CRITICAL_SERVICE_FAILED Blue Screen Error During Boot

tomhunter · Aug 5, 2016

Hi, I'm getting a CRITICAL_SERVICE_FAILED blue screen error during Windows 10 boot. Never done any memory dump analysis before troubleshooting this issue. This is what I've got so far:

Code:

Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.




Loading Dump File [D:\DedicatedDumpFile.sys]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 10240 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.16841.amd64fre.th1_st1.160408-1853
Machine Name:
Kernel base = 0xfffff801`2e073000 PsLoadedModuleList = 0xfffff801`2e398070
Debug session time: Fri Aug  5 23:51:08.526 2016 (UTC + 1:00)
System Uptime: 0 days 0:00:33.265
Loading Kernel Symbols
...............................................................
.....Page 1267db not present in the dump file. Type ".hh dbgerr004" for details
...Page 12827d not present in the dump file. Type ".hh dbgerr004" for details
...............
Loading User Symbols


*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 5A, {1, ffffcf80c2bd4fd0, ffffcf80c0e22fa0, ffffffffc0000428}


Page 1267db not present in the dump file. Type ".hh dbgerr004" for details
Page 1267db not present in the dump file. Type ".hh dbgerr004" for details
Page 12827d not present in the dump file. Type ".hh dbgerr004" for details
Page 12827d not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+7bfc0 )


Followup:     MachineOwner
---------


0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


CRITICAL_SERVICE_FAILED (5a)
Arguments:
Arg1: 0000000000000001
Arg2: ffffcf80c2bd4fd0
Arg3: ffffcf80c0e22fa0
Arg4: ffffffffc0000428


Debugging Details:
------------------




DUMP_CLASS: 1


DUMP_QUALIFIER: 401


BUILD_VERSION_STRING:  10.0.10240.16841 (th1_st1.160408-1853)


DUMP_TYPE:  1


BUGCHECK_P1: 1


BUGCHECK_P2: ffffcf80c2bd4fd0


BUGCHECK_P3: ffffcf80c0e22fa0


BUGCHECK_P4: ffffffffc0000428


BUGCHECK_STR:  0x5A


CPU_COUNT: c


CPU_MHZ: d8b


CPU_VENDOR:  GenuineIntel


CPU_FAMILY: 6


CPU_MODEL: 2c


CPU_STEPPING: 2


DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT


PROCESS_NAME:  System


CURRENT_IRQL:  0


ANALYSIS_SESSION_HOST:  DESKTOP-KTRTOHK


ANALYSIS_SESSION_TIME:  08-05-2016 23:59:10.0619


ANALYSIS_VERSION: 10.0.14321.1024 amd64fre


LAST_CONTROL_TRANSFER:  from fffff8012e6a3c80 to fffff8012e1c24d0


STACK_TEXT:  
ffffd001`309d2978 fffff801`2e6a3c80 : 00000000`0000005a 00000000`00000001 ffffcf80`c2bd4fd0 ffffcf80`c0e22fa0 : nt!KeBugCheckEx
ffffd001`309d2980 fffff801`2e83a489 : ffffe000`d0958788 ffffe000`d0958788 ffffd001`309d2cb0 ffffe000`d09586d0 : nt! ?? ::NNGAKEGL::`string'+0x7bfc0
ffffd001`309d2c50 fffff801`2e85193e : fffff801`00000000 ffffcf80`c28b2fd0 00000000`00000000 fffff801`2ca08360 : nt!IopInitializeSystemDrivers+0x149
ffffd001`309d2ce0 fffff801`2e5f01de : 00020000`00000000 fffff801`2ca08360 ffffe000`cec6f318 fffff801`2e44c740 : nt!IoInitSystem+0x16
ffffd001`309d2d10 fffff801`2e13276c : ffffe000`cec5d040 00000000`00011000 00000000`00010222 00000000`00000020 : nt!Phase1Initialization+0x2a
ffffd001`309d2d40 fffff801`2e1c75b6 : fffff801`2e3d6180 ffffe000`cec5d040 fffff801`2e44c740 00000000`00011000 : nt!PspSystemThreadStartup+0x58
ffffd001`309d2da0 00000000`00000000 : ffffd001`309d3000 ffffd001`309cd000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16




STACK_COMMAND:  kb


THREAD_SHA1_HASH_MOD_FUNC:  c2ec6d5fba058f88abd685e5ce911ab6efb35aa9


THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  4751125317ead56b42c1720f6f51efc5ce83e1fd


THREAD_SHA1_HASH_MOD:  30a3e915496deaace47137d5b90c3ecc03746bf6


FOLLOWUP_IP: 
nt! ?? ::NNGAKEGL::`string'+7bfc0
fffff801`2e6a3c80 cc              int     3


