BSOD, incomplete dump

rdanner3 · 31 Aug 2010

Attempted to do the requested script-run, but a BSoD interrupted that, with no mini-dump. Still trying to figure out why it's not consistently doing the mini-dumps.

Below is as much info as I could catch. I will also include what was captured by the script prior to the BSoD that killed the session.
------
Machine: Toshiba Satellite A505-S6005
Current OS: Win7 Home Premium x64
Original OS: Win7 Home Premium x64
OEM (Toshiba)
Hardware age: 5-6 months
OS age: 5-6 months (original as installed by Toshiba)
------
BSoD (recorded below, manually, thanks to my fiancée loaning her machine for a little while) is very consistent, even if nothing is done with the machine in normal mode. Safe mode does not BSoD.

A device driver attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version.

STOP: 0x000000c4 (0x0000000000000081, 0xFFFFF980707BEFC0, 0x0000000000000082, 0x0000000000000000)

BSoD not properly saving mini-dump. Hangs at "Initializing disk for crash dump ..." (Is this related to the below? Dunno.)

ElRawDisk.SYS has been blamed at least three times, but other drivers have as well. Only one mini-dump has been saved, to my knowledge.

usasma · 02 Sep 2010

There are problems with SPLDR in Device Manager. In most cases that I've seen, this is due to a malware infection. Please do this:

Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised: Malware (read the details at the link)

And, since you have Norton, please do this:

Anti-Virus Removal:
Please do the following:
- download a free antivirus for testing purposes: Free AntiVirus
- uninstall the Norton from your system (you can reinstall it, if so desired, when we're done troubleshooting)
- remove any remnants of Norton using this free tool: KB Article Not Found
- IMMEDIATELY install and update the free antivirus
- check to see if this fixes the BSOD's

Please try these diagnostics just in case there's a hardware component to the errors:

H/W Diagnostics:
Please start by running these bootable hardware diagnostics:
Memory Diagnostics (read the details at the link)
HD Diagnostic (read the details at the link)

If those diagnostics pass, then:
- update all drivers from the System Manufacturer's website (even if you already have the latest version).
- visit Windows Update, get any remaining updates

What was the name of the driver associated with the STOP: 0x000000c4 error? That's a Driver Verifier error and it should be the one to blame. If it's the ElRawDisk.SYS driver, then you'll have to uninstall the program that uses it. If you don't know which program it is, then rename the file to ElRawDisk.BAK and see what program it breaks.

Finally, just in case, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Please set things up so you can leave the computer overnight the next time it crashes - and see if that helps with the generation of a dump file.

rdanner3 · 02 Sep 2010

usasma";936171]There are problems with SPLDR in Device Manager. In most cases that I've seen, this is due to a malware infection. Please do this:
[QUOTE]Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised: [URL="http://www.carrona.org/malware.html said:

Malware[/URL] (read the details at the link)

Nothing. Nada. Tried McAfee, F-Secure and BitDefender's online scanners (had already scanned with TrendMicro's HouseCall, with nothing found). Only one of the three showed anything... and it was simply a "suspicious". (see below)

Code:

McAfee FreeScan: Nothing found.
BitDefender QuickScan: Nothing found.
F-Secure Online Scanner: W32/Malware!Gemini (in file BestCash418.exe)
      VirusTotal reported a possible score of 4.3% of BestCash418.exe being a problem file. (Of the three detections, two were from F-Secure products)
Scan with AVG 9.0 (fully updated, in safe-mode) showed nothing.

H/W Diagnostics:
Please start by running these bootable hardware diagnostics:
Memory Diagnostics (read the details at the link)
HD Diagnostic (read the details at the link)

All tests passed. (Have SpinRite 6 (bootable CD from **Home of Gibson Research Corporation**) and it probably does more than any of the tests linked on the page.)

What was the name of the driver associated with the STOP: 0x000000c4 error? That's a Driver Verifier error and it should be the one to blame. If it's the ElRawDisk.SYS driver, then you'll have to uninstall the program that uses it. If you don't know which program it is, then rename the file to ElRawDisk.BAK and see what program it breaks.

As shown in my initial post, no DLL or SYS file was mentioned in the BSoD. Yes, I agree: 0xc4 IS a Driver Verifier error, but I've yet to see actual proof that any specific driver is at fault; ElRawDisk.sys is but one of several I've seen fail, and the only one I could remember. (BSoDs with that file are consistently during installation of software, BTW.)

Finally, just in case, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Not found.

Please set things up so you can leave the computer overnight the next time it crashes - and see if that helps with the generation of a dump file.

Will do... though I've not seen evidence it will work as yet.

reventon · 03 Sep 2010

rdanner3 said:

Yes, I agree: 0xc4 IS a Driver Verifier error, but I've yet to see actual proof that any specific driver is at fault; ElRawDisk.sys is but one of several I've seen fail, and the only one I could remember. (BSoDs with that file are consistently during installation of software, BTW.)

If it's a 3rd party driver and flagged by Driver Verifier - the general rule is to remove it from the situation.

Disable it via Autoruns.

Save this program to the desktop: http://live.sysinternals.com/autoruns.exe

Right-click on it -> Select run-as-admin.

Once loaded, go to the Driver Tab and untick the box beside ElRawDisk

Then re-boot.

rdanner3 · 07 Sep 2010

reventon said:

rdanner3 said:

Yes, I agree: 0xc4 IS a Driver Verifier error, but I've yet to see actual proof that any specific driver is at fault; ElRawDisk.sys is but one of several I've seen fail, and the only one I could remember. (BSoDs with that file are consistently during installation of software, BTW.)

