Subscribe to the RSS feed
Last
updated: 21 Apr 2012
My primary purpose since starting this website has been to help users
solve their BSOD problems.
My secondary purpose is to serve as a repository of knowledge in order
to help others who are helping users solve their BSOD problems.
BSOD analysis isn't all that difficult (but can become incredibly
complex and confusing), and this article will attempt to make it a bit
easier for those interested.
In case you're wondering, here's a link to how I first started doing
BSOD analysis for users: http://www.carrona.org/dbgrpt.html
and here's how I do it now: http://www.carrona.org/howidoit.html
Please note that some of the sub-steps here may difficult for you to
do. That's not a problem. This article is setup to work you
through the steps that we follow in analyzing your BSOD issues.
If you can't do a step, make a note of it and post to the forums for
assistance with it.
Table of
Contents:
- Initial Diagnostics
- Windows Updates/Service Packs and Driver Updates
- 3rd Party Drivers
- Hardware (you may want to switch the order of
these last 2 - as doing the Windows stuff may be easier than
troubleshooting the hardware).
- Windows
Initial Diagnostics:
These consist of 3 sets of tests. All have bootable options so
you can run them even if you can't get into Windows. Located
at: http://www.carrona.org/initdiag.html
H/W
Diagnostics:
Please start by running these bootable
hardware diagnostics:
http://www.carrona.org/memdiag.html
(read the details at the link)
http://www.carrona.org/hddiag.html
(read the details at the link) - Test ALL of
the hard drives.
Also, please run one of these free, independent online malware scans to
ensure that your current protection hasn't been compromised: http://www.carrona.org/malware.html
(read the details at the link)
There are also free, bootable
antivirus disks at this link: http://www.carrona.org/malware.html#rescue
Additional free diagnostics here: http://www.carrona.org/addldiag.html
Full list of free diagnostics here: http://www.carrona.org/hwdiag.html
Windows Updates/Service Packs and Driver Updates:
If you have all Service Packs and Windows Update says that you're
up-to-date, then you're good to move on to the next step.
If not, the first step is to update your drivers on your system (from
the PC Manufacturer's website) and then update and install all Service
Packs and Windows Updates.
Installing Service Packs
1. Visit the PC manufacturer's website and update ALL
drivers. DO NOT
use Windows Update or the "Update drivers"
function of Device Manager.
2. Check Device Manager for any unknown/disabled devices - if
there are unknown/disabled devices, fix them with the latest drivers
from the device manufacturer's website (not the PC Manufacturer)
3. Visit Windows Update and get all updates (may take repeated
visits)
4. Visit Windows Update and get the Service Pack (usually under
Important Updates).
- Read these notes for installing
Windows 7
SP1: http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1
and
http://support.microsoft.com/kb/2505743
- Read these notes for installing
Vista SP1:
http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-1-SP1
- Read these notes for installing
Vista SP2:
http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-2-SP2
5. Visit Windows Update and get any other available
updates. May take repeated visits, but keep it up until you get
several "Windows is updated" results.
- As of April 2010, Win 7 has
more than 70 updates after SP1, Vista has 300 to 350 after SP2.
You can view them using systeminfo.exe from an elevated (Run as
administrator) Command Prompt.
If you're having difficulties with installing a Service Pack, please
use the SURTool from this link: http://windows.microsoft.com/en-US/windows7/What-is-the-System-Update-Readiness-Tool
If not able to install updates or Service Packs - stop here and post in
the forums for update assistance. The system has to be updated
before proceeding further.
Note for the transition into the
next section:
At this point we're going to start looking at the stuff from the memory
dumps. Here's a link on how to setup the Windows Debugging
Tools: http://www.carrona.org/dbgrpt.html
Please note that it may seem rather long and intimidating. Just
follow the instructions line-by-line until you've finished all the
steps. Again, as always, if you have problems don't hesitate to
post over in the forums for assistance.
We request other files in the forums using this link: http://www.sysnative.com/forums/showthread.php/68-Blue-Screen-of-Death-%28BSOD%29-Posting-Instructions-Windows-7-amp-Vista
We get other information on your system using these files, so they're
important to have even if you're not using them right now.
3rd Party Drivers:
3rd party drivers are the most common causes of BSOD's in most
systems. So our first steps are to eliminate possible problems
from this category.
We're dealing with drivers that are:
- named in the memory dump(s)
- incompatible
- corrupted
- outdated/older
- or just plain ornery!
Some important general
concepts:
- Get the most updated drivers available when updating drivers.
These come from the device manufacturer - NOT from
the PC Manufacturer, Windows Update, or the Update Driver function in
Device Manager
- It's better to remove a driver (and it's associated device) if you
suspect it of causing issues. If you can't remove the device,
then disable it in the BIOS. Disabling devices in Windows lets
the drivers load before the device is disabled, so that's the least
preferred method.