FAULT_INSTR_CODE:  e8d233cc


SYMBOL_STACK_INDEX:  1


SYMBOL_NAME:  nt! ?? ::NNGAKEGL::`string'+7bfc0


FOLLOWUP_NAME:  MachineOwner


MODULE_NAME: nt


IMAGE_NAME:  ntkrnlmp.exe


DEBUG_FLR_IMAGE_TIMESTAMP:  5708b3c8


IMAGE_VERSION:  10.0.10240.16841


BUCKET_ID_FUNC_OFFSET:  7bfc0


FAILURE_BUCKET_ID:  0x5A_VRF_nt!_??_::NNGAKEGL::_string_


BUCKET_ID:  0x5A_VRF_nt!_??_::NNGAKEGL::_string_


PRIMARY_PROBLEM_CLASS:  0x5A_VRF_nt!_??_::NNGAKEGL::_string_


TARGET_TIME:  2016-08-05T22:51:08.000Z


OSBUILD:  10240


OSSERVICEPACK:  16841


SERVICEPACK_NUMBER: 0


OS_REVISION: 0


SUITE_MASK:  272


PRODUCT_TYPE:  1


OSPLATFORM_TYPE:  x64


OSNAME:  Windows 10


OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS


OS_LOCALE:  


USER_LCID:  0


OSBUILD_TIMESTAMP:  2016-04-09 08:48:24


BUILDDATESTAMP_STR:  160408-1853


BUILDLAB_STR:  th1_st1


BUILDOSVER_STR:  10.0.10240.16841


ANALYSIS_SESSION_ELAPSED_TIME: 10d9


ANALYSIS_SOURCE:  KM


FAILURE_ID_HASH_STRING:  km:0x5a_vrf_nt!_??_::nngakegl::_string_


FAILURE_ID_HASH:  {d1b217da-873f-0565-00cb-19f656a552b5}


Followup:     MachineOwner
---------


0: kd> !verifier


Verify Flags Level 0x000209bb


  STANDARD FLAGS:
    [X] (0x00000000) Automatic Checks
    [X] (0x00000001) Special pool
    [X] (0x00000002) Force IRQL checking
    [X] (0x00000008) Pool tracking
    [X] (0x00000010) I/O verification
    [X] (0x00000020) Deadlock detection
    [X] (0x00000080) DMA checking
    [X] (0x00000100) Security checks
    [X] (0x00000800) Miscellaneous checks
    [X] (0x00020000) DDI compliance checking


  ADDITIONAL FLAGS:
    [ ] (0x00000004) Randomized low resources simulation
    [ ] (0x00000200) Force pending I/O requests
    [ ] (0x00000400) IRP logging
    [ ] (0x00002000) Invariant MDL checking for stack
    [ ] (0x00004000) Invariant MDL checking for driver
    [ ] (0x00008000) Power framework delay fuzzing
    [ ] (0x00010000) Port/miniport interface checking
    [ ] (0x00040000) Systematic low resources simulation
    [ ] (0x00080000) DDI compliance checking (additional)
    [ ] (0x00200000) NDIS/WIFI verification
    [ ] (0x00800000) Kernel synchronization delay fuzzing
    [ ] (0x01000000) VM switch verification
    [ ] (0x02000000) Code integrity checks


    [X] Indicates flag is enabled




Summary of All Verifier Statistics


  RaiseIrqls           0x44a2
  AcquireSpinLocks     0x499e5
  Synch Executions     0x0
  Trims                0x414


  Pool Allocations Attempted             0x2fcf66
  Pool Allocations Succeeded             0x2fcf66
  Pool Allocations Succeeded SpecialPool 0x2fcf66
  Pool Allocations With NO TAG           0x4
  Pool Allocations Failed                0x0


  Current paged pool allocations         0x174db for 028296D5 bytes
  Peak paged pool allocations            0x177d4 for 028D54BD bytes
  Current nonpaged pool allocations      0x7b63 for 011779F2 bytes
  Peak nonpaged pool allocations         0x7b6b for 01178B7A bytes


0: kd> !verifier 0x40
Force Pending log is empty.
0: kd> !verifier 0x1


Verify Flags Level 0x000209bb


  STANDARD FLAGS:
    [X] (0x00000000) Automatic Checks
    [X] (0x00000001) Special pool
    [X] (0x00000002) Force IRQL checking
    [X] (0x00000008) Pool tracking
    [X] (0x00000010) I/O verification
    [X] (0x00000020) Deadlock detection
    [X] (0x00000080) DMA checking
    [X] (0x00000100) Security checks
    [X] (0x00000800) Miscellaneous checks
    [X] (0x00020000) DDI compliance checking


