http://www.carrona.org
MVP Logo John Carrona
Windows Expert - Consumer
Most Popular Pages:
BSOD Index                         Driver Reference Table (DRT)

Hard Drive Diagnostics        Memory Diagnostics
Quick Links to the different sections:
Family                BSOD                Registry                Diagnostics 

Boot                   Memory             Windows              Misc
RSS Feed Subscribe to the RSS feed
Last updated:  21 Apr 2012

My primary purpose since starting this website has been to help users solve their BSOD problems.
My secondary purpose is to serve as a repository of knowledge in order to help others who are helping users solve their BSOD problems.

BSOD analysis isn't all that difficult (but can become incredibly complex and confusing), and this article will attempt to make it a bit easier for those interested.
In case you're wondering, here's a link to how I first started doing BSOD analysis for users:  http://www.carrona.org/dbgrpt.html
and here's how I do it now:  http://www.carrona.org/howidoit.html

Please note that some of the sub-steps here may difficult for you to do.  That's not a problem.  This article is setup to work you through the steps that we follow in analyzing your BSOD issues.  If you can't do a step, make a note of it and post to the forums for assistance with it.


Table of Contents:
- Initial Diagnostics
- Windows Updates/Service Packs and Driver Updates
- 3rd Party Drivers
- Hardware (you may want to switch the order of these last 2 - as doing the Windows stuff may be easier than troubleshooting the hardware).
- Windows


Initial Diagnostics:
These consist of 3 sets of tests.  All have bootable options so you can run them even if you can't get into Windows.  Located at:  http://www.carrona.org/initdiag.html

H/W Diagnostics:
Please start by running these bootable hardware diagnostics:
http://www.carrona.org/memdiag.html (read the details at the link)
http://www.carrona.org/hddiag.html (read the details at the link) - Test ALL of the hard drives.

Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised:  http://www.carrona.org/malware.html (read the details at the link)
There are also free, bootable antivirus disks at this link: http://www.carrona.org/malware.html#rescue

Additional free diagnostics here:  http://www.carrona.org/addldiag.html
Full list of free diagnostics here:  http://www.carrona.org/hwdiag.html

Windows Updates/Service Packs and Driver Updates:
If you have all Service Packs and Windows Update says that you're up-to-date, then you're good to move on to the next step.

If not, the first step is to update your drivers on your system (from the PC Manufacturer's website) and then update and install all Service Packs and Windows Updates.

Installing Service Packs
1.  Visit the PC manufacturer's website and update ALL drivers.  DO NOT use Windows Update or the "Update drivers" function of Device Manager.
2.  Check Device Manager for any unknown/disabled devices - if there are unknown/disabled devices, fix them with the latest drivers from the device manufacturer's website (not the PC Manufacturer)
3.  Visit Windows Update and get all updates (may take repeated visits)
4.  Visit Windows Update and get the Service Pack (usually under Important Updates).
        - Read these notes for installing Windows 7 SP1http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1 and  http://support.microsoft.com/kb/2505743
        - Read these notes for installing Vista SP1http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-1-SP1
        - Read these notes for installing Vista SP2http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-2-SP2
5.  Visit Windows Update and get any other available updates.  May take repeated visits, but keep it up until you get several "Windows is updated" results.
         - As of April 2010, Win 7 has more than 70 updates after SP1, Vista has 300 to 350 after SP2.  You can view them using systeminfo.exe from an elevated (Run as administrator) Command Prompt.
If you're having difficulties with installing a Service Pack, please use the SURTool from this link:  http://windows.microsoft.com/en-US/windows7/What-is-the-System-Update-Readiness-Tool


If not able to install updates or Service Packs - stop here and post in the forums for update assistance.  The system has to be updated before proceeding further.

Note for the transition into the next section:
At this point we're going to start looking at the stuff from the memory dumps.  Here's a link on how to setup the Windows Debugging Tools:  http://www.carrona.org/dbgrpt.html
Please note that it may seem rather long and intimidating.  Just follow the instructions line-by-line until you've finished all the steps.  Again, as always, if you have problems don't hesitate to post over in the forums for assistance.

We request other files in the forums using this link:  http://www.sysnative.com/forums/showthread.php/68-Blue-Screen-of-Death-%28BSOD%29-Posting-Instructions-Windows-7-amp-Vista  We get other information on your system using these files, so they're important to have even if you're not using them right now.


3rd Party Drivers:
3rd party drivers are the most common causes of BSOD's in most systems.  So our first steps are to eliminate possible problems from this category.

We're dealing with drivers that are:
- named in the memory dump(s)
- incompatible
- corrupted
- outdated/older
- or just plain ornery!

