Manually removed rogue software, restarted and blue screen, CRITICAL_PROCESS_DIED, attached DMP file analysis results
Friend used my computer to download software, downloaded a pile of rogue software: 360 browser, Ludashi master, picture viewer, computer restoration master and so on...
Deleted rogue software files, related services stopped, related regedit deleted, leaving several .sys files can not be deleted, I followed a online answer to rename them and reboot, if all goes well, I can delete them
Unfortunately, after reboot, my screen became bule...The stop code: CRITICAL_PROCESS_DIED, cannot self-repaired and into the safe mode
Please save me, almighty community god
Loading User Symbols
......
Loading unloaded module list
.................
For analysis of this file, run !analyze -v
0: kd> !analyze -v
- *
- Bugcheck Analysis *
- *
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffd0878d2bb080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
Page 2004ba29a too large to be in the dump file.
Page 2004b8c77 too large to be in the dump file.
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
SYSTEM_MANUFACTURER: TR
SYSTEM_PRODUCT_NAME: G150T-S5
SYSTEM_SKU: Not Applicable
SYSTEM_VERSION: Not Applicable
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1.05.02
BIOS_DATE: 04/01/2016
BASEBOARD_MANUFACTURER: TR
BASEBOARD_PRODUCT: G150T-S5
BASEBOARD_VERSION: Not Applicable
DUMP_TYPE: 1
BUGCHECK_P1: ffffd0878d2bb080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
EXCEPTION_CODE: (HRESULT) 0x8d2ba340 (2368447296) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0x8d2ba340 - <Unable to get error code text>
CPU_COUNT: 8
CPU_MHZ: a20
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: D6'00000000 (cache) D6'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: ZIYAYANG-PC
ANALYSIS_SESSION_TIME: 02-19-2022 10:20:48.0060
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
LAST_CONTROL_TRANSFER: from fffff807842cae89 to fffff80783bc14e0
STACK_TEXT:
ffffc786893cf838 fffff807
842cae89 : 00000000000000ef ffffd087
8d2bb080 0000000000000000 00000000
00000000 : nt!KeBugCheckEx
ffffc786893cf840 fffff807
841c75c1 : ffffd0878d2bb080 fffff807
83a9c769 ffffd0878d2bb080 fffff807
83a9c8c0 : nt!PspCatchCriticalBreak+0x115
ffffc786893cf8e0 fffff807
84039fc0 : ffffd08700000000 00000000
00000000 ffffd0878d2bb080 ffffd087
8d2bb080 : nt!PspTerminateAllThreads+0x175e3d
ffffc786893cf950 fffff807
84039da9 : ffffffffffffffff ffffc786
893cfa80 ffffd0878d2bb080 ffffc786
893cf901 : nt!PspTerminateProcess+0xe0
ffffc786893cf990 fffff807
83bd2d15 : ffffd087000001f8 ffffd087
8d2ba340 ffffd0878d2bb080 000002b2
470055e5 : nt!NtTerminateProcess+0xa9
ffffc786893cfa00 00007ff9
ce53c644 : 00007ff787f3177b 000002b2
470053f0 000002b2470055e5 00000000
0000007c : nt!KiSystemServiceCopyEnd+0x25
000000cc03b3fd38 00007ff7
87f3177b : 000002b2470053f0 000002b2
470055e5 000000000000007c 000002b2
470055e5 : ntdll!NtTerminateProcess+0x14
000000cc03b3fd40 00007ff7
87f31311 : 000002b2470055e5 00000000
0000000b 0000000000000001 00000000
0000000d : csrss!main+0x42b
000000cc03b3fd80 00007ff7
87f31026 : 0000000000000000 00000000
0000000a 0000000000000000 00000000
00000000 : csrss!NtProcessStartup_AfterSecurityCookieInitialized+0x2e1
000000cc03b3fe10 00007ff9
ce50cedf : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : csrss!NtProcessStartup+0x16
000000cc03b3fe40 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : ntdll!RtlUserThreadStart+0x2f
THREAD_SHA1_HASH_MOD_FUNC: 8db425cf0a36127b5bcc0773f2d7250976d41454
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 06e48006b94f5f0194041c6e6ebfe4ab0124bfdd
THREAD_SHA1_HASH_MOD: b23b58f331f7d856e76ca5bf03ff9d670600d544
FOLLOWUP_IP:
ntdll!NtTerminateProcess+14
00007ff9`ce53c644 c3 ret
FAULT_INSTR_CODE: c32ecdc3
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: ntdll!NtTerminateProcess+14
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 14
FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_8d2ba340_ntdll!NtTerminateProcess
BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_8d2ba340_ntdll!NtTerminateProcess
PRIMARY_PROBLEM_CLASS: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_8d2ba340_ntdll!NtTerminateProcess
TARGET_TIME: 2022-02-15T04:47:51.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 08:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 3306c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xef_csrss.exe_bugcheck_critical_process_8d2ba340_ntdll!ntterminateprocess
FAILURE_ID_HASH: {fbb366ac-84ea-fd93-e914-3f46e4d06eb1}