  ADDITIONAL FLAGS:
    [ ] (0x00000004) Randomized low resources simulation
    [ ] (0x00000200) Force pending I/O requests
    [ ] (0x00000400) IRP logging
    [ ] (0x00002000) Invariant MDL checking for stack
    [ ] (0x00004000) Invariant MDL checking for driver
    [ ] (0x00008000) Power framework delay fuzzing
    [ ] (0x00010000) Port/miniport interface checking
    [ ] (0x00040000) Systematic low resources simulation
    [ ] (0x00080000) DDI compliance checking (additional)
    [ ] (0x00200000) NDIS/WIFI verification
    [ ] (0x00800000) Kernel synchronization delay fuzzing
    [ ] (0x01000000) VM switch verification
    [ ] (0x02000000) Code integrity checks


    [X] Indicates flag is enabled




Summary of All Verifier Statistics


  RaiseIrqls           0x44a2
  AcquireSpinLocks     0x499e5
  Synch Executions     0x0
  Trims                0x414


  Pool Allocations Attempted             0x2fcf66
  Pool Allocations Succeeded             0x2fcf66
  Pool Allocations Succeeded SpecialPool 0x2fcf66
  Pool Allocations With NO TAG           0x4
  Pool Allocations Failed                0x0


  Current paged pool allocations         0x174db for 028296D5 bytes
  Peak paged pool allocations            0x177d4 for 028D54BD bytes
  Current nonpaged pool allocations      0x7b63 for 011779F2 bytes
  Peak nonpaged pool allocations         0x7b6b for 01178B7A bytes


Driver Verification List
------------------------


nt!_VF_TARGET_DRIVER 0xffffe000cec18260: hal.dll (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2eea0: kdcom.dll (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2ecb0: mcupdate.dll (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2fea0: werkernel.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2fcc0: CLFS.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec30d60: tm.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec31e50: PSHED.dll (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec22b70: BOOTVID.dll (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec22930: cmimcext.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec22750: ntosext.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec28fc0: CI.dll (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec28cf0: msrpc.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec28a20: FLTMGR.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2dea0: ksecdd.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2db50: clipsp.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2d840: Wdf01000.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec2d4f0: WDFLDR.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec3aea0: acpiex.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec3ab40: WppRecorder.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec3a960: cng.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec3a610: ACPI.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec3a2c0: WMILIB.SYS (Loaded)
  MODULE: 0xffffe000cec3a200 SymELAM.sys (Unloaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec43dc0: WindowsTrustedRT.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec43b90: WindowsTrustedRTProxy.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec439b0: pcw.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec43650: msisadrv.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec433f0: pci.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec431b0: vdrvroot.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec44d60: pdc.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec44a40: CEA.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec44770: partmgr.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec44410: spaceport.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec441e0: volmgr.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec45d60: volmgrx.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec45a10: vmci.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec456c0: vsock.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec45360: mountmgr.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec46030: iaStorAV.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec46cd0: storport.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec46970: EhStorClass.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec46610: fileinfo.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec462c0: Wof.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec460d0: WdFilter.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec47d60: NTFS.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec47a10: Fs_Rec.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec477b0: ndis.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec47460: NETIO.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec47160: ksecpkg.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec48d30: tcpip.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec489d0: fwpkclnt.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec486d0: wfplwfs.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec48370: SYMEFASI64.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec49030: fvevol.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec49ce0: volsnap.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec49980: rdyboost.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec49630: mup.sys (Loaded)
  MODULE: 0xffffe000cec49440 hwpolicy.sys (Hasn't loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec49280: disk.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000cec4afc0: CLASSPNP.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d2d74b20: crashdmp.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d2dad230: dump_storport.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d2d60170: dump_iaStorAV.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d2da4e20: dump_dumpfve.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d36f61e0: ccSetx64.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d371afc0: tbs.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d364c9e0: filecrypt.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3776330: Ironx64.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d36a78b0: SYMEVENT64x86.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3880750: Null.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3767930: Beep.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3702320: Npfs.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3718200: Msfs.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3748850: TDI.SYS (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3683db0: tdx.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d36f2e50: ws2ifsl.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d363faf0: netbt.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d363fa20: afd.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d37d0260: vfilter.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d37d3370: vwififlt.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d37ed9e0: pacer.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d38328f0: netbios.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d37d3560: winhvr.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d37d31b0: hvservice.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d3835430: rdbss.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d38eb110: csc.sys (Loaded)
nt!_VF_TARGET_DRIVER 0xffffe000d37e5440: SRTSPX64.SYS (Loaded)
0: kd> !running -it


