BSOD Probably caused by : Ntfs.sys ( Ntfs+3f17e )

Hello, This problem has been plaguing me for some time now, I have found many threads and forums on similar issues but none of the fixes I have tried have worked,

These Include
Memtests, replacement ram, other PC hardware health checks, removal of pci's.

And numerous driver updates and BIOS updates, none have seemed to have solved the problem.

I am now at a stage, thanks to google where I have read a few threads here and decided I need expert help I am unable to decipher WinDb dump files and am hoping someone here can help out.

I have included the dump file

Thank you in advance
Sean


Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS2\Minidump\Mini122908-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS2\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a6a0
Debug session time: Mon Dec 29 14:06:41.325 2008 (GMT+0)
System Uptime: 0 days 20:15:23.890
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS2\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1902fe, f78e69cc, f78e66c8, f7b9117e}

*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : Ntfs.sys ( Ntfs+3f17e )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 001902fe
Arg2: f78e69cc
Arg3: f78e66c8
Arg4: f7b9117e

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************

MODULE_NAME: Ntfs

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 45cc56a7

EXCEPTION_RECORD: f78e69cc -- (.exr 0xfffffffff78e69cc)
ExceptionAddress: f7b9117e (Ntfs+0x0003f17e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 0097ac80
Attempt to write to address 0097ac80

CONTEXT: f78e66c8 -- (.cxr 0xfffffffff78e66c8)
eax=0097ac80 ebx=e297af70 ecx=e297ac80 edx=159b0002 esi=f78e6ab8 edi=e297af28
eip=f7b9117e esp=f78e6a94 ebp=f78e6a9c iopl=0 nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010292
Ntfs+0x3f17e:
f7b9117e ?? ???
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x24

LAST_CONTROL_TRANSFER: from 804db2c7 to f7b9117e

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f78e6a90 804db2c7 e1868918 f78e6ae4 f7b58328 Ntfs+0x3f17e
f78e6a9c f7b58328 895a4b48 f78e6ab8 895a4b48 nt+0x42c7
f78e6ae4 f7b79c7c 895a4b48 8acb0100 e2d42c58 Ntfs+0x6328
f78e6b3c f7b547b0 895a4b48 e2d42d20 00000000 Ntfs+0x27c7c
f78e6b68 f7b774b5 895a4b48 01d42d20 00000000 Ntfs+0x27b0
f78e6bec f7b77254 895a4b48 e2d42d20 e2d42c58 Ntfs+0x254b5
f78e6c8c 804e37f7 8acb0020 89b8f4a8 8acbf910 Ntfs+0x25254
f78e6ca4 804e37f7 8acb0b38 89b8f4a8 89b8f4a8 nt+0xc7f7
f78e6ce0 804e37f7 8aa13538 89b8f4a8 89b8f4a8 nt+0xc7f7
f78e6d28 80563b77 00bfcf90 8abfcf78 00000000 nt+0xc7f7
f78e6d44 804e36d5 8abfcf90 00000000 806ee298 nt+0x8cb77
f78e6d68 804f2da1 8055ed34 8a4d9858 00000000 nt+0xc6d5
f78e6d8c 80515ba3 e2930190 00000000 8acf0020 nt+0x1bda1
f78e6dac 8057d17b 00000000 00000000 00000000 nt+0x3eba3
f78e6ddc 804f827a 80506905 00000000 00000000 nt+0xa617b
00000000 00000000 00000000 00000000 00000000 nt+0x2127a


FOLLOWUP_IP:
Ntfs+3f17e
f7b9117e ?? ???