Some important general concepts:
- Get the most updated drivers available when updating drivers.  These come from the device manufacturer - NOT from the PC Manufacturer, Windows Update, or the Update Driver function in Device Manager

- It's better to remove a driver (and it's associated device) if you suspect it of causing issues.  If you can't remove the device, then disable it in the BIOS.  Disabling devices in Windows lets the drivers load before the device is disabled, so that's the least preferred method.

- It's best to uninstall a program rather than to just remove the driver.  And this goes even if you're updating a driver package.
First - Uninstall the driver package/software
Second - Reboot (if necessary).  If unsure, reboot anyway.
Third - Install the freshly downloaded copy of the latest driver package certified as compatible for your OS
Fourth - Reboot again

In the above example for installing the Debugging Tools for Windows it shows the commands lmtn;lmtsmn  Use those to generate a list of the drivers present in that memory dump.  They'll look like this:
[CODE]
fffffa60`18f0a000 fffffa60`18fad000   HTTP     HTTP.sys     Sat Feb 20 16:30:05 2010 (4B80545D)
fffffa60`00ea6000 fffffa60`00eb1000   i2omp    i2omp.sys    Sat Jan 19 01:28:59 2008 (479198AB)
fffffa60`03cf4000 fffffa60`03d0a000   i8042prt i8042prt.sys Sat Jan 19 01:28:08 2008 (47919878)
fffffa60`00b2d000 fffffa60`00bf4000   iastorv  iastorv.sys  Fri Sep 28 14:32:10 2007 (46FD48AA)
fffffa60`02c01000 fffffa60`0361fb60   igdkmd64 igdkmd64.sys Wed Aug 25 15:35:58 2010 (4C75709E)
fffffa60`00eb1000 fffffa60`00ec2000   iirsp    iirsp.sys    Tue Dec 13 16:47:54 2005 (439F418A)
fffffa60`07799000 fffffa60`077bd000   IntcHdmi IntcHdmi.sys Tue Jul 15 11:20:41 2008 (487CC049)
fffffa60`00a70000 fffffa60`00a78000   intelide intelide.sys Mon Jun 02 21:43:01 2008 (4844A1A5)
[/CODE]
Please note that the stuff in the column with the names that end in .sys are the drivers - and the date/time stuff following it is the date/timestamp of the driver.  The one's in this example are all older (2005 to 2008), with only 2 being from 2010 (and one is a graphics/video driver!)

Armed with that list, research the drivers here:  http://www.carrona.org/dvrref.php (there's a search function at the top of the table - or you can just scroll down alphabetically).  This is the Driver Reference Table (referred to as "DRT" through the rest of this topic).
Have coffee on hand because this is the boring part! :0)

Disregard any Windows drivers - they're color coded RED in the DRT.

When going through the table you want to identify any drivers that are older than the OS (see dates in this table:  http://www.carrona.org/winreldt.html ).  Later on we'll refine this, and will work up the table in year date (with some exceptions for things like video drivers and antivirus/internet security software).

Also keep your eyes open for cautions listed in the table.  You'll find that there are several drivers mentioned that aren't compatible with the OS.  Make sure that those are removed from the system while testing.   Feel free to reinstall the latest compatible version of the software once the system is stabilized again (if you want to chance it!).

Scanning the DRT is the most important thing that you can do.  If you can't locate a driver, post in the forums and we'll help locate it.  The DRT was setup for this purpose - to help users locate problem drivers and find the updates for them.

If the system is still BSOD'ing, then work up the drivers in date order.  Update, at a minimum, to ensure that all 2009 and earlier drivers are updated (you may not be able to get 100% of them - but you've got to get as many as you can).  Ensure that your video drivers and your antivirus/internet security programs are the most current available.


Hardware:  It may be easier for you to do the Windows stuff first (your choice).  So scroll down and read the Windows instructions to see which you want to try first.

We break hardware errors down into these categories:
- Borked (broken) hardware
- Overclocking
- Compatibility issues
- Low-level driver problems
- Malware
- BIOS (but ask about this before trying it)

Since it's your system, you'll know if it's overclocked or not.  That means any component in the system - not just the CPU.  The point here is that, if it is overclocked, return the system to stock values to see if that stops the BSOD's.  If it's not overclocked, then don't worry about it.  Feel free to resume overclocking once the system has been stabilized.

Compatibility and low-level driver problems should have been taken care of when looking at 3rd party drivers - so we assume that they're fixed for now.

Malware should have been dealt with at the outset - with the initial diagnostics.

All that leaves is borked hardware - so there's procedures for seeing if we can identify it.
First is the remainder of the free diagnostics listed here:  http://www.carrona.org/addldiag.html
And next is the hardware stripdown process posted here:  http://www.carrona.org/strpdown.html

Lastly is the BIOS update section.  This isn't for the faint of heart as you can turn your nice, shiny computer into something that's only fit to be used as a door stop or a boat anchor.  A bad BIOS flash can render your system unbootable until you replace the motherboard!!!  Post in the forums if you think that this is a concern! 