System Processors:  (0000000000000fff)
  Idle Processors:  (0000000000000ffa)


       Prcbs             Current         (pri) Next            (pri) Idle
  0    fffff8012e3d6180  ffffe000cec5d040 (31)                       fffff8012e44c740  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`309d2978 fffff801`2e6a3c80 nt!KeBugCheckEx
01 ffffd001`309d2980 fffff801`2e83a489 nt! ?? ::NNGAKEGL::`string'+0x7bfc0
02 ffffd001`309d2c50 fffff801`2e85193e nt!IopInitializeSystemDrivers+0x149
03 ffffd001`309d2ce0 fffff801`2e5f01de nt!IoInitSystem+0x16
04 ffffd001`309d2d10 fffff801`2e13276c nt!Phase1Initialization+0x2a
05 ffffd001`309d2d40 fffff801`2e1c75b6 nt!PspSystemThreadStartup+0x58
06 ffffd001`309d2da0 00000000`00000000 nt!KiStartSystemThread+0x16


  1    ffffd00130936180  ffffd00130942dc0 ( 0)                       ffffd00130942dc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b59b998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b59b9a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b59b9d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b59bc40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b59bda0 00000000`00000000 nt!KiIdleLoop+0x2c


  2    ffffd0012b640180  ffffe000d2d91040 ( 8)                       ffffd0012b64cdc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2cca0c90 fffff801`2e09efec nt!RtlpLookupFunctionEntryForStackWalks+0xd0
01 ffffd001`2cca0d00 fffff801`2e09eaef nt!RtlpWalkFrameChain+0x2fc
02 ffffd001`2cca1430 fffff801`2e09e9cc nt!RtlWalkFrameChain+0x8f
03 ffffd001`2cca1480 fffff801`2e7b23d8 nt!RtlCaptureStackBackTrace+0x44
04 ffffd001`2cca14b0 fffff801`2e7b248b nt!IovpLogStackCallout+0x1c
05 ffffd001`2cca14e0 fffff801`2e7a24fd nt!ViPoolLogStackTrace+0x9f
06 ffffd001`2cca1520 fffff801`5eba9592 nt!VeAllocatePoolWithTagPriority+0x2f5
07 ffffd001`2cca1590 fffff801`2e7a25ff VerifierExt!ExAllocatePoolWithTagPriority_internal_wrapper+0x82
*** ERROR: Module load completed but symbols could not be loaded for SYMEFASI64.SYS
08 ffffd001`2cca15d0 fffff801`5fb29358 nt!VerifierExAllocatePoolEx+0x4f
09 ffffd001`2cca1610 fffff801`5fb9e29a SYMEFASI64+0x29358
0a ffffd001`2cca1640 fffff801`5fba62de SYMEFASI64+0x9e29a
0b ffffd001`2cca1680 fffff801`5fba67a0 SYMEFASI64+0xa62de
0c ffffd001`2cca16d0 fffff801`5fb9efbe SYMEFASI64+0xa67a0
0d ffffd001`2cca1750 fffff801`5fbc8844 SYMEFASI64+0x9efbe
0e ffffd001`2cca17d0 fffff801`5fbd2207 SYMEFASI64+0xc8844
0f ffffd001`2cca1800 fffff801`5fbd5346 SYMEFASI64+0xd2207
10 ffffd001`2cca1870 fffff801`5fbd4b5d SYMEFASI64+0xd5346
11 ffffd001`2cca1900 fffff801`5fbcca5d SYMEFASI64+0xd4b5d
12 ffffd001`2cca1970 fffff801`5fbcccc6 SYMEFASI64+0xcca5d
13 ffffd001`2cca1a10 fffff801`5fbc9869 SYMEFASI64+0xcccc6
14 ffffd001`2cca1a80 fffff801`5fbc9593 SYMEFASI64+0xc9869
15 ffffd001`2cca1ae0 fffff801`5fbbc72d SYMEFASI64+0xc9593
16 ffffd001`2cca1b10 fffff801`5fb9dc21 SYMEFASI64+0xbc72d
17 ffffd001`2cca1b80 fffff801`5fb9d9d8 SYMEFASI64+0x9dc21
18 ffffd001`2cca1c90 fffff801`5fb9d9d8 SYMEFASI64+0x9d9d8
19 ffffd001`2cca1da0 fffff801`5fb9dd37 SYMEFASI64+0x9d9d8
1a ffffd001`2cca1eb0 fffff801`5fbc87e8 SYMEFASI64+0x9dd37
1b ffffd001`2cca1f10 fffff801`5fbbc4b1 SYMEFASI64+0xc87e8
1c ffffd001`2cca1f60 fffff801`5fbbea98 SYMEFASI64+0xbc4b1
1d ffffd001`2cca2060 fffff801`5fbbee24 SYMEFASI64+0xbea98
1e ffffd001`2cca20c0 fffff801`5fbbf637 SYMEFASI64+0xbee24
1f ffffd001`2cca2210 fffff801`5fbbfdd0 SYMEFASI64+0xbf637
20 ffffd001`2cca2250 fffff801`5fbbf4a1 SYMEFASI64+0xbfdd0
21 ffffd001`2cca2290 fffff801`5fb3e556 SYMEFASI64+0xbf4a1
22 ffffd001`2cca23e0 fffff801`5fbc15db SYMEFASI64+0x3e556
23 ffffd001`2cca2420 fffff801`5fb3b486 SYMEFASI64+0xc15db
24 ffffd001`2cca2460 fffff801`5fb3c1a1 SYMEFASI64+0x3b486
25 ffffd001`2cca2680 fffff801`5fb3c4c4 SYMEFASI64+0x3c1a1
26 ffffd001`2cca26b0 fffff801`5fb3cb57 SYMEFASI64+0x3c4c4
27 ffffd001`2cca2720 fffff801`5fb2bbaf SYMEFASI64+0x3cb57
28 ffffd001`2cca2810 fffff801`5fb240d2 SYMEFASI64+0x2bbaf
29 ffffd001`2cca28f0 fffff801`5fb24759 SYMEFASI64+0x240d2
2a ffffd001`2cca2950 fffff801`5fbf77fc SYMEFASI64+0x24759
2b ffffd001`2cca2a70 fffff801`2e13276c SYMEFASI64+0xf77fc
2c ffffd001`2cca2d40 fffff801`2e1c75b6 nt!PspSystemThreadStartup+0x58
2d ffffd001`2cca2da0 00000000`00000000 nt!KiStartSystemThread+0x16


