CRITICAL PROCESS DIED BSOD when signing out or shutting down

KarenQJ

KarenQJ

Well-known member
Joined
Oct 19, 2020
Posts
49
Location
Nevada
Happened for the first time days ago. It only happens on Sign out or shutdown. Then it is very slow booting up. ran sfc /scannow . It could not fix all errors. Ran disk doctor from Avast. it could not find errors. Tried disk imaging.... it stopped at 20%. Ran entire system virus scan, but not a boot time scan. nothing found. No new software was installed. Ran Avast out of date driver, but it crashed when trying to install new drivers.

I am not shutting down puter because I cant be certain it will boot up. (then i will have to use phone to try and follow your directions.) Running slow and start up very slow. Thought about using a restore point, but holding off for now.
 

Attachments

Last edited:
Hi KarenQJ,

The dump files collected were bugcheck EF and there were misbehaving Avast drivers.

The Sysnative log collector did not collect event viewer logs.


Please perform the following steps:

1) Uninstall Avast using the applicable uninstall tool:
Avast Uninstall Utility | Download aswClear for Avast Removal

2) Make sure Windows defender is on.

3) Open administrative command prompt (ACP) and type or copy and paste:
4) sfc /scannow
5) dism /online /cleanup-image /scanhealth
6) dism /online /cleanup-image /restorehealth
7) sfc /scannow
8) chkdsk /scan
9) wmic recoveros set autoreboot = false
10) wmic recoveros set DebugInfoType = 7
11) wmic recoveros get autoreboot
12) wmic recoveros get DebugInfoType
13) bcdedit /enum {badmemory}
14) findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
15) copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

16) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

17) Find the new text files on the destop > post a share link using one drive, drop box, or google drive

18) Run the Sysnative log collector to collect new files > upload into the thread

19) Run Crystal Disk standard edition:
CrystalDiskInfo
Post images into the thread.

20) Avast can be reinstalled in 3 days if there are no BSOD or unexpected shutdowns or restarts.
 
Last edited:
I deleted these two files because the original zip file was 39 mb "Please Note: Zip attachment file size limit = 8 MB. If your zip file exceeds 8 MB in size, you can go into the Sysnative output folder (SysnativeFileCollectionApp) in your Documents folder and delete the two Event Viewer Log files (EvtxAppDump.txt and EvtxSysDump.txt), which should be the largest files in the folder. ...."

(I also forgot to say that the zip file above was a 2nd attempt at running your program, not the first; the first one stalled and I had to hit the kill switch)


I won't be doing anything before Thursday.... I have to backup photos from my hd before I shut down again...
 
I'm working on it. The scan health function has been running for 45 minutes and this is all it shows so far. I'll give it another hour or so...
 

Attachments

  • Capture.JPG
    Capture.JPG
    66.7 KB · Views: 9
ok, it's been running an hour, and just popped up at 20%.... so it looks like a long night. I'll post an update tomorrow.
 
Scan health ran overnight and finished. Just doing restorehealth now.(hoping it does not take as long!)
 
OK, ran: Here's the command prompt test results:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

C:\windows\system32>
C:\windows\system32>
C:\windows\system32>dism /online /cleanup-image /scanhealth

Deployment Image Servicing and Management tool
Version: 6.3.9600.19408

Image Version: 6.3.9600.19397

[==========================100.0%==========================]
The component store is repairable.
The operation completed successfully.

C:\windows\system32>dism /online /cleanup-image /restorehealthdism /online /clea
nup-image /restorehealth

Error: 87

The Online option has been duplicated on the command-line.
Remove the duplicate option and try the command again.

The DISM log file can be found at C:\windows\Logs\DISM\dism.log

C:\windows\system32>
C:\windows\system32>
C:\windows\system32>
C:\windows\system32>dism /online /cleanup-image /restorehealth

Deployment Image Servicing and Management tool
Version: 6.3.9600.19408

Image Version: 6.3.9600.19397

[==========================100.0%==========================]

Error: 0x800f0906

The source files could not be downloaded.
Use the "source" option to specify the location of the files that are required t
o restore the feature. For more information on specifying a source location, see
Configure a Windows Repair Source.

The DISM log file can be found at C:\windows\Logs\DISM\dism.log

C:\windows\system32> sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

C:\windows\system32>chkdsk /scan
The type of the file system is NTFS.
Volume label is Windows8_OS.

Stage 1: Examining basic file system structure ...


750336 file records processed.

File verification completed.


29475 large file records processed.


0 bad file records processed.

Stage 2: Examining file name linkage ...


981564 index entries processed.

Index verification completed.


0 unindexed files scanned.


0 unindexed files recovered.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.


115615 data files processed.
CHKDSK is verifying Usn Journal...


33681544 USN bytes processed.

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

934968319 KB total disk space.
598470460 KB in 536601 files.
389988 KB in 115616 indexes.
0 KB in bad sectors.
885567 KB in use by the system.
65536 KB occupied by the log file.
335222304 KB available on disk.

4096 bytes in each allocation unit.
233742079 total allocation units on disk.
83805576 allocation units available on disk.

C:\windows\system32>wmic recoveros set autoreboot = false
Updating property(s) of '\\LENOVAPC-KWM\ROOT\CIMV2:Win32_OSRecoveryConfiguration
.Name="Microsoft Windows 8.1|C:\\windows|\\Device\\Harddisk0\\Partition5"'
Property(s) update successful.

C:\windows\system32>wmic recoveros set DebugInfoType = 7
Updating property(s) of '\\LENOVAPC-KWM\ROOT\CIMV2:Win32_OSRecoveryConfiguration
.Name="Microsoft Windows 8.1|C:\\windows|\\Device\\Harddisk0\\Partition5"'
Property(s) update successful.

