locked
What exactly caused my computer to crash and why is it taking so long to start up now? RRS feed

  • Question

  • This computer has crashed with the event log id of 41. The details are as follows:

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> 
      <EventID>41</EventID> 
      <Version>2</Version> 
      <Level>1</Level> 
      <Task>63</Task> 
      <Opcode>0</Opcode> 
      <Keywords>0x8000000000000002</Keywords> 
      <TimeCreated SystemTime="2014-08-27T13:25:06.813216400Z" /> 
      <EventRecordID>48078</EventRecordID> 
      <Correlation /> 
      <Execution ProcessID="4" ThreadID="8" /> 
      <Channel>System</Channel> 
      <Computer>Cathys-PC</Computer> 
      <Security UserID="S-1-5-18" /> 
      </System>
    - <EventData>
      <Data Name="BugcheckCode">244</Data> 
      <Data Name="BugcheckParameter1">0x3</Data> 
      <Data Name="BugcheckParameter2">0xfffffa8008dcf9e0</Data> 
      <Data Name="BugcheckParameter3">0xfffffa8008dcfcc0</Data> 
      <Data Name="BugcheckParameter4">0xfffff800031d5270</Data> 
      <Data Name="SleepInProgress">false</Data> 
      <Data Name="PowerButtonTimestamp">0</Data> 
      </EventData>
      </Event>
    After this, the computer takes a long time to start up. Actually, it spends most of its time before the initial windows splash screen. When trying to get to the BIOS, it also took a long time. I pressed delete and saw the text "entering setup" for at least a minute. 

    Saturday, August 30, 2014 4:56 PM

Answers

  • FT

    This one was related to a critical process being killed by your Avast.  This is why we ask for 2 DMP files so that we can verify results.  I would  Avast and use MSE in its place

    Avast  can be a  contributing cause of BSOD'S . 
    Please remove and replace  with Microsoft Security Essentials AT LEAST TO TEST

    http://files.avast.com/files/eng/aswclear5.exe
    http://www.microsoft.com/security_essentials/

    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\082714-16458-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
    Machine Name:
    Kernel base = 0xfffff800`02e5a000 PsLoadedModuleList = 0xfffff800`0309d890
    Debug session time: Wed Aug 27 09:24:09.216 2014 (UTC - 4:00)
    System Uptime: 0 days 1:11:42.012
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...................................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck F4, {3, fffffa8008dcf9e0, fffffa8008dcfcc0, fffff800031d5270}
    
    *** WARNING: Unable to verify timestamp for aswSP.sys
    *** ERROR: Module load completed but symbols could not be loaded for aswSP.sys
    ----- ETW minidump data unavailable-----
    Probably caused by : csrss.exe
    
    Followup: MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    CRITICAL_OBJECT_TERMINATION (f4)
    A process or thread crucial to system operation has unexpectedly exited or been
    terminated.
    Several processes and threads are necessary for the operation of the
    system; when they are terminated (for any reason), the system can no
    longer function.
    Arguments:
    Arg1: 0000000000000003, Process
    Arg2: fffffa8008dcf9e0, Terminating object
    Arg3: fffffa8008dcfcc0, Process image file name
    Arg4: fffff800031d5270, Explanatory message (ascii)
    
    Debugging Details:
    ------------------
    
    ----- ETW minidump data unavailable-----
    
    KERNEL_LOG_FAILING_PROCESS:  (null)
    
    PROCESS_OBJECT: fffffa8008dcf9e0
    
    IMAGE_NAME:  csrss.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    MODULE_NAME: csrss
    