If it's a 3rd party driver and flagged by Driver Verifier - the general rule is to remove it from the situation.

Disable it via Autoruns.

Save this program to the desktop: http://live.sysinternals.com/autoruns.exe

Right-click on it -> Select run-as-admin.

Once loaded, go to the Driver Tab and untick the box beside ElRawDisk

Then re-boot.

Did that, BSODs still constant and consistently not saving minidumps, while very occasionally flagging (mostly Microsoft) drivers/components as culprits. Can't run the machine without one EXCEPT in Safe Mode (Don't like it, either, and it has very little to do with the fact I have no sound in Safe Mode and a lot to do with security... or lack thereof).

Trying to figure out if there is a way to legally do an in-place update (i.e.: restore from OEM DVD to original directories, keeping everything I can in place) or if I'm gonna have to finish backing up (almost done... except for way too many DVD images!), restore from Toshiba's partitions, and be two to three weeks

restoring the machine to actually usable with none of the crapware.

[rant]

You know, if OEMs would simply provide copies of the OS media (retail or OEM) they actually USED to install (like used to be the normal case), or even System Recovery media sets (as also used to be normal), instead of relying on software that usually doesn't work on x64-based Win7 for the user to create the things, everything would be much easier![/rant]

(Sorry. But after literally weeks of struggling with this situation, I'm fed up with it, and Toshiba has advised 2x for me to rewrite the OS...which I consider burning down the house to get rid of a mouse. (i.e.: Extreme to the max.))

reventon · 07 Sep 2010

rdanner3 said:

Trying to figure out if there is a way to legally do an in-place update (i.e.: restore from OEM DVD to original directories, keeping everything I can in place) or if I'm gonna have to finish backing up (almost done... except for way too many DVD images!), restore from Toshiba's partitions, and be two to three weeks

restoring the machine to actually usable with none of the crapware.

A Repair Install sounds like what you require - Repair Install

rdanner3 · 09 Sep 2010

reventon said:

rdanner3 said:

Trying to figure out if there is a way to legally do an in-place update (i.e.: restore from OEM DVD to original directories, keeping everything I can in place) or if I'm gonna have to finish backing up (almost done... except for way too many DVD images!), restore from Toshiba's partitions, and be two to three weeks

restoring the machine to actually usable with none of the crapware.

A Repair Install sounds like what you require - Repair Install

Thanks for the link. Now to locate a proper DVD image for the OEM Win7 Home Premium x64. Toshiba did not include the OS DVD or the Anytime Upgrade DVD. (BAD Toshiba!) and the program that should have created the recovery media fails to run in Windows 7 x64 no matter what I try. (tried all of the compatibility modes, even.) Am not keen on spending US$25 (supposedly shipping and handling!) to receive what should have come with the machine to begin with.

reventon · 09 Sep 2010

Was there a recovery partition on the hard drive at all?

rdanner3 · 10 Sep 2010

reventon said:

Was there a recovery partition on the hard drive at all?

Yes there is, but unfortunately, Toshiba's program only allows for hard format followed by reimaging, which would destroy everything. (Gee, thanks Toshiba! Even HP's smarter than that!)

New set of BSoDs has appeared within last day; PerfMon /report actually caused one of them. ::rolls eyes:: See attached ZIP.

CPU usage has dropped back to nearly normal, but that may be because I did a "clean" boot to try to eliminate as much as possible as causes for the things. Looking more like a hardware issue with every day. Thank goodness I have Best Buy's Black Tie Service (with Accidental Damage (during) Handling rider)...though I do not really like having to use it.

Have found ISO image of Win7 Home Premium x64 DVD, but still not sure if it's worth burning the image to DVD yet. Suggestions?

reventon · 12 Sep 2010

Based on what I see in these last minidumps - it actually looks more of a software problem than hardware.

The reason I think this is because the 3 minidumps were all driver problems and all happened barely seconds into the boot - when boot drivers are still loading.

While in Safe Mode save this program to the desktop: http://live.sysinternals.com/autoruns.exe

Right-click on it -> Select run-as-admin.

In Autoruns, go to Options -> make sure Hide Microsoft and Windows Entries is ticked.

Then, press F5 to reload the page. Once reloaded, go to the Driver Tab and untick the boxes beside everything that is in that list.

Then re-boot into normal mode.

Some things will not work as they should, but if it you are able to run in normal mode without a BSOD then we have made some progress.

The next step is to use the same program to re-enable some of the entries (this can be done in normal mode) and then re-boot and see if you get any problems.

Repeat this procedure until you have isolated the cause. Of course - the possibility still exists that it is hardware problem, but lets just try this first.

Regards,
Reventon

BUGCHECK SUMMARY

Code:


Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Sat Sep 11 11:36:03.939 2010 (GMT+12)
System Uptime: 0 days 0:00:09.578
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
Bugcheck code 0000000A
Arguments 00000000`00000005 00000000`00000002 00000000`00000000 fffff800`02c962b3
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Sat Sep 11 11:04:46.173 2010 (GMT+12)
System Uptime: 0 days 0:00:09.812
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
Bugcheck code 0000000A
Arguments 00000000`00000005 00000000`00000002 00000000`00000000 fffff800`02ca52b3
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Fri Sep 10 06:57:12.846 2010 (GMT+12)
System Uptime: 0 days 0:00:10.110
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
Bugcheck code 0000000A
Arguments 00000000`00000005 00000000`00000002 00000000`00000000 fffff800`02cf32b3
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

BSOD, incomplete dump

BSOD, incomplete dump

Scans were inconclusive.