C:\windows\system32>wmic recoveros get autoreboot
AutoReboot
FALSE


C:\windows\system32> wmic recoveros get DebugInfoType
DebugInfoType
7


C:\windows\system32>bcdedit /enum {badmemory}

RAM Defects
-----------
identifier {badmemory}

C:\windows\system32>
 
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\windows\system32> bcdedit /enum {badmemory}

RAM Defects
-----------
identifier {badmemory}

C:\windows\system32>findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\
Desktop\sfcdetails.txt"
The system cannot find the path specified.

C:\windows\system32> findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%
\Desktop\sfcdetails.txt"
The system cannot find the path specified.

C:\windows\system32>copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.tx
t"
The system cannot find the path specified.
0 file(s) copied.

C:\windows\system32>
 
#16 and #17 on your list. My desktop location is somehow screwed up.
 

Attachments

  • desktop directory wrong location.JPG
    desktop directory wrong location.JPG
    22.2 KB · Views: 3
Crystal Disk......is there suppose to be more images?
 

Attachments

  • CrystalDiskInfo_20201023201702.png
    CrystalDiskInfo_20201023201702.png
    60.1 KB · Views: 3
Last edited:
First scannow:
Code: 
Windows Resource Protection found corrupt files but was unable to fix some
of them.

Second scannow:
Code: 
Windows Resource Protection found corrupt files and successfully repaired
them.



There were no new BSOD seen in the collected logs.


Please perform the following steps:

1) Run the Windows update troubleshooter > post images of the detailed results

2) Run SFCFix post results or post a share link
SFCFix Official Download - Repair Windows Update

2) Open administrative command prompt (ACP) and type or copy and paste:
4) sfc /scannow
5) dism /online /cleanup-image /scanhealth
6) dism /online /cleanup-image /restorehealth
7) sfc /scannow

8) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

9) Run Sea Tools for Windows
long generic test
Post an image of the test result into the thread
SeaTools for Windows | Seagate
How to use SeaTools for Windows | Seagate Support US

10) Open administrative command prompt (ACP) and type or copy and paste:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

11) Look for a new text fie on the desktop > post a share link into the thread



Code: 
Event[15649]:
  Log Name: System
  Source: Microsoft-Windows-Kernel-General
  Date: 2020-07-27T10:10:49.615
  Event ID: 5
  Task: N/A
  Level: Error
  Opcode: Info
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\SYSTEM
  Computer: LenovaPC-kwm
  Description:
{Registry Hive Recovered} Registry hive (file): '\??\C:\Users\karenwmeyer\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.


Event[20933]:
  Log Name: System
  Source: Microsoft-Windows-Kernel-General
  Date: 2020-06-27T16:36:13.667
  Event ID: 5
  Task: N/A
  Level: Error
  Opcode: Info
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\SYSTEM
  Computer: LenovaPC-kwm
  Description:
{Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-2349697327-1512098843-2417171080-1003-06272020163613448-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.


Code: 
Event[544]:
  Log Name: System
  Source: disk
  Date: 2020-10-18T22:48:36.418
  Event ID: 153
  Task: N/A
  Level: Warning
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: LenovaPC-kwm
  Description:
The IO operation at logical block address 0x2250 for Disk 1 (PDO name: \Device\00000078) was retried.

Event[1112]:
  Log Name: System
  Source: disk
  Date: 2020-10-16T17:19:36.984
  Event ID: 153
  Task: N/A
  Level: Warning
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: LenovaPC-kwm
  Description:
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\0000009b) was retried.

Event[1113]:
  Log Name: System
  Source: disk
  Date: 2020-10-16T17:19:32.871
  Event ID: 153
  Task: N/A
  Level: Warning
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: LenovaPC-kwm
  Description:
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\0000009b) was retried.


Code: 
Event[12883]:
  Log Name: System
  Source: disk
  Date: 2020-08-10T17:13:36.918
  Event ID: 11
  Task: N/A
  Level: Error
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: LenovaPC-kwm
  Description:
The driver detected a controller error on \Device\Harddisk2\DR3.


Event[18648]:
  Log Name: System
  Source: disk
  Date: 2020-07-13T17:18:30.785
  Event ID: 11
  Task: N/A
  Level: Error
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: LenovaPC-kwm
  Description:
The driver detected a controller error on \Device\Harddisk2\DR2.
 
Last edited:
Will post tomorrow. Been at this most of the day .....


I did shut down, and it installed a critical update automatically.
It did restart, with BSOD, however, my SD card drive has disappeared and is not functioning..... and screens are still loading and responding very slow.

1603518332985.png
 
Last edited:
For any BSOD:

a) run the Sysnative log collector to collect new log files

b) open file explorer> this PC > C: > in the right upper corner search for: C:\Windows\memory.dmp
> if the file size is < 1.5 GB then zip > post a separate share link into the thread using one drive, drop box, or google drive




For the earlier scannow search for: CbsPersist*
Post a share link for the recent file results.


Run HD Tune (free version) (all drives)
HD Tune website
Post images into the thread for results on these tabs:
a) Health
b) Benchmark
c) Full error scan


These steps / tests can be performed overnight:
a) Sea Tools for Windows long generic test
b) HD Tune full error scan
 
Last edited:
SFCFix.txt

SFCFix version 3.0.2.1 by niemiro.
Start time: 2020-10-23 22:51:01.327
Microsoft Windows 8.1 Update 3 - amd64
Not using a script file.




AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2020-10-23 22:55:13.381
----------------------EOF-----------------------
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top