c84219aa : fffffadf`bf64cef0 fffffabd`ab2c0c10 fffffa80`05042110 00000000`00053000 : Ntfs!NtfsNonCachedIo+0x24d
    fffffadf`bf64cd20 fffffadf`c8421e2e : fffffadf`bf64ceb0 fffffabd`ab2c0c10 fffffadf`bf64ce01 fffffadf`bf64cef0 : Ntfs!NtfsCommonRead+0x1273
    fffffadf`bf64ceb0 fffff800`013de255 : fffffabd`ab2c0c10 fffffabd`ab2c0c10 fffffadf`cb0b9b40 fffffabd`ab2c0c10 : Ntfs!NtfsFsdRead+0x262
    fffffadf`bf64d160 fffffadf`c8581922 : 00000000`00000001 fffffabd`ab2c0c10 00000000`00000000 fffffabd`ab2c0c10 : nt!IovCallDriver+0x1b5
    fffffadf`bf64d1d0 fffff800`013de255 : 00000000`00000000 fffffabd`ab2c0c10 fffffadf`cb606d40 fffffadf`ce6722d0 : fltmgr!FltpDispatch+0x1c2
    fffffadf`bf64d230 fffff800`013de255 : fffffabd`ab2c0c10 fffffabd`ab2c0c10 fffffadf`c8581922 fffffadf`cb81af60 : nt!IovCallDriver+0x1b5
    fffffadf`bf64d2a0 fffffadf`c8581922 : 00000000`00000001 fffffabd`ab2c0c10 fffffabd`ab2c0c10 fffffabd`ab2c0c10 : nt!IovCallDriver+0x1b5
    fffffadf`bf64d310 fffff800`013de255 : fffffadf`cb643da0 fffffabd`ab2c0c10 fffffadf`cb160c10 fffffadf`cd6ebbd0 : fltmgr!FltpDispatch+0x1c2
    fffffadf`bf64d370 fffff800`0107951a : fffffadf`cb6f880b fffffabd`ab2c0c10 fffffadf`cd6ebbd0 fffffadf`cd6ebbd0 : nt!IovCallDriver+0x1b5
    fffffadf`bf64d3e0 fffff800`01017051 : 00000000`00000000 00000000`00029f1a fffff6fc`c0e5c698 00000000`00000000 : nt!IoPageRead+0x1dc
    fffffadf`bf64d430 fffff800`01043d24 : fffffadf`00000000 fffff981`cb8d3000 fffff6fc`c0e5c698 fffffa80`0443e868 : nt!MiDispatchFault+0x17f6
    fffffadf`bf64d570 fffff800`010446a7 : fffffadf`cb9aa990 fffffadf`c8568186 fffffa80`0443e800 fffffadf`cb965040 : nt!MmAccessFault+0xbb3
    fffffadf`bf64d640 fffff800`0125f028 : fffff981`cb8d3000 00000000`00005000 00000000`00000d00 00000000`00005000 : nt!MmCheckCachedPageState+0x76a
    fffffadf`bf64d6c0 fffffadf`c8496f01 : fffffadf`cb9aa990 00000000`00000000 00000000`00005000 fffffa80`05042110 : nt!CcFastCopyRead+0x1ec
    fffffadf`bf64d7b0 fffffadf`c857f9f8 : 00000000`00000000 fffff6fd`5ed51200 fffffabd`00005000 fffffabd`aa256c01 : Ntfs!NtfsCopyReadA+0x23e
    fffffadf`bf64d850 fffffadf`c8599f4b : fffffadf`cacf85d0 00000000`00000001 fffffadf`cb965040 00000000`00000000 : fltmgr!FltpPerformFastIoCall+0x128
    fffffadf`bf64d8c0 fffffadf`c8568207 : fffffabd`7d22ecea fffff800`013eff4d 00000000`00000000 fffff800`013f3134 : fltmgr!FltpFastIoRead+0xeb
    fffffadf`bf64d970 fffffadf`c857f9f8 : fffffadf`cae9fdc0 fffffadf`bf64dcf0 fffffadf`cae9fdc0 fffffadf`bf64dcf0 : sr!SrFastIoRead+0x67
    fffffadf`bf64d9c0 fffffadf`c8599f4b : 00000000`00000174 fffff800`0103c414 00000000`00000000 fffffadf`bf64dc01 : fltmgr!FltpPerformFastIoCall+0x128
    fffffadf`bf64da30 fffff800`01261b58 : 00000000`00000008 fffffadf`00000001 fffffadf`cb9aa990 fffff800`0126a563 : fltmgr!FltpFastIoRead+0xeb
    fffffadf`bf64dae0 fffff800`0102e33d : 00000000`00000174 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x4b5
    fffffadf`bf64dc00 00000000`78b83f01 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
    00000000`02e3f0a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x78b83f01


    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: Ntfs!NtfsPrepareBuffers+97a

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: Ntfs

    IMAGE_NAME: Ntfs.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 45d699ef

    STACK_COMMAND: .cxr 0xfffffadfbf64c060 ; kb

    FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsPrepareBuffers+97a

    BUCKET_ID: X64_0x24_Ntfs!NtfsPrepareBuffers+97a

    Followup: MachineOwner
    ---------
  2. Route44

    Route44 TechSpot Ambassador Posts: 12,140   +29

    From Auhma.org: 0x00000024: NTFS_FILE_SYSTEM

    A problem occurred within NTFS.SYS, the driver file that allows the system to read and write to NTFS file system drives. There may be a physical problem with the disk, or an Interrupt Request Packet (IRP) may be corrupted. Other common causes include heavy hard drive fragmentation, heavy file I/O, problems with some types of drive-mirroring software, or some antivirus softwar.

    1. Run ChkDsk or ScanDisk as a first step.

    2. Run a full harddrive diagnostics by utilizing the free utility from your harddrive manufacturer.
  3. AirChambz

    AirChambz TS Rookie Topic Starter

    First off I'd like to thank you for taking the time to reply to my plight. Well I was able to run chkdsk which found a few errors, so I ran a full chkdsk at reboot, which I suppose might have fixed the problems, because when I ran WD diagnotics to check my hard drive it passed, although I had not run the diagnotics before chkdsk so I have nothing to compare it to. I think I will just have to let time show whether its repaired or not, because it was never a constant problem it would intermittently just shut down and flash the BSOD. Nevertheless thanks for the advice, I will probably end up reporting back to techspot when further complications arise.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.