Irql less than or equal to, ntfs.sys

[AirChambz]

Hello everyone, long time fan, first time poster, I have been encountering a system error for awhile event 1003 category 102, the BSOD says IRQL less than or equal to and it happens on random occasions, there is nothing in particular that I am doing when it Shuts down, playing games, surfing the internet, rearranging files, etc. Also 2 Dcom Errors, both event 10016, and 2 Service Control Manager Errors, event 7000 and 7009, always occur before the System Error and a warning on my TCIP, event 4226, occurs after the System Error. I was able to Diagnose my minidump and it looks like the problem is the Ntfs.sys file, however I am not sure and if it is I do not know how to fix it. My computer is running on windows xp 64-bit professional. I also updated all my drivers and none of them have warnings. Any help in fixing this would be much appreciated. Here is my minidump file for the System Error.

Mini Kernel Dump File: Only registers and stack trace are available

Executable search path is:
*** WARNING: Unable to verify checksum for ntkrnlmp.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140
Debug session time: Tue Dec 16 18:52:32.718 2008 (GMT-5)
System Uptime: 0 days 0:53:20.505
*** WARNING: Unable to verify checksum for ntkrnlmp.exe
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.....
*** WARNING: Unable to verify checksum for Ntfs.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {19033d, fffffadfbf64c650, fffffadfbf64c060, fffff80001039efa}

*** WARNING: Unable to verify checksum for fltmgr.sys
*** WARNING: Unable to verify checksum for sr.sys
Probably caused by : Ntfs.sys ( Ntfs!NtfsPrepareBuffers+97a )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 000000000019033d
Arg2: fffffadfbf64c650
Arg3: fffffadfbf64c060
Arg4: fffff80001039efa

Debugging Details:
------------------


EXCEPTION_RECORD: fffffadfbf64c650 -- (.exr 0xfffffadfbf64c650)
ExceptionAddress: fffff80001039efa (nt!ExRemoveHeadNBQueue+0x0000000000000098)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008

CONTEXT: fffffadfbf64c060 -- (.cxr 0xfffffadfbf64c060)
rax=0a6ffadfcedd1350 rbx=ffff000000000000 rcx=fffffadfcedd20e0
rdx=0000000000000000 rsi=0000ffffffffffff rdi=0001000000000000
rip=fffff80001039efa rsp=fffffadfbf64c870 rbp=0000000000000003
r8=0b3cfadfcedd20e0 r9=fffffadfcedd1350 r10=fffffadfcedcef80
r11=fffffadfbf64c8d8 r12=0000000000000005 r13=fffff80001000000
r14=fffffadfff6fbe20 r15=0000000000000001
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nt!ExRemoveHeadNBQueue+0x98:
fffff800`01039efa 488b4a08 mov rcx,qword ptr [rdx+8] ds:002b:00000000`00000008=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: avscan.exe

CURRENT_IRQL: 1

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000008

READ_ADDRESS: 0000000000000008

FOLLOWUP_IP:
Ntfs!NtfsPrepareBuffers+97a
fffffadf`c842a5b4 488bc8 mov rcx,rax

BUGCHECK_STR: 0x24

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from fffff80001034df1 to fffff80001039efa