  3    ffffd0012b6c0180  ffffd0012b6ccdc0 ( 0)                       ffffd0012b6ccdc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b6ea998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b6ea9a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b6ea9d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b6eac40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b6eada0 00000000`00000000 nt!KiIdleLoop+0x2c


  4    ffffd0012b739180  ffffd0012b745dc0 ( 0)                       ffffd0012b745dc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b763998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b7639a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b7639d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b763c40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b763da0 00000000`00000000 nt!KiIdleLoop+0x2c


  5    ffffd0012b7b6180  ffffd0012b7c2dc0 ( 0)                       ffffd0012b7c2dc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b7e0998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b7e09a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b7e09d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b7e0c40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b7e0da0 00000000`00000000 nt!KiIdleLoop+0x2c


  6    ffffd0012b840180  ffffd0012b84cdc0 ( 0)                       ffffd0012b84cdc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b86a998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b86a9a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b86a9d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b86ac40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b86ada0 00000000`00000000 nt!KiIdleLoop+0x2c


  7    ffffd0012b8bd180  ffffd0012b8c9dc0 ( 0)                       ffffd0012b8c9dc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b8e7998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b8e79a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b8e79d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b8e7c40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b8e7da0 00000000`00000000 nt!KiIdleLoop+0x2c


  8    ffffd0012b93a180  ffffd0012b946dc0 ( 0)                       ffffd0012b946dc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b964998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b9649a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b9649d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b964c40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b964da0 00000000`00000000 nt!KiIdleLoop+0x2c


  9    ffffd0012b9b7180  ffffd0012b9c3dc0 ( 0)                       ffffd0012b9c3dc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2b9e1998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2b9e19a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2b9e19d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2b9e1c40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2b9e1da0 00000000`00000000 nt!KiIdleLoop+0x2c


 10    ffffd0012ba40180  ffffd0012ba4cdc0 ( 0)                       ffffd0012ba4cdc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2ba6a998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2ba6a9a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2ba6a9d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2ba6ac40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2ba6ada0 00000000`00000000 nt!KiIdleLoop+0x2c


 11    ffffd0012babd180  ffffd0012bac9dc0 ( 0)                       ffffd0012bac9dc0  ................