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: Ntfs+3f17e

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: Ntfs.sys

STACK_COMMAND: .cxr 0xfffffffff78e66c8 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

 

The memory dump is


:*incorrect log reposted at bottom*:

 

Yes I did it straight after reading this post and whilst downloading the hardware tools

 

I will try again

 

it Would appear that I made a mistake making the debug log

this should be the correct log

Opened log file 'c:temp\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\All Users.WINDOWS2\Application Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS2;C:\WINDOWS2\system32;C:\WINDOWS2\system32\drivers
Windows XP Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Jan 10 18:46:55.000 2009 (GMT+0)
System Uptime: not available
Process Uptime: 0 days 3:14:52.000
............................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(39c.414): Access violation - code c0000005 (first/second chance not available)
eax=000e6320 ebx=87809bc5 ecx=0009baf8 edx=0009bb00 esi=000e6320 edi=0009baf8
eip=87809bc5 esp=00bfff50 ebp=00bfff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
87809bc5 ?? ???
0:009> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************

FAULTING_IP:
+ffffffff87809bc5
87809bc5 ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 87809bc5
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 87809bc5
Attempt to read from address 87809bc5

DEFAULT_BUCKET_ID: NULL_INSTRUCTION_PTR

PROCESS_NAME: lsass.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

READ_ADDRESS: 87809bc5

FAILED_INSTRUCTION_ADDRESS:
+ffffffff87809bc5
87809bc5 ?? ???

IP_ON_HEAP: 87809bc5

FAULTING_THREAD: 00000414

PRIMARY_PROBLEM_CLASS: NULL_INSTRUCTION_PTR

BUGCHECK_STR: APPLICATION_FAULT_NULL_INSTRUCTION_PTR

LAST_CONTROL_TRANSFER: from 75738bac to 87809bc5

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
00bfff4c 75738bac 00000013 000cc200 00bfff98 0x87809bc5
00bfff74 75738c76 000b3cc8 00a6fd20 7c90ee18 lsasrv!SpmPoolThreadBase+0xb3
00bfffb4 7c80b683 000b9a50 00a6fd20 7c90ee18 lsasrv!LsapThreadBase+0x91
00bfffec 00000000 75738c23 000b9a50 00000000 kernel32!BaseThreadStart+0x37


STACK_COMMAND: ~9s; .ecxr ; kb

FOLLOWUP_IP:
lsasrv!SpmPoolThreadBase+b3
75738bac ff7610 push dword ptr [esi+10h]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: lsasrv!SpmPoolThreadBase+b3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: lsasrv

IMAGE_NAME: lsasrv.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 473184e0

FAILURE_BUCKET_ID: NULL_INSTRUCTION_PTR_c0000005_lsasrv.dll!SpmPoolThreadBase

BUCKET_ID: APPLICATION_FAULT_NULL_INSTRUCTION_PTR_BAD_IP_lsasrv!SpmPoolThreadBase+b3