STACK_TEXT:
fffffadf`bf64c870 fffff800`01034df1 : fffffadf`caec9000 00000000`00000003 fffffadf`ff6fbe50 fffffadf`ff6fbe78 : nt!ExRemoveHeadNBQueue+0x98
fffffadf`bf64c8a0 fffffadf`c842a5b4 : fffffadf`ff6fbe20 fffffabd`ab2c0000 00000000`00000202 fffff800`0103524c : nt!MmMapLockedPagesSpecifyCache+0x265
fffffadf`bf64c940 fffffadf`c8424e16 : fffffadf`bf64cef0 00000000`00000000 fffffa80`05042110 fffffadf`00010000 : Ntfs!NtfsPrepareBuffers+0x97a
fffffadf`bf64cab0 fffffadf`c84219aa : fffffadf`bf64cef0 fffffabd`ab2c0c10 fffffa80`05042110 00000000`00053000 : Ntfs!NtfsNonCachedIo+0x24d
fffffadf`bf64cd20 fffffadf`c8421e2e : fffffadf`bf64ceb0 fffffabd`ab2c0c10 fffffadf`bf64ce01 fffffadf`bf64cef0 : Ntfs!NtfsCommonRead+0x1273
fffffadf`bf64ceb0 fffff800`013de255 : fffffabd`ab2c0c10 fffffabd`ab2c0c10 fffffadf`cb0b9b40 fffffabd`ab2c0c10 : Ntfs!NtfsFsdRead+0x262
fffffadf`bf64d160 fffffadf`c8581922 : 00000000`00000001 fffffabd`ab2c0c10 00000000`00000000 fffffabd`ab2c0c10 : nt!IovCallDriver+0x1b5
fffffadf`bf64d1d0 fffff800`013de255 : 00000000`00000000 fffffabd`ab2c0c10 fffffadf`cb606d40 fffffadf`ce6722d0 : fltmgr!FltpDispatch+0x1c2
fffffadf`bf64d230 fffff800`013de255 : fffffabd`ab2c0c10 fffffabd`ab2c0c10 fffffadf`c8581922 fffffadf`cb81af60 : nt!IovCallDriver+0x1b5
fffffadf`bf64d2a0 fffffadf`c8581922 : 00000000`00000001 fffffabd`ab2c0c10 fffffabd`ab2c0c10 fffffabd`ab2c0c10 : nt!IovCallDriver+0x1b5
fffffadf`bf64d310 fffff800`013de255 : fffffadf`cb643da0 fffffabd`ab2c0c10 fffffadf`cb160c10 fffffadf`cd6ebbd0 : fltmgr!FltpDispatch+0x1c2
fffffadf`bf64d370 fffff800`0107951a : fffffadf`cb6f880b fffffabd`ab2c0c10 fffffadf`cd6ebbd0 fffffadf`cd6ebbd0 : nt!IovCallDriver+0x1b5
fffffadf`bf64d3e0 fffff800`01017051 : 00000000`00000000 00000000`00029f1a fffff6fc`c0e5c698 00000000`00000000 : nt!IoPageRead+0x1dc
fffffadf`bf64d430 fffff800`01043d24 : fffffadf`00000000 fffff981`cb8d3000 fffff6fc`c0e5c698 fffffa80`0443e868 : nt!MiDispatchFault+0x17f6
fffffadf`bf64d570 fffff800`010446a7 : fffffadf`cb9aa990 fffffadf`c8568186 fffffa80`0443e800 fffffadf`cb965040 : nt!MmAccessFault+0xbb3
fffffadf`bf64d640 fffff800`0125f028 : fffff981`cb8d3000 00000000`00005000 00000000`00000d00 00000000`00005000 : nt!MmCheckCachedPageState+0x76a
fffffadf`bf64d6c0 fffffadf`c8496f01 : fffffadf`cb9aa990 00000000`00000000 00000000`00005000 fffffa80`05042110 : nt!CcFastCopyRead+0x1ec
fffffadf`bf64d7b0 fffffadf`c857f9f8 : 00000000`00000000 fffff6fd`5ed51200 fffffabd`00005000 fffffabd`aa256c01 : Ntfs!NtfsCopyReadA+0x23e
fffffadf`bf64d850 fffffadf`c8599f4b : fffffadf`cacf85d0 00000000`00000001 fffffadf`cb965040 00000000`00000000 : fltmgr!FltpPerformFastIoCall+0x128
fffffadf`bf64d8c0 fffffadf`c8568207 : fffffabd`7d22ecea fffff800`013eff4d 00000000`00000000 fffff800`013f3134 : fltmgr!FltpFastIoRead+0xeb
fffffadf`bf64d970 fffffadf`c857f9f8 : fffffadf`cae9fdc0 fffffadf`bf64dcf0 fffffadf`cae9fdc0 fffffadf`bf64dcf0 : sr!SrFastIoRead+0x67
fffffadf`bf64d9c0 fffffadf`c8599f4b : 00000000`00000174 fffff800`0103c414 00000000`00000000 fffffadf`bf64dc01 : fltmgr!FltpPerformFastIoCall+0x128
fffffadf`bf64da30 fffff800`01261b58 : 00000000`00000008 fffffadf`00000001 fffffadf`cb9aa990 fffff800`0126a563 : fltmgr!FltpFastIoRead+0xeb
fffffadf`bf64dae0 fffff800`0102e33d : 00000000`00000174 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x4b5
fffffadf`bf64dc00 00000000`78b83f01 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`02e3f0a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x78b83f01


SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: Ntfs!NtfsPrepareBuffers+97a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME: Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d699ef

STACK_COMMAND: .cxr 0xfffffadfbf64c060 ; kb

FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsPrepareBuffers+97a

BUCKET_ID: X64_0x24_Ntfs!NtfsPrepareBuffers+97a

Followup: MachineOwner
---------

 

[Route44]

From Auhma.org: 0x00000024: NTFS_FILE_SYSTEM

A problem occurred within NTFS.SYS, the driver file that allows the system to read and write to NTFS file system drives. There may be a physical problem with the disk, or an Interrupt Request Packet (IRP) may be corrupted. Other common causes include heavy hard drive fragmentation, heavy file I/O, problems with some types of drive-mirroring software, or some antivirus softwar.

1. Run ChkDsk or ScanDisk as a first step.

2. Run a full harddrive diagnostics by utilizing the free utility from your harddrive manufacturer.

 

[AirChambz]

First off I'd like to thank you for taking the time to reply to my plight. Well I was able to run chkdsk which found a few errors, so I ran a full chkdsk at reboot, which I suppose might have fixed the problems, because when I ran WD diagnotics to check my hard drive it passed, although I had not run the diagnotics before chkdsk so I have nothing to compare it to. I think I will just have to let time show whether its repaired or not, because it was never a constant problem it would intermittently just shut down and flash the BSOD. Nevertheless thanks for the advice, I will probably end up reporting back to techspot when further complications arise.