- It's best to uninstall a program rather than to just remove the
driver. And this goes even if you're updating a driver package.
First - Uninstall the
driver package/software
Second - Reboot (if
necessary). If unsure, reboot anyway.
Third - Install the
freshly downloaded copy of the latest driver package certified as
compatible for your OS
Fourth - Reboot again
In the above example for installing the Debugging Tools for Windows it
shows the commands lmtn;lmtsmn Use those to generate a list of
the drivers present in that memory dump. They'll look like this:
[CODE]
fffffa60`18f0a000 fffffa60`18fad000
HTTP HTTP.sys Sat Feb
20 16:30:05 2010 (4B80545D)
fffffa60`00ea6000 fffffa60`00eb1000 i2omp
i2omp.sys Sat Jan 19 01:28:59 2008 (479198AB)
fffffa60`03cf4000 fffffa60`03d0a000 i8042prt i8042prt.sys
Sat Jan 19 01:28:08 2008 (47919878)
fffffa60`00b2d000 fffffa60`00bf4000 iastorv
iastorv.sys Fri Sep 28 14:32:10 2007 (46FD48AA)
fffffa60`02c01000 fffffa60`0361fb60 igdkmd64 igdkmd64.sys
Wed Aug 25 15:35:58 2010 (4C75709E)
fffffa60`00eb1000 fffffa60`00ec2000 iirsp
iirsp.sys Tue Dec 13 16:47:54 2005 (439F418A)
fffffa60`07799000 fffffa60`077bd000 IntcHdmi IntcHdmi.sys
Tue Jul 15 11:20:41 2008 (487CC049)
fffffa60`00a70000 fffffa60`00a78000 intelide intelide.sys
Mon Jun 02 21:43:01 2008 (4844A1A5)
[/CODE]
Please note that the stuff in the column with the names that end in
.sys are the drivers - and the date/time stuff following it is the
date/timestamp of the driver. The one's in this example are all
older (2005 to 2008), with only 2 being from 2010 (and one is a
graphics/video driver!)
Armed with that list, research the drivers here: http://www.carrona.org/dvrref.php
(there's a search function at the top of the table - or you can just
scroll down alphabetically). This is the Driver Reference Table
(referred to as "DRT" through
the rest of this topic).
Have coffee on hand because this is the boring part! :0)
Disregard any Windows drivers - they're color coded RED in the DRT.
When going through the table you want to identify any drivers that are
older than the OS (see dates in this table: http://www.carrona.org/winreldt.html
). Later on we'll refine this, and will work up the table in year
date (with some exceptions for things like video drivers and
antivirus/internet security software).
Also keep your eyes open for cautions listed in the table. You'll
find that there are several drivers mentioned that aren't compatible
with the OS. Make sure that those are removed from the system
while testing. Feel free to reinstall the latest compatible
version of the software once the system is stabilized again (if you
want to chance it!).
Scanning the DRT is the most
important thing that you can do. If you can't locate a driver,
post in the forums and we'll help locate it. The DRT was setup for this purpose - to
help users locate problem drivers and find the updates for them.
If the system is still BSOD'ing, then work up the drivers in date
order. Update, at a minimum, to ensure that all 2009 and earlier
drivers are updated (you may not be able to get 100% of them - but
you've got to get as many as you can). Ensure that your video
drivers and your antivirus/internet security programs are the most
current available.
Hardware:
It may be easier for you to do the Windows stuff first (your
choice). So scroll down and read the Windows instructions to see
which you want to try first.
We break hardware errors down into these categories:
- Borked (broken) hardware
- Overclocking
- Compatibility issues
- Low-level driver problems
- Malware
- BIOS (but ask about this before trying it)
Since it's your system, you'll know if it's overclocked or not.
That means any component in the system - not just the CPU. The
point here is that, if it is overclocked, return the system to stock
values to see if that stops the BSOD's. If it's not overclocked,
then don't worry about it. Feel free to resume overclocking once
the system has been stabilized.
Compatibility and low-level driver problems should have been taken care
of when looking at 3rd party drivers - so we assume that they're fixed
for now.
Malware should have been dealt with at the outset - with the initial
diagnostics.
All that leaves is borked hardware - so there's procedures for seeing
if we can identify it.
First is the remainder of the free diagnostics listed here: http://www.carrona.org/addldiag.html
And next is the hardware stripdown process posted here: http://www.carrona.org/strpdown.html
Lastly is the BIOS update section. This isn't for the
faint of heart as you can turn your nice, shiny computer into something
that's only fit to be used as a door stop or a boat anchor. A bad
BIOS flash can render your system unbootable until you replace the
motherboard!!! Post in the forums if you think that this is a
concern!