Followup: MachineOwner
---------

eax=000e6320 ebx=87809bc5 ecx=0009baf8 edx=0009bb00 esi=000e6320 edi=0009baf8
eip=87809bc5 esp=00bfff50 ebp=00bfff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
87809bc5 ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
00bfff4c 75738bac 00000013 000cc200 00bfff98 0x87809bc5
00bfff74 75738c76 000b3cc8 00a6fd20 7c90ee18 lsasrv!SpmPoolThreadBase+0xb3 (FPO: [Non-Fpo])
00bfffb4 7c80b683 000b9a50 00a6fd20 7c90ee18 lsasrv!LsapThreadBase+0x91 (FPO: [Non-Fpo])
00bfffec 00000000 75738c23 000b9a50 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
start end module name
01000000 01006000 lsass lsass.exe Wed Aug 04 06:59:41 2004 (41107B4D)
0ffd0000 0fff8000 rsaenh rsaenh.dll Wed Jul 07 03:17:12 2004 (40EB5D28)
10000000 10005000 avgrsstx avgrsstx.dll Mon Jun 30 08:18:49 2008 (486888D9)
20000000 2000e000 msprivs msprivs.dll Wed Aug 04 08:58:58 2004 (41109742)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 08:56:43 2004 (411096BB)
5b860000 5b8b4000 netapi32 netapi32.dll Wed Oct 15 17:57:55 2008 (48F62113)
5cb70000 5cb96000 shimeng shimeng.dll Wed Aug 04 08:56:42 2004 (411096BA)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 16:45:58 2006 (44EF1B36)
662b0000 66308000 hnetcfg hnetcfg.dll Wed Aug 04 08:56:16 2004 (411096A0)
68100000 68124000 dssenh dssenh.dll Sat May 15 02:06:23 2004 (40A56D0F)
6f880000 6fa4a000 AcGenral AcGenral.dll Wed Aug 04 08:55:58 2004 (4110968E)
71a50000 71a8f000 mswsock mswsock.dll Fri Jun 20 18:41:10 2008 (485BEBB6)
71a90000 71a98000 wshtcpip wshtcpip.dll Wed Aug 04 08:57:49 2004 (411096FD)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 08:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 08:57:38 2004 (411096F2)
71b20000 71b32000 mpr mpr.dll Wed Aug 04 08:56:46 2004 (411096BE)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 08:56:29 2004 (411096AD)
71cf0000 71d3b000 kerberos kerberos.dll Wed Jun 15 18:49:30 2005 (42B06A2A)
74370000 7437b000 winipsec winipsec.dll Wed Aug 04 08:57:09 2004 (411096D5)
74380000 7438f000 wdigest wdigest.dll Wed Aug 04 08:56:53 2004 (411096C5)
743a0000 743ab000 pstorsvc pstorsvc.dll Wed Aug 04 08:57:04 2004 (411096D0)
743c0000 743db000 psbase psbase.dll Wed Aug 04 08:56:59 2004 (411096CB)
743e0000 7440f000 ipsecsvc ipsecsvc.dll Wed Aug 04 08:56:15 2004 (4110969F)
74410000 7443e000 scecli scecli.dll Wed Aug 04 08:56:37 2004 (411096B5)
74440000 744aa000 samsrv samsrv.dll Wed Aug 04 08:56:30 2004 (411096AE)
744b0000 74515000 netlogon netlogon.dll Wed Aug 04 08:56:31 2004 (411096AF)
75730000 757e4000 lsasrv lsasrv.dll Wed Nov 07 09:26:56 2007 (473184E0)
75d90000 75e5e000 oakley oakley.dll Wed Aug 04 08:56:21 2004 (411096A5)
76080000 760e5000 msvcp60 msvcp60.dll Wed Aug 04 08:59:13 2004 (41109751)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 08:56:30 2004 (411096AE)
76790000 7679c000 cryptdll cryptdll.dll Wed Aug 04 08:56:02 2004 (41109692)
767a0000 767b3000 ntdsapi ntdsapi.dll Wed Aug 04 08:56:57 2004 (411096C9)
767c0000 767ec000 w32time w32time.dll Wed Aug 04 08:56:34 2004 (411096B2)
767f0000 76817000 schannel schannel.dll Wed Apr 25 15:21:15 2007 (462F63DB)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 08:56:41 2004 (411096B9)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 08:57:10 2004 (411096D6)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 13:59:41 2006 (446DC13D)
76f20000 76f47000 dnsapi dnsapi.dll Fri Jun 20 18:41:10 2008 (485BEBB6)
76f60000 76f8c000 wldap32 wldap32.dll Wed Aug 04 08:56:43 2004 (411096BB)
77120000 771ab000 oleaut32 oleaut32.dll Tue Dec 04 18:38:12 2007 (47559E94)
773d0000 774d3000 comctl32 comctl32.dll Mon Apr 14 01:08:52 2008 (4802A094)
774e0000 7761d000 ole32 ole32.dll Tue Jul 26 05:39:47 2005 (42E5BE93)
776c0000 776d1000 authz authz.dll Wed Mar 02 18:09:29 2005 (42260159)
77920000 77a13000 setupapi setupapi.dll Wed Aug 04 08:56:32 2004 (411096B0)
77a80000 77b14000 crypt32 crypt32.dll Wed Aug 04 08:56:01 2004 (41109691)
77b20000 77b32000 msasn1 msasn1.dll Wed Aug 04 08:57:23 2004 (411096E3)
77b40000 77b62000 apphelp apphelp.dll Wed Aug 04 08:56:36 2004 (411096B4)
77be0000 77bf5000 msacm32 msacm32.dll Wed Aug 04 08:57:03 2004 (411096CF)
77c00000 77c08000 version version.dll Wed Aug 04 08:56:39 2004 (411096B7)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 08:59:14 2004 (41109752)
77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 08:59:11 2004 (4110974F)
77dd0000 77e6b000 advapi32 advapi32.dll Wed Aug 04 08:56:23 2004 (411096A7)
77e70000 77f02000 rpcrt4 rpcrt4.dll Mon Jul 09 14:09:42 2007 (46923396)
77f10000 77f58000 gdi32 gdi32.dll Thu Oct 23 14:01:36 2008 (490075B0)
77f60000 77fd6000 shlwapi shlwapi.dll Thu Sep 14 09:31:29 2006 (45091361)
77fe0000 77ff1000 secur32 secur32.dll Wed Aug 04 08:56:49 2004 (411096C1)
7c800000 7c8f5000 kernel32 kernel32.dll Mon Apr 16 16:52:53 2007 (46239BD5)
7c900000 7c9b0000 ntdll ntdll.dll Wed Aug 04 08:56:36 2004 (411096B4)
7c9c0000 7d1d6000 shell32 shell32.dll Fri Oct 26 04:36:50 2007 (472160D2)
7e410000 7e4a0000 user32 user32.dll Thu Mar 08 15:36:28 2007 (45F02D7C)
Closing open log file c:temp\debuglog.txt