    FAULTING_MODULE: 0000000000000000 
    
    PROCESS_NAME:  csrss.exe
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    BUGCHECK_STR:  0xF4_c0000005
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    CURRENT_IRQL:  0
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    STACK_TEXT:  
    fffff880`08bd1978 fffff800`0325dab2 : 00000000`000000f4 00000000`00000003 fffffa80`08dcf9e0 fffffa80`08dcfcc0 : nt!KeBugCheckEx
    fffff880`08bd1980 fffff800`03208abb : ffffffff`ffffffff fffffa80`06b70520 fffffa80`08dcf9e0 fffffa80`08dcf9e0 : nt!PspCatchCriticalBreak+0x92
    fffff880`08bd19c0 fffff800`03187f04 : ffffffff`ffffffff 00000000`00000001 fffffa80`08dcf9e0 fffff880`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
    fffff880`08bd1a10 fffff880`040108d9 : fffffa80`08dcf9e0 fffff880`c0000005 00000000`00000000 00000000`0000021c : nt!NtTerminateProcess+0xf4
    fffff880`08bd1a90 fffffa80`08dcf9e0 : fffff880`c0000005 00000000`00000000 00000000`0000021c 00000009`00000002 : aswSP+0x108d9
    fffff880`08bd1a98 fffff880`c0000005 : 00000000`00000000 00000000`0000021c 00000009`00000002 ffffffff`ffffffff : 0xfffffa80`08dcf9e0
    fffff880`08bd1aa0 00000000`00000000 : 00000000`0000021c 00000009`00000002 ffffffff`ffffffff 00000000`c0000005 : 0xfffff880`c0000005
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    IMAGE_VERSION:  
    
    FAILURE_BUCKET_ID:  X64_0xF4_c0000005_IMAGE_csrss.exe
    
    BUCKET_ID:  X64_0xF4_c0000005_IMAGE_csrss.exe
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0xf4_c0000005_image_csrss.exe
    
    FAILURE_ID_HASH:  {92bd9bcd-069a-8a82-1b78-cb81a61ff626}
    
    Followup: MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by Karen Hu Monday, September 8, 2014 6:00 AM
    Sunday, August 31, 2014 7:28 PM
  • Hi,

    To check the slow startup issue, you can try following method:

    First, test whether this issue happens when booting into Clean boot:

    How to perform a clean boot
    http://support.microsoft.com/kb/929135
     
    If the issue doesn’t appear, you can determine which one can be the cause by using dichotomy in MSconfig. Checking on half of Non-Microsoft service and restart, determining which half of the services cause the issue and repeating to check half of the problematic half services.

    If the issue still persists in Clean boot mode, please help to use xperf to collect the boot trace for our research:

    How to collect a good boot trace on Windows 7

    http://blogs.technet.com/b/jeff_stokes/archive/2012/09/17/how-to-collect-a-good-boot-trace-on-windows-7.aspx

    Please upload the etl file into Onedrive or similar network drive and share the link here.


    Kate Li
    TechNet Community Support

    • Marked as answer by Karen Hu Monday, September 8, 2014 6:00 AM
    Tuesday, September 2, 2014 8:50 AM

All replies

  •  We do need the actual log file (called a DMP file) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.  
    We prefer at least 2 DMP files to spot trends and confirm the cause.

    Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
    If you have any questions about the procedure please ask

    If you are using Blue screen view, who crashed, or a similar application, don't.  They are wrong at least as often as they are correct

    Wanikiya and Dyami--Team Zigzag

    Saturday, August 30, 2014 5:35 PM
  • Hi

    Looks like  your machine went into hibernation and then crashed. Hibernation puts everything into memory and then needs to restore it again.

    Try turning off hibernation and then see if the problem persists.


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Saturday, August 30, 2014 5:36 PM
  • https://onedrive.live.com/redir?resid=CF0E0375DD66B99E!106&authkey=!AKaINt_IqLJmSok&ithint=file%2crar
    Sunday, August 31, 2014 4:57 PM
  • FT

    This one was related to a critical process being killed by your Avast.  This is why we ask for 2 DMP files so that we can verify results.  I would  Avast and use MSE in its place

    Avast  can be a  contributing cause of BSOD'S . 
    Please remove and replace  with Microsoft Security Essentials AT LEAST TO TEST

    http://files.avast.com/files/eng/aswclear5.exe
    http://www.microsoft.com/security_essentials/

    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\082714-16458-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
    Machine Name:
    Kernel base = 0xfffff800`02e5a000 PsLoadedModuleList = 0xfffff800`0309d890
    Debug session time: Wed Aug 27 09:24:09.216 2014 (UTC - 4:00)
    System Uptime: 0 days 1:11:42.012
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...................................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck F4, {3, fffffa8008dcf9e0, fffffa8008dcfcc0, fffff800031d5270}
    
    *** WARNING: Unable to verify timestamp for aswSP.sys
    *** ERROR: Module load completed but symbols could not be loaded for aswSP.sys
    ----- ETW minidump data unavailable-----
    Probably caused by : csrss.exe
    