With BIOS updates it's essential that you read the update information
to see if the update might apply to the problem that you're
having. If it does, then the update is advisable, but if it
doesn't mention your problem - then you've got to weigh the risks and
rewards. By this I mean that some "fixes" aren't evident in the
readme information on the update - so the update my fix your problem
even if it doesn't specifically state so. I've flashed numerous
BIOS' in my career - and haven't had a problem with any. But
every time I do it, I still feel the pucker factor rise within
me! Good luck!
Windows:
The most important thing you can do is to update Windows. More
problems can be solved by this simple step than all the other
troubleshooting that we do. Problems updating usually revolve
around older drivers or malware infections - so use the tools described
above to ensure that you've taken care of all the details.
Sometimes malware infections can cause damage that's not easily visible
(and may not be repaired by the various removal tools). One
common problem is messed up permissions - either in the file system or
in the registry. I use SubInACL to reset the permissions (then
you've usually got to rerun all the malware removal tools that you ran
before you got to this point). Instructions are here (thanks to
jenae): http://www.techsupportforum.com/forums/f217/solved-device-manager-is-blank-545563-2.html#post3104592
You can repair startup problems with Startup Repair. Here's some
links:
Win7: http://www.sevenforums.com/tutorials/681-startup-repair.html
Vista: http://www.vistax64.com/tutorials/91467-startup-repair.html
Also accessible through Startup Repair is System Restore. It can
help you go back to a point before the problem occurred (and it's the
most common way to fix the Black Screen of Death).
SFC.EXE /SCANNOW is run from an elevated (Run as administrator) Commnad
Prompt. It's purpose is to check and repair any of the thousands
of protected system files.
If you can boot into Windows, you can perform a repair install (XP was
the last OS to permit a repair install from outside of Windows)
Win7: http://www.sevenforums.com/tutorials/3413-repair-install.html
Vista: http://www.vistax64.com/tutorials/88236-repair-install-vista.html
You can also reinstall Windows using your recovery disks or the
recovery partition. In most cases this will wipe the drive clean,
so backup your stuff.
The last diagnostic tool that I'll mention is the
Backup,
Wipe, and "Clean Install" of Windows
For testing purposes, it's best to install Windows "clean".
This is, basically, installing it the way that Microsoft intended
(using drivers from Windows Update).
This procedure is for Windows 7 and Vista.
You will need your installation/recovery DVD(s) before you start.
Once you wipe the hard drive there's no going back!!!
1. Backup all your data.
This will wipe everything off of your hard drive, so anything that you
want to keep will need to be saved elsewhere.
NOTE:
If this is due to an infection, remember to scan
the data with another system's current antivirus in order to locate and
remove any malware.
NOTE:
Disconnect any additional hard drives (internal and external) that you
may have installed. This may break any multi-boot setups that you
have, so be prepared to conduct recovery operations on them once you're
done. Don't forget that, if this is due to an infection, the
additional hard drives may be infected also.
2. Connect the system to the internet (if the system says
disconnect from the Internet, then do so).
3. Use one of these free utilities to wipe the hard drive clean:
DBAN ( http://www.dban.org/download
)
KillDisk ( http://www.killdisk.com/downloadfree.htm
).
This will also delete any recovery partitions on the system - so the
installation/recovery DVD's are essential!!!
4. Install Windows by booting from the installation/recovery DVD
- DO NOT
tweak any settings!!!
5. Visit Windows Update and get all updates
6. Check Device Manager for any unknown/disabled devices - if
there are unknown/disabled devices, fix them with the latest drivers
from the device manufacturer's website (not the PC Manufacturer)
7. Visit Windows Update and get the Service Packs for your
system. (usually under
Important Updates).
Read these notes for installing Windows 7 SP1:
http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1
and
http://support.microsoft.com/kb/2505743
Read these notes for installing Vista SP1:
http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-1-SP1
Read these notes for installing Vista SP2:
http://windows.microsoft.com/en-US/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-2-SP2
Search Google/Bing for installing other OS's Service Packs.
8. Visit Windows Update and get any other available updates
9. Download, install, and update a free antivirus so you don't
get infected while testing ( http://www.carrona.org/freeav.html
).
If the problems persist,
then the problem is most likely with your hardware.
CAVEAT:
If you have an Asus motherboard, check the
date on the C:\Windows\System32\driver\ASACPI.sys file. 2004/2005
is a problem, 2009/2010 is OK. Updates are available at the Asus
support website.
CAVEAT:
If you have a Sony system, make sure that
you DO NOT have the 2007 (or earlier) version of the Sony Firmware
Extension Parser (SFEP.sys). Update this driver immediately!!!