 

I am having some problems fixing the error?, I have changed the symbol path this doesnt seem to affect the outcome each time it tells me "Your debugger is not using the correct symbols "

I have opened windbg, File, ctrl+s, entered SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

If my understanding is correct from the windows website windbg should download the symbols if not found?, but this obviously is not the case here?

Is there another way to get hold of the symbols?

Thanks
Sean

 

Thank you all for your help

I believe I was getting the wrong symbols as I was opening the incorrect file, a crashdump from dr.watson folder in appdata I have now used one of the latest minidumps instead and this has given the following response

Opened log file 'c:temp\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS2\Minidump\Mini011109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Invalid directory table base value 0x0
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS2;C:\WINDOWS2\system32;C:\WINDOWS2\system32\drivers

"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to load image nt, Win32 error 0n2
Unable to add module at 00000000
Debugger can not determine kernel base address
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a6a0
Debug session time: Sun Jan 11 12:46:52.968 2009 (GMT+0)
System Uptime: 0 days 1:30:01.556

"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to load image nt, Win32 error 0n2
Unable to add module at 00000000
Debugger can not determine kernel base address
Loading Kernel Symbols

Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1902fe, f78baac0, f78ba7bc, f7b9117e}

***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 001902fe
Arg2: f78baac0
Arg3: f78ba7bc
Arg4: f7b9117e

Debugging Details:
------------------

***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.


EXCEPTION_RECORD: f78baac0 -- (.exr 0xfffffffff78baac0)
.exr 0xfffffffff78baac0
ExceptionAddress: 00000000
ExceptionCode: 00000000
ExceptionFlags: 00000000
NumberParameters: 0

CONTEXT: f78ba7bc -- (.cxr 0xfffffffff78ba7bc)
.cxr 0xfffffffff78ba7bc
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=00000000 esp=00000000 ebp=00000000 iopl=0 nv up di pl nz na po nc
cs=0000 ss=0010 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
00000000 ?? ???
.cxr
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x24

LAST_CONTROL_TRANSFER: from 00610067 to 8053356e

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f78ba594 00610067 00650074 0063002e 006d006f 0x8053356e
f78ba5b0 00000000 00000000 00000000 00000000 0x610067


STACK_COMMAND: kb

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUCKET_ID: CORRUPT_MODULELIST

Followup: MachineOwner
---------

eax=ffdff13c ebx=f78baac0 ecx=00000000 edx=00000000 esi=8a508d48 edi=c0000005
eip=8053356e esp=f78ba598 ebp=f78ba5b0 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
8053356e ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
f78ba594 00610067 00650074 0063002e 006d006f 0x8053356e
f78ba5b0 00000000 00000000 00000000 00000000 0x610067
start end module name
Closing open log file c:temp\debuglog.txt


Is this the correct dump?

apologies I usually just check the cause in the windb minidump file the "probably caused by --- "section, missing symbols I had always assumed was an optional setting?