    Followup: MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    CRITICAL_OBJECT_TERMINATION (f4)
    A process or thread crucial to system operation has unexpectedly exited or been
    terminated.
    Several processes and threads are necessary for the operation of the
    system; when they are terminated (for any reason), the system can no
    longer function.
    Arguments:
    Arg1: 0000000000000003, Process
    Arg2: fffffa8008dcf9e0, Terminating object
    Arg3: fffffa8008dcfcc0, Process image file name
    Arg4: fffff800031d5270, Explanatory message (ascii)
    
    Debugging Details:
    ------------------
    
    ----- ETW minidump data unavailable-----
    
    KERNEL_LOG_FAILING_PROCESS:  (null)
    
    PROCESS_OBJECT: fffffa8008dcf9e0
    
    IMAGE_NAME:  csrss.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    MODULE_NAME: csrss
    
    FAULTING_MODULE: 0000000000000000 
    
    PROCESS_NAME:  csrss.exe
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    BUGCHECK_STR:  0xF4_c0000005
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    CURRENT_IRQL:  0
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    STACK_TEXT:  
    fffff880`08bd1978 fffff800`0325dab2 : 00000000`000000f4 00000000`00000003 fffffa80`08dcf9e0 fffffa80`08dcfcc0 : nt!KeBugCheckEx
    fffff880`08bd1980 fffff800`03208abb : ffffffff`ffffffff fffffa80`06b70520 fffffa80`08dcf9e0 fffffa80`08dcf9e0 : nt!PspCatchCriticalBreak+0x92
    fffff880`08bd19c0 fffff800`03187f04 : ffffffff`ffffffff 00000000`00000001 fffffa80`08dcf9e0 fffff880`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
    fffff880`08bd1a10 fffff880`040108d9 : fffffa80`08dcf9e0 fffff880`c0000005 00000000`00000000 00000000`0000021c : nt!NtTerminateProcess+0xf4
    fffff880`08bd1a90 fffffa80`08dcf9e0 : fffff880`c0000005 00000000`00000000 00000000`0000021c 00000009`00000002 : aswSP+0x108d9
    fffff880`08bd1a98 fffff880`c0000005 : 00000000`00000000 00000000`0000021c 00000009`00000002 ffffffff`ffffffff : 0xfffffa80`08dcf9e0
    fffff880`08bd1aa0 00000000`00000000 : 00000000`0000021c 00000009`00000002 ffffffff`ffffffff 00000000`c0000005 : 0xfffff880`c0000005
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    IMAGE_VERSION:  
    
    FAILURE_BUCKET_ID:  X64_0xF4_c0000005_IMAGE_csrss.exe
    
    BUCKET_ID:  X64_0xF4_c0000005_IMAGE_csrss.exe
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0xf4_c0000005_image_csrss.exe
    
    FAILURE_ID_HASH:  {92bd9bcd-069a-8a82-1b78-cb81a61ff626}
    
    Followup: MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by Karen Hu Monday, September 8, 2014 6:00 AM
    Sunday, August 31, 2014 7:28 PM
  • It's only happened once, that's why I only had one dmp file. Thank you for your input and I will try that. 

    And about the slow startup, could that be due to memory testing?

    Monday, September 1, 2014 3:48 PM
  • Hi,

    To check the slow startup issue, you can try following method:

    First, test whether this issue happens when booting into Clean boot:

    How to perform a clean boot
    http://support.microsoft.com/kb/929135
     
    If the issue doesn’t appear, you can determine which one can be the cause by using dichotomy in MSconfig. Checking on half of Non-Microsoft service and restart, determining which half of the services cause the issue and repeating to check half of the problematic half services.

    If the issue still persists in Clean boot mode, please help to use xperf to collect the boot trace for our research:

    How to collect a good boot trace on Windows 7

    http://blogs.technet.com/b/jeff_stokes/archive/2012/09/17/how-to-collect-a-good-boot-trace-on-windows-7.aspx

    Please upload the etl file into Onedrive or similar network drive and share the link here.


    Kate Li
    TechNet Community Support

    • Marked as answer by Karen Hu Monday, September 8, 2014 6:00 AM
    Tuesday, September 2, 2014 8:50 AM