Jump to content

Windows has recovered from an unexpected shutdown


jsac

Recommended Posts

This appears once every other week or so:  "Windows has recovered from an unexpected shutdown."  I came up to the laptop, and it was restarting, but no one had been on it.  When I clicked on the internet icon that was a frozen circle, it said "Windows explorer has stopped working".  I clicked for a solution, and the main screen reloaded.  Then the window "Windows has recovered from an unexpected shutdown" appeared.

perfmon.zip

SysnativeFileCollectionApp.zip

Link to post
Share on other sites

Only 232 Windows Update hotfixes installed.  Most systems with SP1 have 350-400 or more.  Please visit Windows Update and get ALL available updates (it may take several trips to get them all).
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

Unfortunately, I'm not able to open the MSINFO32 report.  This sometimes happens when using different languaged (I use US English)
You can try generating it again and then zip and upload it to see if that helps

The memory dump doesn't show much.  I'd suggest running Driver Verifier according to these instructions:  https://www.carrona.org/verifier.html

The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:

**************************Tue Nov 27 19:56:46.014 2018 (UTC - 5:00)**************************


Loading Dump File [C:\Users\john\SysnativeBSODApps\112718-77033-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
System Uptime:0 days 3:43:22.027
Probably caused by :ntkrnlmp.exe ( nt!KiSwapContext+7a )
BugCheck 1000009F, {4, 258, fffffa8006d14040, fffff80000b9c520}
BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
    subsystem.
Arg2: 0000000000000258, Timeout in seconds.
Arg3: fffffa8006d14040, The thread currently holding on to the Pnp lock.
Arg4: fffff80000b9c520, nt!TRIAGE_9F_PNP on Win7 and higher
BUGCHECK_STR:  0x9F
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_0x9F_4_nt!KiSwapContext+7a
CPUID:        "Genuine Intel(R) CPU           U4100  @ 1.30GHz"
MaxSpeed:     1300
CurrentSpeed: 1296
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Link to post
Share on other sites

I searched manually for updates several times.  Several installed including (which I have opted not to install in the past) optional updates.  The exception was one titled HP USB - 12-15-2017 - 44.3.3601.17339.  It said Update Failed with error code 800F020B.  After updating, each time I tried to open the browser, it said This Page Cannot be Displayed - when I logged off and back on, I accessed the internet fine.  Also, I have attached a new copy of the zip file I think you were referring to - hopefully, you can open it.  As to www.carrona.org, I have created a System Repair Disk, and I tested it by attempting to boot from it, and I was able to do so, up to the screen with all of the options including System Restore, Command Prompt, etc.  But do I really want to intentionally stress - and crash - this computer?  Seems a bit of an extreme measure.  Let me know.

perfmon.zip

Link to post
Share on other sites

The perfmon report isn't the one that I'd like to see, rather it's the MSINFO32 report

Go to the Run dialog (Win and R keys) and type in MSINFO32

When the report opens, click File...SaVE as and save as an NFO file

Zip that report up and upload it with your next post


As for Driver Verifier, the current dump file doesn't point to a particular driver, rather it blames the operating system.

If it was the operating system that had a problem, you'd be experiencing more problems than just the occasional BSOD.

 

The biggest danger of Driver Verifier is losing what you were working on when it crashes.
That can't be helped if you want to have a better shot at locating the problem driver

The other way to do this would be to try a clean install of Windows
this would wipe out everything on the computer
A clean install would tend to rule out 3rd party dirvers and Windows - so if the problem continued then, it'd be due to hardware

Link to post
Share on other sites

I just ran Driver Verifier, according to the instructions (as best I could) from the web page you suggested.  Computer crashed about 90 seconds after the main screen appeared, then rebooted, then crashed again, then rebooted.  After the 3rd crash, I rebooted in Safe Mode and found a Minidump file that I have attached.  I then turned DV off in Safe Mode and did a regular reboot.  I have more info if you need it.

Minidump.zip

Link to post
Share on other sites

Sorry, but life interfered :(  I had to work overtime yesterday, and when I got home I just collapsed!

The good news is that the memory dumps blame narcpi_wfp.sys - which is a driver named NARC Packet Informant (WFP)  and is from a company named Content Watch  https://www.contentwatch.com/

Most cases that I was able to find about this related to a program called Net Nanny, but they could also use that driver in other similar products that they provide.
Do you have such a program on your computer?  If so, please uninstall it and test to see if that stops the BOSD's (with Driver Verifier).

If it doesn't BSOD anymore, then please turn Driver Verifier off
To do this, open up verifier.exe and select "Delete existing settings:, then click on "Finish" in the lower right
Then reboot for the setttings to take effect.

If it doesn't stop it, please post back and I'll provide detailed instructions for manually removing the driver.

Again, I'm sorry for not getting back to you when I promised.  Good luck!