 # Child-SP          RetAddr           Call Site
00 ffffd001`2bae7998 fffff801`2e1a7296 hal!HalProcessorIdle+0xf
01 ffffd001`2bae79a0 fffff801`2e0d4813 nt!PpmIdleDefaultExecute+0xa
02 ffffd001`2bae79d0 fffff801`2e0d39ed nt!PpmIdleExecuteTransition+0xc73
03 ffffd001`2bae7c40 fffff801`2e1c51fc nt!PoIdle+0x33d
04 ffffd001`2bae7da0 00000000`00000000 nt!KiIdleLoop+0x2c


0: kd> !pcr 0
KPCR for Processor 0 at fffff8012e3d6000:
    Major 1 Minor 1
    NtTib.ExceptionList: fffff8012ff20000
        NtTib.StackBase: fffff8012ff21070
       NtTib.StackLimit: 0000000000000000
     NtTib.SubSystemTib: fffff8012e3d6000
          NtTib.Version: 000000002e3d6180
      NtTib.UserPointer: fffff8012e3d67f0
          NtTib.SelfTib: 0000000000000000


                SelfPcr: 0000000000000000
                   Prcb: fffff8012e3d6180
                   Irql: 0000000000000000
                    IRR: 0000000000000000
                    IDR: 0000000000000000
          InterruptMode: 0000000000000000
                    IDT: 0000000000000000
                    GDT: 0000000000000000
                    TSS: 0000000000000000


          CurrentThread: ffffe000cec5d040
             NextThread: 0000000000000000
             IdleThread: fffff8012e44c740


              DpcQueue: Unable to read nt!_KDPC_DATA.DpcListHead.Flink @ fffff8012e3d8f00

I'm not sure what to make of the above.. Any insight or suggestions are much appreciated.

xilolee · Aug 6, 2016

Hi tomhunter. :welcome:

Read Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 & Vista (click) and post the logs here (if you are able to create them...).

:wave:

tomhunter · Aug 7, 2016

Hi xilolee, pleae find the output from the Sysnative BSOD Dump + System File Collection App attached.

View attachment SysnativeFileCollectionApp.zip

I have tried to generate the 'perfmon' report, but it seems to hang at the following (I've left it for well over 60 seconds):

Additional answers:

OS - Windows 10, 8.1, 8, 7, Vista ?
- Windows 10
x86 (32-bit) or x64 ?
- x64
What was original installed OS on system?
- Blank HDD
Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)?
- Installed from MSDN Subscription
Age of system (hardware)
- ? HP Z400 bought second hand
Age of OS installation - have you re-installed the OS?
- 9 months
CPU
- Intel Xeon W3690
Video Card
- NVIDIA Quadro FX 580
MotherBoard - (if NOT a laptop)
- ? HP Z400
Power Supply - brand & wattage (if laptop, skip this one)
- ?
System Manufacturer
- HP
Exact model number (if laptop, check label on bottom)
- Z400 Workstation
Laptop or Desktop?
- Desktop

Please let me know if you need any further information.

Thanks,
Tom

xilolee · Aug 7, 2016

There aren't dumps or minidumps in your file: did you remove them? (I can't do much with them, but the bsod experts yes...)
Did you remove some paths from the path variable?

I'd try to run Intel® Driver Update Utility (click).

tomhunter · Aug 7, 2016

Hi xilolee, the trouble is that I'm getting the blue screen error during boot. I can't even get into Windows in safe mode. I have temporarily installed a fresh Windows 10 installation onto a different hard drive on the same machine in order to try to debug the issue with the broken Windows 10 environment. Therefore I ran the Sysnative BSOD Dump + System File Collection App form this temporary fresh Windows 10 installation (where there are no memory dumps).

Here is a dump file from the broken installation (335MB): Dropbox - DUMP0ec5.tmp
Here is a 12GB dump file from the broken installation: Dropbox - DedicatedDumpFile.sys
Here is the same 12GB dump file compressed using 7-Zip (27MB): Dropbox - DedicatedDumpFile.7z

Thanks,
Tom

xilolee · Aug 7, 2016

Sorry I MUST write this; this is the only help on that bugcheck from microsoft:

Bug Check 0x5A: CRITICAL_SERVICE_FAILED
The CRITICAL_SERVICE_FAILED bug check has a value of 0x0000005A.
This bug check appears very infrequently.

Thanks microsoft.

tomhunter said:
Here is a dump file from the broken installation (335MB): Dropbox - DUMP0ec5.tmp

The dump seems broken, too.

Jared · Aug 10, 2016

~~Hmm, do you have a large memory dump in C:\Windows\MEMORY.dmp?~~ Found it in your previous post.
This looks interesting.

Code:

