Solved

Windows 7 Blue Screen of Death minidump analysis request

Posted on 2014-07-25
4
716 Views
Last Modified: 2016-11-23
Greetings wise wizards of EE:

I am helping a friend with a Dell Windows 7 laptop, which produces the dreaded Blue Screen of Death shortly after the Microsoft Windows "splash" screen, right before the desktop appears.

All methods to restore this machine via the built-in recovery tools (such as System Restore) have failed, so I pulled the hard drive and connected it to a healthy computer via a USB to SATA adapter. I am backing up his data, and I recovered the latest Minidump file from the C:\Windows\Minidump folder.

I am requesting an analysis of the attached Minidump file, so that I may properly tackle his dilemma, once the cause has been determined. Though I am grateful for all assistance, I would ask for a specific analysis of the attached Minidump file, rather than just general security or maintenance advice.

Many thanks in advance,

Zovoth
070513-16567-01.dmp
0
Comment
Question by:zovoth
  • 2
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
n2fc earned 500 total points
ID: 40220690
The dump analysis is below...

A link to MS codes related to the dump is here:
http://msdn.microsoft.com/en-us/library/ff559329(v=vs.85).aspx

Looks  like a bad driver...
Did you try booting into SAFE MODE?


Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, Inc.

Show DivPrimary Analysis

Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`03652000 PsLoadedModuleList = 0xfffff800`03895670
Debug session time: Sat Jul  6 00:16:04.634 2013 (UTC - 4:00)
System Uptime: 0 days 18:09:03.680
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time (usually 10 minutes).
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
	subsystem.
Arg2: 0000000000000258, Timeout in seconds.
Arg3: fffffa8007277040, The thread currently holding on to the Pnp lock.
Arg4: fffff80000b9c510, nt!TRIAGE_9F_PNP on Win7

Debugging Details:
------------------

Implicit thread is now fffffa80`07277040
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

DRVPOWERSTATE_SUBCODE:  4

FAULTING_THREAD:  fffffa8007277040

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x9F

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800036bd612 to fffff800036caa7a

STACK_TEXT:  
fffff880`033a8580 fffff800`036bd612 : fffffa80`07277040 fffffa80`07277040 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x7a
fffff880`033a86c0 fffff800`036ca0da : fffff8a0`00001910 00000000`00000dec fffff8a0`00000000 00000000`00000200 : nt!KiCommitThreadWait+0x1d2
fffff880`033a8750 fffff800`03935404 : fffffa80`00000003 fffff880`033a8a68 00000000`00000001 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x272
fffff880`033a8a10 fffff800`03a6a079 : 00000000`00000000 fffffa80`0b00ed90 fffff8a0`0e158010 00000000`00000000 : nt!PnpNotifyUserMode+0x158
fffff880`033a8a90 fffff800`03b450d1 : 00000000`00000000 00000000`00000000 fffff8a0`0e158010 00000000`00000000 : nt!PnpNotifyUserModeDeviceRemoval+0x49
fffff880`033a8ae0 fffff800`03b4580c : fffff880`033a8cb8 00000000`00000000 fffff8a0`04b01900 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0xb51
fffff880`033a8c20 fffff800`03a2e9ae : 00000000`00000000 fffffa80`0df40110 fffff8a0`0e158010 00000000`00000001 : nt!PnpProcessTargetDeviceEvent+0x4c
fffff880`033a8c50 fffff800`036d1251 : fffff800`03934b98 fffff8a0`0e158010 fffff800`0386d2d8 fffffa80`07277040 : nt! ?? ::NNGAKEGL::`string'+0x552ab
fffff880`033a8cb0 fffff800`03965ede : 00000000`00000000 fffffa80`07277040 00000000`00000080 fffffa80`07264740 : nt!ExpWorkerThread+0x111
fffff880`033a8d40 fffff800`036b8906 : fffff880`031d5180 fffffa80`07277040 fffff880`031dffc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033a8d80 00000000`00000000 : fffff880`033a9000 fffff880`033a3000 fffff880`033a75f0 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  .thread 0xfffffa8007277040 ; kb

FOLLOWUP_IP: 
nt!KiSwapContext+7a
fffff800`036caa7a 488d8c2400010000 lea     rcx,[rsp+100h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!KiSwapContext+7a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

FAILURE_BUCKET_ID:  X64_0x9F_4_nt!KiSwapContext+7a

BUCKET_ID:  X64_0x9F_4_nt!KiSwapContext+7a

Followup: MachineOwner
---------


This free analysis is provided by OSR Open Systems Resources, Inc.
Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)

Open in new window

0
 

Author Comment

by:zovoth
ID: 40220741
Greetings n2Fc:

Many thanks for your rapid reply... to answer your question, yes I did try to boot to safe mode, to no avail. The BSOD appears just prior to the desktop appearing...

... any thoughts on which driver is bad?

Many thanks,

Zovoth
0
 
LVL 19

Expert Comment

by:n2fc
ID: 40220755
Based on the mini-dump you provided it is dying in the kernel...

For further analysis,  you would need to upload a kernel dump (which might not have been taken if the system was not setup to do so)...

If you have it, I can try analyzing further,,,

See: http://msdn.microsoft.com/en-us/library/windows/hardware/ff551867(v=vs.85).aspx
for info on this type of dump & where it can be found...


Also, see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff542953(v=vs.85).aspx

for how to enable...
0
 

Author Closing Comment

by:zovoth
ID: 40220783
Greetings n2Fc:

Many thanks for your follow-up, it is greatly appreciated.

The data back up for this machine also contained multiple Internet threats, so that combined with the funky driver issue is prompting me to simply cut to the chase & complete a system reformat & reconstruction.

Thanks again for your timely wisdom, and may the wind be at your back.

Zovoth
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Lockdown of laptops 10 37
Roaming Profiles 8 59
Read-only access for auditors 5 41
Folder size tool 6 60
A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now