BSoD on startup, login screen. Driver error

Hello,

On startup today, my computer made 2 chained BSoD:

1. The first one did not write anything to disk (hung after the 'disk initialization' step).
2. The second one actually produced a memory dump. Minidump is attached

After a quick analysis, it appears the error was due to a driver:

Code:

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

However, before enbling the Driver Verifier, I am seeking your help to check if any piece of information could be gathered to focus the verification on some of them with the help of the provided Minidump.

The blamed binary (csrss.exe) has of course nothing to do with those events.

Thanks for any specialized investigator willing to give a hand on the matter.:)

Very little can be done with just a single .dmp file, however, you have a 0xF4. Thats typically a hard disk error.

Run the LONG test of the DOS version of SeaTools as described here:
SeaTools for DOS and Windows - How to Use

There is a driver problem. You underline a link to disks.
Isn't it premature to talk about disk failure?

I reduced checks to disk-related drivers and produced a BSoD (cf. attachment). I will see to update it.

Anything else?

I've interrogated the first .dmp file using WinDBG and no drivers are flagged as a problem.

Since you only ever post a .dmp file - hint : read the instructions for seeking BSOD help - all I can do is take a guess at the error from the many 0xF4 ' s I have seen here. If you think it's premature, I'll leave you to work it out.

I was merely asking a question, there. What I think is no conclusion.

What information are you seeking for? Are you talking about instructions from this thread?
If positive, it is said a ZIP file would be created on my desktop... Nothing there, although I accepted the UAC prompt and the terminal window was busy gathering information around for quite some time.

[EDIT]
I deactivated .vbs scripts on my machine, that is why the archive generation did not work.
I manually created the attached one from the folder where the information has been collected.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {23e, fffffa80128bf2c0, fffff9800366eea0, 0}

*** WARNING: Unable to verify timestamp for iaStorF.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorF.sys
Probably caused by : iaStorF.sys ( iaStorF+1a8e )

Followup: MachineOwner
---------

Remove Intel Rapid Storage Technology applications.

1. Uninstall it from Control Panel > Programs and Features.
2. Uninstall the driver from device manager:
- Right click on "my computer" icon and click "manage" on the context menu.
- In the "Computer Management" window that opens:
- Select "Device Manager" in the left pane, It will list all the existing devices.
- Expand "IDE ATA/ATAPI controllers" by clicking on the triangle in front of it.
- Select one Intel device item under it, right click, then uninstall.
- Repeat the process for all Intel items under "IDE ATA/ATAPI controllers"
3. Now restart the computer.
4. Once booted, Windows will auto configure the appropriate native system driver.

RAID
OK, I removed a stockpiled bunch of different RAID drivers getting activated one after the removal of another...
I ended up with

Code:

\Windows\system32\drivers\iaStorV.sys

for which the Device Manager does not offer any option to delete it. From what I read on the Web, it must be the default driver installed by the system.
It provides the name of my actual hardware Chipset RAID controller, that is thus reassuring.

Back to that state, I used the Driver Verifier to tickle the same driver which produced the last BSoD... and got another one. So disk-related trouble has not reached an end yet.


Hard-disks
I noticed some drivers I thought uninstalled are still there:

Code:

iaStorA      iaStorA                iaStorA                Kernel        Boot       Running    OK         TRUE        FALSE        4ÿ096      1ÿ310ÿ720  0      27/07/2015 11:26:48    C:\Windows\system32\DRIVERS\iaStorA.sys          4ÿ096     
iaStorF      iaStorF                iaStorF                Kernel        Boot       Running    OK         TRUE        FALSE        4ÿ096      12ÿ288     0      27/07/2015 11:27:05    C:\Windows\system32\DRIVERS\iaStorF.sys          4ÿ096

Looking through the Device Manager, I notice that, while the RAID controller is using the correct driver (iaStorV), the disk entries show they use 3 drivers:

Code:

\Windows\system32\drivers\disk.sys
\Windows\system32\drivers\iaStorF.sys
\Windows\system32\drivers\partmgr.sys

Is it safe to uninstall the disk? There is no checkbox to delete any driver, though...?
What should I do to get back to the default iaStorV?


Resources
Attached is provided another Zip archive (purged from past minidumps you already got before).

As an addition, digging into the batch file behind the information collection, I suggest you use the correct way to determine the right Desktop location in Windows 7 (parsing Registry values):

Code:

REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop

When one's move his/her personal folders around, the usual trick of using the 'Desktop' folder of the user's home directory fails to end-up at the right location.

Maybe should you also find a way to start VBS scripts when the default file association is removed, if possible, since you got the UAC prompt elevating the script's privileges when it started.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {23e, fffffa80115862c0, fffff9800496ae50, 0}

*** WARNING: Unable to verify timestamp for ElbyCDFL.sys
*** ERROR: Module load completed but symbols could not be loaded for ElbyCDFL.sys
*** WARNING: Unable to verify timestamp for iaStorF.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorF.sys
Probably caused by : ElbyCDFL.sys ( ElbyCDFL+2453 )

Followup: MachineOwner
---------

1: kd> lmvm ElbyCDFL
start             end                 module name
fffff880`07b97000 fffff880`07ba5000   ElbyCDFL T (no symbols)           
    Loaded symbol image file: ElbyCDFL.sys
    Image path: \SystemRoot\System32\Drivers\ElbyCDFL.sys
    Image name: ElbyCDFL.sys
    Timestamp:        Fri Dec 15 07:52:27 2006 (4581C093)
    CheckSum:         000113B5
    ImageSize:        0000E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Systems with pre-Windows 7 drivers running on Windows 7 are bound to be unstable. I recommend you update all the device drivers on your system.

Generated another BSoD after removal of the problematic (and freshly -un-installed driver)