0: kd> !thread ffffe000373cf040
THREAD ffffe000373cf040  Cid 0004.0178  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 2
Not impersonating
DeviceMap                 ffffc000f801a9f0
Owning Process            ffffe00036091840       Image:         System
Attached Process          N/A            Image:         N/A
Wait Start TickCount      435            Ticks: 0
Context Switch Count      42709          IdealProcessor: 1             
UserTime                  00:00:00.000
KernelTime                00:00:04.656
Win32 Start Address SYMEFASI64 (0xfffff801e1347424)
Stack Init ffffd000dce92dd0 Current ffffd000dce91bc0
Base ffffd000dce93000 Limit ffffd000dce8d000 Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd000`dce91d48 ffffc000`f88a15d8 : ffffc000`f88a15d8 fffff801`e12fd991 00000000`00000080 b1fc7c57`402babe5 : SYMEFASI64+0xb74e9
ffffd000`dce91d50 ffffc000`f88a15d8 : fffff801`e12fd991 00000000`00000080 b1fc7c57`402babe5 ffffd000`dce92010 : 0xffffc000`f88a15d8
ffffd000`dce91d58 fffff801`e12fd991 : 00000000`00000080 b1fc7c57`402babe5 ffffd000`dce92010 fffff801`e12fd960 : 0xffffc000`f88a15d8
ffffd000`dce91d60 fffff801`e13061ae : 00000000`00000000 00000000`00000040 00000000`0000003f ffffc000`f88a15d8 : SYMEFASI64+0xad991
ffffd000`dce91d90 fffff801`e12fa040 : ffffc000`f9180538 ffffc000`fc2b4be0 b1fc7c57`402babe5 ffffd000`dce92010 : SYMEFASI64+0xb61ae
ffffd000`dce91e00 fffff801`e12fa434 : ffffc000`f9180538 00000000`00000000 ffffc000`f94c9aa8 00000000`00000001 : SYMEFASI64+0xaa040
ffffd000`dce91e80 fffff801`e12fa827 : 00000000`00000000 ffffc000`f94c9aa8 ffffc000`00000012 00000000`00000000 : SYMEFASI64+0xaa434
ffffd000`dce91f40 fffff801`e12f2ec3 : ffffc000`f95d6df8 ffffc000`fc2b4bc8 00000000`00000200 00000000`00000200 : SYMEFASI64+0xaa827
ffffd000`dce91fd0 fffff801`e12eb6c1 : ffffd000`dce922a8 ffffc000`f81f17e9 ffffc000`fc1a3498 97790421`f31cf307 : SYMEFASI64+0xa2ec3
ffffd000`dce92050 fffff801`e1306f28 : ffffc000`fc1a3418 ffffc000`fc11d018 ffffc000`f95d6df8 00000000`00000000 : SYMEFASI64+0x9b6c1
ffffd000`dce920a0 fffff801`e12fbd0b : 00000000`00000000 fffff801`e12ea969 ffffc000`fa095958 fffff801`e1279414 : SYMEFASI64+0xb6f28
ffffd000`dce920f0 fffff801`e13326de : 00000000`00000000 00000000`00000000 00000000`00000200 00000000`00000000 : SYMEFASI64+0xabd0b
ffffd000`dce92170 fffff801`e12fd928 : ffffc000`f81f17e9 ffffc000`fc70dee0 ffffc000`fa095958 00000000`00000020 : SYMEFASI64+0xe26de
ffffd000`dce92290 fffff801`e132db19 : 00000000`00000000 ffffc000`f81f17e9 00000000`00000200 ffffc000`f81f13fc : SYMEFASI64+0xad928
ffffd000`dce922d0 fffff801`e1326d46 : 00000000`00000000 ffffc000`f81caf30 00000000`00000000 fffff801`e131951e : SYMEFASI64+0xddb19
ffffd000`dce92310 fffff801`e132353f : ffffc000`f81caef8 ffffc000`fa095958 fffff801`e1374d30 fffff801`e128d41a : SYMEFASI64+0xd6d46
ffffd000`dce92360 fffff801`e131360a : ffffc000`f81caef8 ffffc000`fa5c8a58 fffff801`e1374d30 00000000`00000000 : SYMEFASI64+0xd353f
ffffd000`dce923c0 fffff801`e131376f : ffffc000`00000000 ffffc000`f81caef8 ffffc000`fc6ce8a8 ffffc000`fa822928 : SYMEFASI64+0xc360a
ffffd000`dce92400 fffff801`e128b836 : ffffc000`f81caef8 ffffc000`fa5c8a58 ffffd000`db78f000 00000000`000007ff : SYMEFASI64+0xc376f
ffffd000`dce92460 fffff801`e128c1a1 : ffffc000`fc6ce8a8 ffffc000`fab956e0 ffffc000`fc70dee8 ffffc000`fc70dec8 : SYMEFASI64+0x3b836
ffffd000`dce92680 fffff801`e128c4c4 : ffffc000`fc70def0 ffffc000`fc70dee8 ffffc000`fc70dee8 00000000`00000000 : SYMEFASI64+0x3c1a1
ffffd000`dce926b0 fffff801`e128cb57 : 00000000`00002b8e ffffc000`fc6ce8a8 ffffc000`fab956c8 00000000`00000000 : SYMEFASI64+0x3c4c4
ffffd000`dce92720 fffff801`e127bbaf : 00000000`00000000 ffffc000`f8329f38 00000000`00000001 ffffc000`fc6ce8a8 : SYMEFASI64+0x3cb57
ffffd000`dce92810 fffff801`e12740d2 : ffffc000`f8329f38 ffffe000`373cece8 fffff801`e1352a68 ffffe000`373cece8 : SYMEFASI64+0x2bbaf
ffffd000`dce928f0 fffff801`e1274759 : 00000000`00000000 00000000`00000000 00000000`00000001 fffff801`e12e9a00 : SYMEFASI64+0x240d2
ffffd000`dce92950 fffff801`e13477fc : ffffe000`373cece8 00000000`00000080 ffffffff`80000028 ffffe000`36091840 : SYMEFASI64+0x24759
ffffd000`dce92a70 fffff803`9bf4276c : 00000000`00000000 ffffe000`373cf040 00000000`00000080 fffff803`9bfd74e0 : SYMEFASI64+0xf77fc
ffffd000`dce92d40 fffff803`9bfd75b6 : ffffd000`db7ee180 ffffe000`373cf040 ffffd000`db7fadc0 ffffc000`f81326c0 : nt!PspSystemThreadStartup+0x58
ffffd000`dce92da0 00000000`00000000 : ffffd000`dce93000 ffffd000`dce8d000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