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Fri Nov 30 16:31:25.729 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\113018-19687-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
System Uptime:0 days 0:03:12.758
*** WARNING: Unable to verify timestamp for narcpi_wfp.sys
*** ERROR: Module load completed but symbols could not be loaded for narcpi_wfp.sys
Probably caused by :narcpi_wfp.sys ( narcpi_wfp+42e5 )
BugCheck C4, {f6, 3e4, fffffa8009fa9620, fffff880039182e5}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 00000000000003e4, Handle value being referenced.
Arg3: fffffa8009fa9620, Address of the current process.
Arg4: fffff880039182e5, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  mbamtray.exe
FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_narcpi_wfp+42e5
CPUID:        "Genuine Intel(R) CPU           U4100  @ 1.30GHz"
MaxSpeed:     1300
CurrentSpeed: 1296
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Nov 30 16:27:44.475 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\113018-21777-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
System Uptime:0 days 0:03:07.520
*** WARNING: Unable to verify timestamp for narcpi_wfp.sys
*** ERROR: Module load completed but symbols could not be loaded for narcpi_wfp.sys
Probably caused by :narcpi_wfp.sys ( narcpi_wfp+42e5 )
BugCheck C4, {f6, 3dc, fffffa800851ab00, fffff880035602e5}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 00000000000003dc, Handle value being referenced.
Arg3: fffffa800851ab00, Address of the current process.
Arg4: fffff880035602e5, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  mbamtray.exe
FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_narcpi_wfp+42e5
CPUID:        "Genuine Intel(R) CPU           U4100  @ 1.30GHz"
MaxSpeed:     1300
CurrentSpeed: 1296
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Nov 30 16:24:01.796 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\113018-22464-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
System Uptime:0 days 0:02:44.715
*** WARNING: Unable to verify timestamp for narcpi_wfp.sys
*** ERROR: Module load completed but symbols could not be loaded for narcpi_wfp.sys
Probably caused by :narcpi_wfp.sys ( narcpi_wfp+42e5 )
BugCheck C4, {f6, 3c8, fffffa8007ba4b00, fffff880026762e5}
BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 00000000000003c8, Handle value being referenced.
Arg3: fffffa8007ba4b00, Address of the current process.
Arg4: fffff880026762e5, Address inside the driver that is performing the incorrect reference.
BUGCHECK_STR:  0xc4_f6
PROCESS_NAME:  mbamtray.exe
FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_narcpi_wfp+42e5
CPUID:        "Genuine Intel(R) CPU           U4100  @ 1.30GHz"
MaxSpeed:     1300
CurrentSpeed: 1296
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Nov 27 19:56:46.014 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\112718-77033-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
System Uptime:0 days 3:43:22.027
Probably caused by :ntkrnlmp.exe ( nt!KiSwapContext+7a )
BugCheck 1000009F, {4, 258, fffffa8006d14040, fffff80000b9c520}
BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f)
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
    subsystem.
Arg2: 0000000000000258, Timeout in seconds.
Arg3: fffffa8006d14040, The thread currently holding on to the Pnp lock.
Arg4: fffff80000b9c520, nt!TRIAGE_9F_PNP on Win7 and higher
BUGCHECK_STR:  0x9F
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_0x9F_4_nt!KiSwapContext+7a
CPUID:        "Genuine Intel(R) CPU           U4100  @ 1.30GHz"
MaxSpeed:     1300
CurrentSpeed: 1296
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
 


3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:
**************************Fri Nov 30 16:31:25.729 2018 (UTC - 5:00)**************************
bcmwl664.sys                Tue Jul  7 20:45:04 2009 (4A53EC10)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
igdkmd64.sys                Fri Feb 11 14:16:32 2011 (4D558B10)
Rt64win7.sys                Fri Jun 10 02:33:15 2011 (4DF1BAAB)
GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
narcpi_wfp.sys              Mon Feb 29 14:39:47 2016 (56D49E83)
MpFilter.sys                Mon Aug  8 19:01:17 2016 (57A90F3D)
mbamswissarmy.sys           Wed Sep 26 09:20:26 2018 (5BAB879A)
intelppm.sys                Sat Nov 10 19:43:12 2018 (5BE77B20)
 


http://www.carrona.org/drivers/driver.php?id=bcmwl664.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
narcpi_wfp.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=MpFilter.sys
http://www.carrona.org/drivers/driver.php?id=mbamswissarmy.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys

 

 

 

Link to post
Share on other sites

No problem with your delay in getting back to me!  I appreciate your help!  Yes, I do have Net Nanny installed - a very good filter, but I'll uninstall it and then run DV to see if I get any more BSOD's.  Then to stop DV, I'll do as you suggest.  Last time, I stopped it from Safe Mode.  Question:  when I run DV, how long should I leave it running to see if I get a BSOD?  When I ran it before, the BSOD occurred within about 90 seconds of the main screen appearing.

I won't uninstall Net Nanny and run DV till tomorrow.  I want to contact Net Nanny and let them know of the problem - can't do that till tomorrow afternoon.

Thanks again for your help.

Jeff

Link to post
Share on other sites

There's no real exact answer for how long Driver Verifier should run.
I suggest 36 hours - but that's just so I can be sure that any tasks that run daily will be active during that time.

The driver can have several problems:
- it can become corrupted - causing the BSOD
- it can conflict with Windows - causing the BSOD
- it can conflict with other (non-Windows) drivers - causing the BSOD.
- it can be sound (no problem), but another driver can cause it to crash - causing the BSOD

Uninstalling is just to test.  You can feel free to reinstall after testing.
Then, if the problem doesn't come back - then it was a corruption that caused the problem (and you fixed it by reinstalling).
 

Link to post
Share on other sites

The longer you leave it powered on, the longeer it's likely to find a glitch.
that being said, there's also something to be said for running the ysstem as you normally would - as that may be more likely to trigger a problem.

If the NetNanny driver is no longer in memory, the chances are good that it won't BSOD, but...remember the possibilities I mentioned above:
The driver can have several problems:
- it can become corrupted - causing the BSOD
- it can conflict with Windows - causing the BSOD
- it can conflict with other (non-Windows) drivers - causing the BSOD.
- it can be sound (no problem), but another driver can cause it to crash - causing the BSOD

So, it's possible (but not real likely) that the Driver Verifier could point out another driver problem.
So, we wait and see.......

Good luck!

Link to post
Share on other sites

If the system didn't crash, then there won't be anything in the Minidump folder

In that case, just turn Driver Verifier off.
If you'd like, you can reinstall Net Nanny and see if the BSOD's are gone for good.

Good luck!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.