With BIOS updates it's essential that you read the update information to see if the update might apply to the problem that you're having.  If it does, then the update is advisable, but if it doesn't mention your problem - then you've got to weigh the risks and rewards.  By this I mean that some "fixes" aren't evident in the readme information on the update - so the update my fix your problem even if it doesn't specifically state so.  I've flashed numerous BIOS' in my career - and haven't had a problem with any.  But every time I do it, I still feel the pucker factor rise within me!  Good luck!

Windows:

The most important thing you can do is to update Windows.  More problems can be solved by this simple step than all the other troubleshooting that we do.  Problems updating usually revolve around older drivers or malware infections - so use the tools described above to ensure that you've taken care of all the details.

Sometimes malware infections can cause damage that's not easily visible (and may not be repaired by the various removal tools).  One common problem is messed up permissions - either in the file system or in the registry.  I use SubInACL to reset the permissions (then you've usually got to rerun all the malware removal tools that you ran before you got to this point).  Instructions are here (thanks to jenae):  http://www.techsupportforum.com/forums/f217/solved-device-manager-is-blank-545563-2.html#post3104592

You can repair startup problems with Startup Repair.  Here's some links:
    Win7:  http://www.sevenforums.com/tutorials/681-startup-repair.html
    Vista:  http://www.vistax64.com/tutorials/91467-startup-repair.html

Also accessible through Startup Repair is System Restore.  It can help you go back to a point before the problem occurred (and it's the most common way to fix the Black Screen of Death).

SFC.EXE /SCANNOW is run from an elevated (Run as administrator) Commnad Prompt.  It's purpose is to check and repair any of the thousands of protected system files.

If you can boot into Windows, you can perform a repair install (XP was the last OS to permit a repair install from outside of Windows)
    Win7:  http://www.sevenforums.com/tutorials/3413-repair-install.html
    Vista:  http://www.vistax64.com/tutorials/88236-repair-install-vista.html

You can also reinstall Windows using your recovery disks or the recovery partition.  In most cases this will wipe the drive clean, so backup your stuff.

The last diagnostic tool that I'll mention is the
Backup, Wipe, and "Clean Install" of Windows

For testing purposes, it's best to install Windows "clean".
This is, basically, installing it the way that Microsoft intended (using drivers from Windows Update).
This procedure is for Windows 7 and Vista.

You will need your installation/recovery DVD(s) before you start.  Once you wipe the hard drive there's no going back!!!

1.  Backup all your data. 
This will wipe everything off of your hard drive, so anything that you want to keep will need to be saved elsewhere.

NOTE: If this is due to an infection, remember to scan the data with another system's current antivirus in order to locate and remove any malware.
NOTE: Disconnect any additional hard drives (internal and external) that you may have installed.  This may break any multi-boot setups that you have, so be prepared to conduct recovery operations on them once you're done.  Don't forget that, if this is due to an infection, the additional hard drives may be infected also.

2.  Connect the system to the internet (if the system says disconnect from the Internet, then do so).

3.  Use one of these free utilities to wipe the hard drive clean:
DBAN ( http://www.dban.org/download )
KillDisk ( http://www.killdisk.com/downloadfree.htm ). 
This will also delete any recovery partitions on the system - so the installation/recovery DVD's are essential!!!

4.  Install Windows by booting from the installation/recovery DVD - DO NOT tweak any settings!!!

5.  Visit Windows Update and get all updates

6.  Check Device Manager for any unknown/disabled devices - if there are unknown/disabled devices, fix them with the latest drivers from the device manufacturer's website (not the PC Manufacturer)

7.  Visit Windows Update and get the Service Packs for your system. (usually under Important Updates). 
Read these notes for installing Windows 7 SP1http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1 and  http://support.microsoft.com/kb/2505743
Read these notes for installing Vista SP1http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-1-SP1
Read these notes for installing Vista SP2http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-2-SP2
Search Google/Bing for installing other OS's Service Packs.

8.  Visit Windows Update and get any other available updates

9.  Download, install, and update a free antivirus so you don't get infected while testing ( http://www.carrona.org/freeav.html ).

If the problems persist, then the problem is most likely with your hardware.

CAVEAT:  If you have an Asus motherboard, check the date on the C:\Windows\System32\driver\ASACPI.sys file.  2004/2005 is a problem, 2009/2010 is OK.  Updates are available at the Asus support website.

CAVEAT:  If you have a Sony system, make sure that you DO NOT have the 2007 (or earlier) version of the Sony Firmware Extension Parser (SFEP.sys).  Update this driver immediately!!!