0: kd> !error ffffffffc0000428
Error code: (NTSTATUS) 0xc0000428 (3221226536) - Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

//Looking at the parameters, they are both addresses of the Named Pipe Service Triggers, a file system minifilter driver.

0: kd> dc ffffe00039bd5230
ffffe000`39bd5230  0044005c 00690072 00650076 005c0072  \.D.r.i.v.e.r.\.
ffffe000`39bd5240  0070006e 00760073 00740063 00690072  n.p.s.v.c.t.r.i.
ffffe000`39bd5250  39bd0067 ffffe000 00000000 00000000  g..9............
ffffe000`39bd5260  020c0004 6c734d46 00000007 00000000  ....FMsl........
ffffe000`39bd5270  00a8f201 00000000 00000000 00000000  ................
ffffe000`39bd5280  00000000 00000000 37386010 ffffe000  .........`87....
ffffe000`39bd5290  fa8f37b0 ffffc000 e0096350 fffff801  .7......Pc......
ffffe000`39bd52a0  39bd2870 ffffe000 39bd2bc0 ffffe000  p(.9.....+.9....

Pooltag FMsl
Description: STREAM_LIST_CTRL structure
Driver!Module: fltmgr.sys

Looks like Symantec corrupted the Named Pipe Service Triggers or something, maybe overflowed a stack, given the huge amount of internal calls on that thread stack trace.

tomhunter · Aug 13, 2016

Hi Jared, thanks for looking into this. I was just wondering if you had any further pointers? Is there any way to fix a corrupted Named Pipe Service Trigger (or even confirm if this is the problem)? Many thanks

Jared · Aug 13, 2016

I can't be 100% certain, but it doesn't look like the Named Pipe Service Trigger module is permanently corrupted, as it loads from disk. It's just Symantec causing it to crash, I think.
Start by removing that.

tomhunter · Aug 13, 2016

Hi Jared, I've attempted to disable Symantec / Norton Internet Security by setting the Start value of the Symantec related Services registry keys to 4 (disabled). Unfortunately I'm still getting the blue screen crash when I try to boot into the broken Windows installation.

With regards to the analysis you did above, how did you know to query that specific thread (ffffe000373cf040)?

Thanks,
Tom

Jared · Aug 13, 2016

Hmm, if you can't even boot Windows into safe mode, I'm afraid (that I know of), there isn't much else you can do.
I couldn't tell you exactly what caused it to crash as the entire bugcheck is undocumented, so it's merely an educated guess.

Only thing I can think of is to temporarily disable driver signatures by pressing F8 on boot. Then you might be able to remove Symantec completely, and disable a lot of startup programs.

tomhunter · Aug 14, 2016

OK. In the end I gave up and just re-installed Windows. Thanks for your help however Jared.

Jared · Aug 14, 2016

It's usually the easier option when you get boot errors like that, unless it's imperative that you keep that install, I'd just reinstall.

CRITICAL_SERVICE_FAILED Blue Screen Error During Boot

tomhunter

Member

xilolee

Moderator

tomhunter

Member

xilolee

Moderator

tomhunter

Member

xilolee

Moderator

Jared

Sysnative Staff, BSOD Kernel Dump Expert

tomhunter

Member

Jared

Sysnative Staff, BSOD Kernel Dump Expert

tomhunter

Member

Jared

Sysnative Staff, BSOD Kernel Dump Expert

tomhunter

Member

Jared

Sysnative Staff, BSOD Kernel Dump Expert